include.preload.js - Issue 29423612: Issue 4586 - Prevent access to shadowRoot via contentWindow

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: include.preload.js

Issue 29423612: Issue 4586 - Prevent access to shadowRoot via contentWindow (Closed) Base URL: https://hg.adblockplus.org/adblockpluschrome/

Patch Set: Prevent access to shadowRoot via contentWindow Created April 27, 2017, 9:04 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-2017 eyeo GmbH	3 * Copyright (C) 2006-2017 eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 561 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
572 shadow.appendChild(document.createElement("shadow"));	572 shadow.appendChild(document.createElement("shadow"));

573	573

574 // Stop the website from messing with our shadow root (#4191, #4298).	574 // Stop the website from messing with our shadow root (#4191, #4298).

575 if ("shadowRoot" in Element.prototype)	575 if ("shadowRoot" in Element.prototype)

576 {	576 {

577 runInPageContext(() =>	577 runInPageContext(() =>

578 {	578 {

579 let ourShadowRoot = document.documentElement.shadowRoot;	579 let ourShadowRoot = document.documentElement.shadowRoot;

580 if (!ourShadowRoot)	580 if (!ourShadowRoot)

581 return;	581 return;

582 let desc = Object.getOwnPropertyDescriptor(Element.prototype,

583 "shadowRoot");

584 let shadowRoot = Function.prototype.call.bind(desc.get);

585	582

586 Object.defineProperty(Element.prototype, "shadowRoot", {	583 let defineProperty = Object.defineProperty.bind(Object);

587 configurable: true, enumerable: true, get()	584

	585 let shadowRootDesc = Object.getOwnPropertyDescriptor(Element.prototype,

	586 "shadowRoot");

	587 let getShadowRoot = Function.prototype.call.bind(shadowRootDesc.get);

	588

	589 shadowRootDesc.get = function()

	590 {

	591 let shadowRoot = getShadowRoot(this);

	592 return shadowRoot == ourShadowRoot ? null : shadowRoot;

	593 };

	594

	595 defineProperty(Element.prototype, "shadowRoot", shadowRootDesc);

	596

	597 let contentWindowDesc = Object.getOwnPropertyDescriptor(

	598 HTMLIFrameElement.prototype,

	599 "contentWindow");

	600 let getContentWindow = Function.prototype.call.bind(

	601 contentWindowDesc.get);

	602

	603 let sandboxDesc = Object.getOwnPropertyDescriptor(

	604 HTMLIFrameElement.prototype,

	605 "sandbox");

	606 let getSandbox = Function.prototype.call.bind(sandboxDesc.get);

	607

	608 contentWindowDesc.get = function()

	609 {

	610 let contentWindow = getContentWindow(this);

	611

	612 if (getSandbox(this).contains("allow-same-origin"))

588 {	613 {

589 let thisShadow = shadowRoot(this);	614 defineProperty(contentWindow.Element.prototype, "shadowRoot",

590 return thisShadow == ourShadowRoot ? null : thisShadow;	615 shadowRootDesc);

	616

	617 defineProperty(contentWindow.HTMLIFrameElement.prototype,

	618 "contentWindow", contentWindowDesc);

591 }	619 }

592 });	620

	621 return contentWindow;

	622 };

	623

	624 defineProperty(HTMLIFrameElement.prototype, "contentWindow",

	625 contentWindowDesc);

593 }, null);	626 }, null);

594 }	627 }

595	628

596 return shadow;	629 return shadow;

597 },	630 },

598	631

599 addSelectors(selectors, filters)	632 addSelectors(selectors, filters)

600 {	633 {

601 if (selectors.length == 0)	634 if (selectors.length == 0)

602 return;	635 return;

(...skipping 86 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
689 checkCollapse(event.target);	722 checkCollapse(event.target);

690 }, true);	723 }, true);

691	724

692 document.addEventListener("load", event =>	725 document.addEventListener("load", event =>

693 {	726 {

694 let element = event.target;	727 let element = event.target;

695 if (/^i?frame$/.test(element.localName))	728 if (/^i?frame$/.test(element.localName))

696 checkCollapse(element);	729 checkCollapse(element);

697 }, true);	730 }, true);

698 }	731 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »