include.preload.js - Issue 29423612: Issue 4586 - Prevent access to shadowRoot via contentWindow

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: include.preload.js

Issue 29423612: Issue 4586 - Prevent access to shadowRoot via contentWindow (Closed) Base URL: https://hg.adblockplus.org/adblockpluschrome/

Patch Set: Prevent access to shadowRoot via contentWindow Created April 27, 2017, 9:04 p.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: include.preload.js

===================================================================

--- a/include.preload.js

+++ b/include.preload.js

@@ -574,27 +574,60 @@

// Stop the website from messing with our shadow root (#4191, #4298).

if ("shadowRoot" in Element.prototype)

{

runInPageContext(() =>

{

let ourShadowRoot = document.documentElement.shadowRoot;

if (!ourShadowRoot)

return;

- let desc = Object.getOwnPropertyDescriptor(Element.prototype,

- "shadowRoot");

- let shadowRoot = Function.prototype.call.bind(desc.get);

+ let defineProperty = Object.defineProperty.bind(Object);

+ let shadowRootDesc = Object.getOwnPropertyDescriptor(Element.prototype,

+ "shadowRoot");

+ let getShadowRoot = Function.prototype.call.bind(shadowRootDesc.get);

+ shadowRootDesc.get = function()

+ {

+ let shadowRoot = getShadowRoot(this);

+ return shadowRoot == ourShadowRoot ? null : shadowRoot;

+ };

+ defineProperty(Element.prototype, "shadowRoot", shadowRootDesc);

+ let contentWindowDesc = Object.getOwnPropertyDescriptor(

+ HTMLIFrameElement.prototype,

+ "contentWindow");

+ let getContentWindow = Function.prototype.call.bind(

+ contentWindowDesc.get);

- Object.defineProperty(Element.prototype, "shadowRoot", {

- configurable: true, enumerable: true, get()

+ let sandboxDesc = Object.getOwnPropertyDescriptor(

+ HTMLIFrameElement.prototype,

+ "sandbox");

+ let getSandbox = Function.prototype.call.bind(sandboxDesc.get);

+ contentWindowDesc.get = function()

+ {

+ let contentWindow = getContentWindow(this);

+ if (getSandbox(this).contains("allow-same-origin"))

{

- let thisShadow = shadowRoot(this);

- return thisShadow == ourShadowRoot ? null : thisShadow;

+ defineProperty(contentWindow.Element.prototype, "shadowRoot",

+ shadowRootDesc);

+ defineProperty(contentWindow.HTMLIFrameElement.prototype,

+ "contentWindow", contentWindowDesc);

}

- });

+ return contentWindow;

+ };

+ defineProperty(HTMLIFrameElement.prototype, "contentWindow",

+ contentWindowDesc);

}, null);

}

return shadow;

addSelectors(selectors, filters)

{

« no previous file with comments | « no previous file | no next file » | no next file with comments »