inject.preload.js - Issue 29586710: Issue 5382 - Wrap DOM mutation APIs to protect frames

Delta Between Two Patch Sets: inject.preload.js

Issue 29586710: Issue 5382 - Wrap DOM mutation APIs to protect frames (Closed) Base URL: https://hg.adblockplus.org/adblockpluschrome/

Left Patch Set: Rebase Created Feb. 21, 2018, 4:30 p.m.

Right Patch Set: Bind function to Function.prototype.apply and handle missing descriptors Created Feb. 21, 2018, 4:31 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-present eyeo GmbH	3 * Copyright (C) 2006-present eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 63 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
74	74

75 function injectIntoAllFrames()	75 function injectIntoAllFrames()

76 {	76 {

77 for (let i = 0; i < window.length; i++)	77 for (let i = 0; i < window.length; i++)

78 injectIntoContentWindow(window[i]);	78 injectIntoContentWindow(window[i]);

79 }	79 }

80	80

81 function wrapAPIForInjection(object, api, callback)	81 function wrapAPIForInjection(object, api, callback)

82 {	82 {

83 let func = object[api];	83 let func = object[api];

84 object[api] = function(...args)	84 if (!func \|\| typeof func != "function")

85 {	85 return;

86 let returnValue = func.apply(this, args);	86 let applyFunc = Function.prototype.apply.bind(func);

87 callback(returnValue);	87 Object.defineProperty(object, api, {

88 return returnValue;	88 value(...args)

89 };	89 {

	90 let returnValue = applyFunc(this, args);

	91 callback(returnValue);

	92 return returnValue;

	93 }

	94 });

90 }	95 }

91	96

92 function wrapPropertyAPIForInjection(object, api, method, callback)	97 function wrapPropertyAPIForInjection(object, api, method, callback)

93 {	98 {

94 let descriptor = Object.getOwnPropertyDescriptor(object, api);	99 let descriptor = Object.getOwnPropertyDescriptor(object, api);

	100 // Apparently HTMLObjectElement.prototype.contentWindow does not exist in

	101 // older versions of Chrome such as 42.

	102 if (!descriptor)

	103 return;

95 wrapAPIForInjection(descriptor, method, callback);	104 wrapAPIForInjection(descriptor, method, callback);

96 Object.defineProperty(object, api, descriptor);	105 Object.defineProperty(object, api, descriptor);

97 }	106 }

98	107

99 wrapAPIForInjection(Node.prototype, "appendChild", injectIntoAllFrames);	108 wrapAPIForInjection(Node.prototype, "appendChild", injectIntoAllFrames);

100 wrapAPIForInjection(Node.prototype, "insertBefore", injectIntoAllFrames);	109 wrapAPIForInjection(Node.prototype, "insertBefore", injectIntoAllFrames);

101 wrapAPIForInjection(Node.prototype, "replaceChild", injectIntoAllFrames);	110 wrapAPIForInjection(Node.prototype, "replaceChild", injectIntoAllFrames);

102	111

103 wrapPropertyAPIForInjection(Element.prototype,	112 wrapPropertyAPIForInjection(Element.prototype,

104 "innerHTML", "set", injectIntoAllFrames);	113 "innerHTML", "set", injectIntoAllFrames);

105	114

106 wrapPropertyAPIForInjection(HTMLObjectElement.prototype,	115 wrapPropertyAPIForInjection(HTMLObjectElement.prototype,

107 "contentWindow", "get", injectIntoContentWindow);	116 "contentWindow", "get", injectIntoContentWindow);

108 wrapPropertyAPIForInjection(HTMLObjectElement.prototype,	117 wrapPropertyAPIForInjection(

109 "contentDocument", "get",	118 HTMLObjectElement.prototype,

110 doc => injectIntoContentWindow(doc.defaultView));	119 "contentDocument", "get",

	120 contentDocument =>

	121 {

	122 if (contentDocument)

	123 injectIntoContentWindow(contentDocument.defaultView);

	124 }

	125 );

111	126

112 /*	127 /*

113 * Shadow root getter wrapper	128 * Shadow root getter wrapper

114 *	129 *

115 * After creating our shadowRoot we must wrap the getter to prevent the	130 * After creating our shadowRoot we must wrap the getter to prevent the

116 * website from accessing it (#4191, #4298). This is required as a	131 * website from accessing it (#4191, #4298). This is required as a

117 * workaround for the lack of user style support in Chrome.	132 * workaround for the lack of user style support in Chrome.

118 * See https://bugs.chromium.org/p/chromium/issues/detail?id=632009&desc=2	133 * See https://bugs.chromium.org/p/chromium/issues/detail?id=632009&desc=2

119 */	134 */

120 if ("shadowRoot" in Element.prototype)	135 if ("shadowRoot" in Element.prototype)

(...skipping 286 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
407 // Firefox 58 only bypasses site CSPs when assigning to 'src'.	422 // Firefox 58 only bypasses site CSPs when assigning to 'src'.

408 let url = URL.createObjectURL(new Blob([	423 let url = URL.createObjectURL(new Blob([

409 "(" + injected + ")('" + randomEventName + "');"	424 "(" + injected + ")('" + randomEventName + "');"

410 ]));	425 ]));

411 script.src = url;	426 script.src = url;

412 document.documentElement.appendChild(script);	427 document.documentElement.appendChild(script);

413 document.documentElement.removeChild(script);	428 document.documentElement.removeChild(script);

414 URL.revokeObjectURL(url);	429 URL.revokeObjectURL(url);

415 }	430 }

416 }	431 }

LEFT	RIGHT