Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Unified Diff: inject.preload.js

Issue 29586710: Issue 5382 - Wrap DOM mutation APIs to protect frames (Closed) Base URL: https://hg.adblockplus.org/adblockpluschrome/
Patch Set: Refactor Created Oct. 24, 2017, 1:39 a.m.
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: inject.preload.js
===================================================================
--- a/inject.preload.js
+++ b/inject.preload.js
@@ -67,53 +67,52 @@
"(" + injectedToString() + ")('" + eventName + "', true);"
);
delete contentWindow[eventName];
}
catch (e) {}
}
}
- for (let element of [HTMLFrameElement, HTMLIFrameElement, HTMLObjectElement])
+ function injectIntoAllFrames()
+ {
+ for (let i = 0; i < window.length; i++)
+ injectIntoContentWindow(window[i]);
+ }
+
+ function wrapAPIForInjection(object, api, callback)
{
- let contentDocumentDesc = Object.getOwnPropertyDescriptor(
- element.prototype, "contentDocument"
- );
- let contentWindowDesc = Object.getOwnPropertyDescriptor(
- element.prototype, "contentWindow"
- );
-
- // Apparently in HTMLObjectElement.prototype.contentWindow does not exist
- // in older versions of Chrome such as 42.
- if (!contentWindowDesc)
- continue;
+ let func = object[api];
+ object[api] = function(...args)
+ {
+ let returnValue = func.apply(this, args);
kzar 2017/12/11 08:48:13 I think func.apply could have been messed with at
Manish Jethani 2018/02/21 16:37:39 Thanks, for this one in particular now I've bound
+ callback(returnValue);
+ return returnValue;
+ };
+ }
- let getContentDocument = Function.prototype.call.bind(
- contentDocumentDesc.get
- );
- let getContentWindow = Function.prototype.call.bind(
- contentWindowDesc.get
- );
+ function wrapPropertyAPIForInjection(object, api, method, callback)
+ {
+ let descriptor = Object.getOwnPropertyDescriptor(object, api);
+ wrapAPIForInjection(descriptor, method, callback);
+ Object.defineProperty(object, api, descriptor);
+ }
- contentWindowDesc.get = function()
- {
- let contentWindow = getContentWindow(this);
- injectIntoContentWindow(contentWindow);
- return contentWindow;
- };
- contentDocumentDesc.get = function()
- {
- injectIntoContentWindow(getContentWindow(this));
- return getContentDocument(this);
- };
- Object.defineProperty(element.prototype, "contentWindow",
- contentWindowDesc);
- Object.defineProperty(element.prototype, "contentDocument",
- contentDocumentDesc);
- }
+ wrapAPIForInjection(Node.prototype, "appendChild", injectIntoAllFrames);
+ wrapAPIForInjection(Node.prototype, "insertBefore", injectIntoAllFrames);
+ wrapAPIForInjection(Node.prototype, "replaceChild", injectIntoAllFrames);
+
+ wrapPropertyAPIForInjection(Element.prototype,
+ "innerHTML", "set", injectIntoAllFrames);
+
+ wrapPropertyAPIForInjection(HTMLObjectElement.prototype,
Manish Jethani 2017/10/24 01:43:28 HTMLFrameElement and HTMLIFrameElement don't need
kzar 2017/12/11 08:48:13 Fair enough but did you check that it's OK with Ch
Manish Jethani 2018/02/21 16:37:39 I've added a check now so if the descriptor is not
+ "contentWindow", "get", injectIntoContentWindow);
+ wrapPropertyAPIForInjection(HTMLObjectElement.prototype,
+ "contentDocument", "get",
+ doc => injectIntoContentWindow(doc.defaultView));
/*
* Shadow root getter wrapper
*
* After creating our shadowRoot we must wrap the getter to prevent the
* website from accessing it (#4191, #4298). This is required as a
* workaround for the lack of user style support in Chrome.
* See https://bugs.chromium.org/p/chromium/issues/detail?id=632009&desc=2
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld