inject.preload.js - Issue 29590611: Issue 5953 - Bypass site CSP for script injection in Firefox

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Delta Between Two Patch Sets: inject.preload.js

Issue 29590611: Issue 5953 - Bypass site CSP for script injection in Firefox (Closed)

Left Patch Set: Created Oct. 27, 2017, 3:53 p.m.

Right Patch Set: Add comment Created Nov. 6, 2017, 2:59 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Left: Side by side diff | Download
Right: Side by side diff | Download

LEFT	RIGHT
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-present eyeo GmbH	3 * Copyright (C) 2006-present eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 380 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
391 if (document instanceof HTMLDocument)	391 if (document instanceof HTMLDocument)

392 {	392 {

393 let sandbox = window.frameElement &&	393 let sandbox = window.frameElement &&

394 window.frameElement.getAttribute("sandbox");	394 window.frameElement.getAttribute("sandbox");

395	395

396 if (typeof sandbox != "string" \|\| /(^\|\s)allow-scripts(\s\|$)/i.test(sandbox))	396 if (typeof sandbox != "string" \|\| /(^\|\s)allow-scripts(\s\|$)/i.test(sandbox))

397 {	397 {

398 let script = document.createElement("script");	398 let script = document.createElement("script");

399 script.type = "application/javascript";	399 script.type = "application/javascript";

400 script.async = false;	400 script.async = false;

401 let blob = new Blob([code], { type: "text/javascript" });	401 // Firefox 58 only bypasses site CSPs when assigning to 'src'.

402 let url = URL.createObjectURL(blob);	402 let url = URL.createObjectURL(new Blob([

	403 "(" + injected + ")('" + randomEventName + "');"

	404 ]));

403 script.src = url;	405 script.src = url;

404 document.documentElement.appendChild(script);	406 document.documentElement.appendChild(script);

405 document.documentElement.removeChild(script);	407 document.documentElement.removeChild(script);

406 URL.revokeObjectURL(url);	408 URL.revokeObjectURL(url);

407 }	409 }

408 }	410 }

LEFT	RIGHT