OLD | NEW |
1 /* | 1 /* |
2 * This file is part of Adblock Plus <https://adblockplus.org/>, | 2 * This file is part of Adblock Plus <https://adblockplus.org/>, |
3 * Copyright (C) 2006-present eyeo GmbH | 3 * Copyright (C) 2006-present eyeo GmbH |
4 * | 4 * |
5 * Adblock Plus is free software: you can redistribute it and/or modify | 5 * Adblock Plus is free software: you can redistribute it and/or modify |
6 * it under the terms of the GNU General Public License version 3 as | 6 * it under the terms of the GNU General Public License version 3 as |
7 * published by the Free Software Foundation. | 7 * published by the Free Software Foundation. |
8 * | 8 * |
9 * Adblock Plus is distributed in the hope that it will be useful, | 9 * Adblock Plus is distributed in the hope that it will be useful, |
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
90 Filter.elemhideRegExp = /^([^/*|@"!]*?)#([@?])?#(.+)$/; | 90 Filter.elemhideRegExp = /^([^/*|@"!]*?)#([@?])?#(.+)$/; |
91 /** | 91 /** |
92 * Regular expression that RegExp filters specified as RegExps should match | 92 * Regular expression that RegExp filters specified as RegExps should match |
93 * @type {RegExp} | 93 * @type {RegExp} |
94 */ | 94 */ |
95 Filter.regexpRegExp = /^(@@)?\/.*\/(?:\$~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,
\s]+)?)*)?$/; | 95 Filter.regexpRegExp = /^(@@)?\/.*\/(?:\$~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,
\s]+)?)*)?$/; |
96 /** | 96 /** |
97 * Regular expression that options on a RegExp filter should match | 97 * Regular expression that options on a RegExp filter should match |
98 * @type {RegExp} | 98 * @type {RegExp} |
99 */ | 99 */ |
100 Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,\s]+)?)*)$/; | 100 Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,]+)?(?:,~?[\w-]+(?:=[^,]+)?)*)$/; |
| 101 /** |
| 102 * Regular expression that matches an invalid Content Security Policy |
| 103 * @type {RegExp} |
| 104 */ |
| 105 Filter.invalidCSPRegExp = /(;|^) ?(base-uri|referrer|report-to|report-uri|upgrad
e-insecure-requests)\b/i; |
101 | 106 |
102 /** | 107 /** |
103 * Creates a filter of correct type from its text representation - does the | 108 * Creates a filter of correct type from its text representation - does the |
104 * basic parsing and calls the right constructor then. | 109 * basic parsing and calls the right constructor then. |
105 * | 110 * |
106 * @param {string} text as in Filter() | 111 * @param {string} text as in Filter() |
107 * @return {Filter} | 112 * @return {Filter} |
108 */ | 113 */ |
109 Filter.fromText = function(text) | 114 Filter.fromText = function(text) |
110 { | 115 { |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
165 * Removes unnecessary whitespaces from filter text, will only return null if | 170 * Removes unnecessary whitespaces from filter text, will only return null if |
166 * the input parameter is null. | 171 * the input parameter is null. |
167 * @param {string} text | 172 * @param {string} text |
168 * @return {string} | 173 * @return {string} |
169 */ | 174 */ |
170 Filter.normalize = function(text) | 175 Filter.normalize = function(text) |
171 { | 176 { |
172 if (!text) | 177 if (!text) |
173 return text; | 178 return text; |
174 | 179 |
175 // Remove line breaks and such | 180 // Remove line breaks, tabs etc |
176 text = text.replace(/[^\S ]/g, ""); | 181 text = text.replace(/[^\S ]+/g, ""); |
177 | 182 |
178 if (/^\s*!/.test(text)) | 183 // Don't remove spaces inside comments |
| 184 if (/^ *!/.test(text)) |
| 185 return text.trim(); |
| 186 |
| 187 // Special treatment for element hiding filters, right side is allowed to |
| 188 // contain spaces |
| 189 if (Filter.elemhideRegExp.test(text)) |
179 { | 190 { |
180 // Don't remove spaces inside comments | 191 let [, domain, separator, selector] = /^(.*?)(#@?#?)(.*)$/.exec(text); |
181 return text.trim(); | 192 return domain.replace(/ +/g, "") + separator + selector.trim(); |
182 } | 193 } |
183 else if (Filter.elemhideRegExp.test(text)) | 194 |
| 195 // For most regexp filters we strip all spaces, but $csp filter options |
| 196 // are allowed to contain single (non trailing) spaces. |
| 197 let strippedText = text.replace(/ +/g, ""); |
| 198 if (!strippedText.includes("$") || !/\bcsp=/i.test(strippedText)) |
| 199 return strippedText; |
| 200 |
| 201 let optionsMatch = Filter.optionsRegExp.exec(strippedText); |
| 202 if (!optionsMatch) |
| 203 return strippedText; |
| 204 |
| 205 // For $csp filters we must first separate out the options part of the |
| 206 // text, being careful to preserve its spaces. |
| 207 let beforeOptions = strippedText.substring(0, optionsMatch.index); |
| 208 let strippedDollarIndex = -1; |
| 209 let dollarIndex = -1; |
| 210 do |
184 { | 211 { |
185 // Special treatment for element hiding filters, right side is allowed to | 212 strippedDollarIndex = beforeOptions.indexOf("$", strippedDollarIndex + 1); |
186 // contain spaces | 213 dollarIndex = text.indexOf("$", dollarIndex + 1); |
187 let [, domain, separator, selector] = /^(.*?)(#@?#?)(.*)$/.exec(text); | |
188 return domain.replace(/\s/g, "") + separator + selector.trim(); | |
189 } | 214 } |
190 return text.replace(/\s/g, ""); | 215 while (strippedDollarIndex != -1); |
| 216 let optionsText = text.substr(dollarIndex + 1); |
| 217 |
| 218 // Then we can normalize spaces in the options part safely |
| 219 let options = optionsText.split(","); |
| 220 for (let i = 0; i < options.length; i++) |
| 221 { |
| 222 let option = options[i]; |
| 223 let cspMatch = /^ *c *s *p *=/i.exec(option); |
| 224 if (cspMatch) |
| 225 { |
| 226 options[i] = cspMatch[0].replace(/ +/g, "") + |
| 227 option.substr(cspMatch[0].length).trim().replace(/ +/g, " "); |
| 228 } |
| 229 else |
| 230 options[i] = option.replace(/ +/g, ""); |
| 231 } |
| 232 |
| 233 return beforeOptions + "$" + options.join(); |
191 }; | 234 }; |
192 | 235 |
193 /** | 236 /** |
194 * @see filterToRegExp | 237 * @see filterToRegExp |
195 */ | 238 */ |
196 Filter.toRegExp = filterToRegExp; | 239 Filter.toRegExp = filterToRegExp; |
197 | 240 |
198 /** | 241 /** |
199 * Class for invalid filters | 242 * Class for invalid filters |
200 * @param {string} text see Filter() | 243 * @param {string} text see Filter() |
(...skipping 519 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
720 blocking = false; | 763 blocking = false; |
721 text = text.substr(2); | 764 text = text.substr(2); |
722 } | 765 } |
723 | 766 |
724 let contentType = null; | 767 let contentType = null; |
725 let matchCase = null; | 768 let matchCase = null; |
726 let domains = null; | 769 let domains = null; |
727 let sitekeys = null; | 770 let sitekeys = null; |
728 let thirdParty = null; | 771 let thirdParty = null; |
729 let collapse = null; | 772 let collapse = null; |
| 773 let csp = null; |
730 let options; | 774 let options; |
731 let match = (text.indexOf("$") >= 0 ? Filter.optionsRegExp.exec(text) : null); | 775 let match = (text.indexOf("$") >= 0 ? Filter.optionsRegExp.exec(text) : null); |
732 if (match) | 776 if (match) |
733 { | 777 { |
734 options = match[1].toUpperCase().split(","); | 778 options = match[1].split(","); |
735 text = match.input.substr(0, match.index); | 779 text = match.input.substr(0, match.index); |
736 for (let option of options) | 780 for (let option of options) |
737 { | 781 { |
738 let value = null; | 782 let value = null; |
739 let separatorIndex = option.indexOf("="); | 783 let separatorIndex = option.indexOf("="); |
740 if (separatorIndex >= 0) | 784 if (separatorIndex >= 0) |
741 { | 785 { |
742 value = option.substr(separatorIndex + 1); | 786 value = option.substr(separatorIndex + 1); |
743 option = option.substr(0, separatorIndex); | 787 option = option.substr(0, separatorIndex); |
744 } | 788 } |
745 option = option.replace(/-/, "_"); | 789 option = option.replace(/-/, "_").toUpperCase(); |
746 if (option in RegExpFilter.typeMap) | 790 if (option in RegExpFilter.typeMap) |
747 { | 791 { |
748 if (contentType == null) | 792 if (contentType == null) |
749 contentType = 0; | 793 contentType = 0; |
750 contentType |= RegExpFilter.typeMap[option]; | 794 contentType |= RegExpFilter.typeMap[option]; |
| 795 |
| 796 if (option == "CSP" && typeof value != "undefined") |
| 797 csp = value; |
751 } | 798 } |
752 else if (option[0] == "~" && option.substr(1) in RegExpFilter.typeMap) | 799 else if (option[0] == "~" && option.substr(1) in RegExpFilter.typeMap) |
753 { | 800 { |
754 if (contentType == null) | 801 if (contentType == null) |
755 ({contentType} = RegExpFilter.prototype); | 802 ({contentType} = RegExpFilter.prototype); |
756 contentType &= ~RegExpFilter.typeMap[option.substr(1)]; | 803 contentType &= ~RegExpFilter.typeMap[option.substr(1)]; |
757 } | 804 } |
758 else if (option == "MATCH_CASE") | 805 else if (option == "MATCH_CASE") |
759 matchCase = true; | 806 matchCase = true; |
760 else if (option == "~MATCH_CASE") | 807 else if (option == "~MATCH_CASE") |
761 matchCase = false; | 808 matchCase = false; |
762 else if (option == "DOMAIN" && typeof value != "undefined") | 809 else if (option == "DOMAIN" && typeof value != "undefined") |
763 domains = value; | 810 domains = value.toUpperCase(); |
764 else if (option == "THIRD_PARTY") | 811 else if (option == "THIRD_PARTY") |
765 thirdParty = true; | 812 thirdParty = true; |
766 else if (option == "~THIRD_PARTY") | 813 else if (option == "~THIRD_PARTY") |
767 thirdParty = false; | 814 thirdParty = false; |
768 else if (option == "COLLAPSE") | 815 else if (option == "COLLAPSE") |
769 collapse = true; | 816 collapse = true; |
770 else if (option == "~COLLAPSE") | 817 else if (option == "~COLLAPSE") |
771 collapse = false; | 818 collapse = false; |
772 else if (option == "SITEKEY" && typeof value != "undefined") | 819 else if (option == "SITEKEY" && typeof value != "undefined") |
773 sitekeys = value; | 820 sitekeys = value.toUpperCase(); |
774 else | 821 else |
775 return new InvalidFilter(origText, "filter_unknown_option"); | 822 return new InvalidFilter(origText, "filter_unknown_option"); |
776 } | 823 } |
777 } | 824 } |
778 | 825 |
779 try | 826 try |
780 { | 827 { |
781 if (blocking) | 828 if (blocking) |
782 { | 829 { |
| 830 if (csp && Filter.invalidCSPRegExp.test(csp)) |
| 831 return new InvalidFilter(origText, "filter_invalid_csp"); |
| 832 |
783 return new BlockingFilter(origText, text, contentType, matchCase, domains, | 833 return new BlockingFilter(origText, text, contentType, matchCase, domains, |
784 thirdParty, sitekeys, collapse); | 834 thirdParty, sitekeys, collapse, csp); |
785 } | 835 } |
786 return new WhitelistFilter(origText, text, contentType, matchCase, domains, | 836 return new WhitelistFilter(origText, text, contentType, matchCase, domains, |
787 thirdParty, sitekeys); | 837 thirdParty, sitekeys); |
788 } | 838 } |
789 catch (e) | 839 catch (e) |
790 { | 840 { |
791 return new InvalidFilter(origText, "filter_invalid_regexp"); | 841 return new InvalidFilter(origText, "filter_invalid_regexp"); |
792 } | 842 } |
793 }; | 843 }; |
794 | 844 |
795 /** | 845 /** |
796 * Maps type strings like "SCRIPT" or "OBJECT" to bit masks | 846 * Maps type strings like "SCRIPT" or "OBJECT" to bit masks |
797 */ | 847 */ |
798 RegExpFilter.typeMap = { | 848 RegExpFilter.typeMap = { |
799 OTHER: 1, | 849 OTHER: 1, |
800 SCRIPT: 2, | 850 SCRIPT: 2, |
801 IMAGE: 4, | 851 IMAGE: 4, |
802 STYLESHEET: 8, | 852 STYLESHEET: 8, |
803 OBJECT: 16, | 853 OBJECT: 16, |
804 SUBDOCUMENT: 32, | 854 SUBDOCUMENT: 32, |
805 DOCUMENT: 64, | 855 DOCUMENT: 64, |
806 WEBSOCKET: 128, | 856 WEBSOCKET: 128, |
807 WEBRTC: 256, | 857 WEBRTC: 256, |
| 858 CSP: 512, |
808 XBL: 1, | 859 XBL: 1, |
809 PING: 1024, | 860 PING: 1024, |
810 XMLHTTPREQUEST: 2048, | 861 XMLHTTPREQUEST: 2048, |
811 OBJECT_SUBREQUEST: 4096, | 862 OBJECT_SUBREQUEST: 4096, |
812 DTD: 1, | 863 DTD: 1, |
813 MEDIA: 16384, | 864 MEDIA: 16384, |
814 FONT: 32768, | 865 FONT: 32768, |
815 | 866 |
816 BACKGROUND: 4, // Backwards compat, same as IMAGE | 867 BACKGROUND: 4, // Backwards compat, same as IMAGE |
817 | 868 |
818 POPUP: 0x10000000, | 869 POPUP: 0x10000000, |
819 GENERICBLOCK: 0x20000000, | 870 GENERICBLOCK: 0x20000000, |
820 ELEMHIDE: 0x40000000, | 871 ELEMHIDE: 0x40000000, |
821 GENERICHIDE: 0x80000000 | 872 GENERICHIDE: 0x80000000 |
822 }; | 873 }; |
823 | 874 |
824 // DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options shouldn't | 875 // CSP, DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options |
825 // be there by default | 876 // shouldn't be there by default |
826 RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.DOCUMENT | | 877 RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.CSP | |
| 878 RegExpFilter.typeMap.DOCUMENT | |
827 RegExpFilter.typeMap.ELEMHIDE | | 879 RegExpFilter.typeMap.ELEMHIDE | |
828 RegExpFilter.typeMap.POPUP | | 880 RegExpFilter.typeMap.POPUP | |
829 RegExpFilter.typeMap.GENERICHIDE | | 881 RegExpFilter.typeMap.GENERICHIDE | |
830 RegExpFilter.typeMap.GENERICBLOCK); | 882 RegExpFilter.typeMap.GENERICBLOCK); |
831 | 883 |
832 /** | 884 /** |
833 * Class for blocking filters | 885 * Class for blocking filters |
834 * @param {string} text see Filter() | 886 * @param {string} text see Filter() |
835 * @param {string} regexpSource see RegExpFilter() | 887 * @param {string} regexpSource see RegExpFilter() |
836 * @param {number} contentType see RegExpFilter() | 888 * @param {number} contentType see RegExpFilter() |
837 * @param {boolean} matchCase see RegExpFilter() | 889 * @param {boolean} matchCase see RegExpFilter() |
838 * @param {string} domains see RegExpFilter() | 890 * @param {string} domains see RegExpFilter() |
839 * @param {boolean} thirdParty see RegExpFilter() | 891 * @param {boolean} thirdParty see RegExpFilter() |
840 * @param {string} sitekeys see RegExpFilter() | 892 * @param {string} sitekeys see RegExpFilter() |
841 * @param {boolean} collapse | 893 * @param {boolean} collapse |
842 * defines whether the filter should collapse blocked content, can be null | 894 * defines whether the filter should collapse blocked content, can be null |
| 895 * @param {string} [csp] |
| 896 * Content Security Policy to inject when the filter matches |
843 * @constructor | 897 * @constructor |
844 * @augments RegExpFilter | 898 * @augments RegExpFilter |
845 */ | 899 */ |
846 function BlockingFilter(text, regexpSource, contentType, matchCase, domains, | 900 function BlockingFilter(text, regexpSource, contentType, matchCase, domains, |
847 thirdParty, sitekeys, collapse) | 901 thirdParty, sitekeys, collapse, csp) |
848 { | 902 { |
849 RegExpFilter.call(this, text, regexpSource, contentType, matchCase, domains, | 903 RegExpFilter.call(this, text, regexpSource, contentType, matchCase, domains, |
850 thirdParty, sitekeys); | 904 thirdParty, sitekeys); |
851 | 905 |
852 this.collapse = collapse; | 906 this.collapse = collapse; |
| 907 this.csp = csp; |
853 } | 908 } |
854 exports.BlockingFilter = BlockingFilter; | 909 exports.BlockingFilter = BlockingFilter; |
855 | 910 |
856 BlockingFilter.prototype = extend(RegExpFilter, { | 911 BlockingFilter.prototype = extend(RegExpFilter, { |
857 type: "blocking", | 912 type: "blocking", |
858 | 913 |
859 /** | 914 /** |
860 * Defines whether the filter should collapse blocked content. | 915 * Defines whether the filter should collapse blocked content. |
861 * Can be null (use the global preference). | 916 * Can be null (use the global preference). |
862 * @type {boolean} | 917 * @type {boolean} |
863 */ | 918 */ |
864 collapse: null | 919 collapse: null, |
| 920 |
| 921 /** |
| 922 * Content Security Policy to inject for matching requests. |
| 923 * @type {string} |
| 924 */ |
| 925 csp: null |
865 }); | 926 }); |
866 | 927 |
867 /** | 928 /** |
868 * Class for whitelist filters | 929 * Class for whitelist filters |
869 * @param {string} text see Filter() | 930 * @param {string} text see Filter() |
870 * @param {string} regexpSource see RegExpFilter() | 931 * @param {string} regexpSource see RegExpFilter() |
871 * @param {number} contentType see RegExpFilter() | 932 * @param {number} contentType see RegExpFilter() |
872 * @param {boolean} matchCase see RegExpFilter() | 933 * @param {boolean} matchCase see RegExpFilter() |
873 * @param {string} domains see RegExpFilter() | 934 * @param {string} domains see RegExpFilter() |
874 * @param {boolean} thirdParty see RegExpFilter() | 935 * @param {boolean} thirdParty see RegExpFilter() |
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1019 */ | 1080 */ |
1020 function ElemHideEmulationFilter(text, domains, selector) | 1081 function ElemHideEmulationFilter(text, domains, selector) |
1021 { | 1082 { |
1022 ElemHideBase.call(this, text, domains, selector); | 1083 ElemHideBase.call(this, text, domains, selector); |
1023 } | 1084 } |
1024 exports.ElemHideEmulationFilter = ElemHideEmulationFilter; | 1085 exports.ElemHideEmulationFilter = ElemHideEmulationFilter; |
1025 | 1086 |
1026 ElemHideEmulationFilter.prototype = extend(ElemHideBase, { | 1087 ElemHideEmulationFilter.prototype = extend(ElemHideBase, { |
1027 type: "elemhideemulation" | 1088 type: "elemhideemulation" |
1028 }); | 1089 }); |
OLD | NEW |