Unified Diff: lib/filterClasses.js
Issue 29680689:
[$csp2 adblockpluscore] Issue 6329 - Add the CSP filter type (Closed)
Patch Set: Prevent the referrer directive
Created March 15, 2018, 4:05 p.m.
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with comments
|
« no previous file
|
test/filterClasses.js » ('j')
|
test/filterClasses.js » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| Index: lib/filterClasses.js |
| diff --git a/lib/filterClasses.js b/lib/filterClasses.js |
| index 1498ad8db2da7975ef3dce4916ef843d29d51420..613d9795ba4bc425b21ddd0470de9a605f3e268d 100644 |
| --- a/lib/filterClasses.js |
| +++ b/lib/filterClasses.js |
| @@ -97,7 +97,7 @@ Filter.regexpRegExp = /^(@@)?\/.*\/(?:\$~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^, |
| * Regular expression that options on a RegExp filter should match |
| * @type {RegExp} |
| */ |
| -Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,\s]+)?)*)$/; |
| +Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,]+)?(?:,~?[\w-]+(?:=[^,]+)?)*)$/; |
| /** |
| * Creates a filter of correct type from its text representation - does the |
| @@ -173,21 +173,51 @@ Filter.normalize = function(text) |
| return text; |
| // Remove line breaks and such |
| - text = text.replace(/[^\S ]/g, ""); |
| + text = text.replace(/[^\S ]+/g, ""); |
| - if (/^\s*!/.test(text)) |
| - { |
| - // Don't remove spaces inside comments |
| + // Don't remove spaces inside comments |
| + if (/^ *!/.test(text)) |
| return text.trim(); |
| - } |
| - else if (Filter.elemhideRegExp.test(text)) |
| + |
| + // Special treatment for element hiding filters, right side is allowed to |
| + // contain spaces |
| + if (Filter.elemhideRegExp.test(text)) |
| { |
| - // Special treatment for element hiding filters, right side is allowed to |
| - // contain spaces |
| let [, domain, separator, selector] = /^(.*?)(#@?#?)(.*)$/.exec(text); |
| - return domain.replace(/\s/g, "") + separator + selector.trim(); |
| + return domain.replace(/ +/g, "") + separator + selector.trim(); |
| + } |
| + |
| + // For most regexp filters we strip all whitespace. |
| + let strippedText = text.replace(/ +/g, ""); |
| + if (!strippedText.includes("$") || !/\bcsp=/i.test(strippedText)) |
| + return strippedText; |
| + |
| + let optionsMatch = Filter.optionsRegExp.exec(strippedText); |
| + if (!optionsMatch) |
| + return strippedText; |
| + |
| + // But since the values of $csp filter options are allowed to contain single |
| + // (non trailing) spaces we have to be more careful if they might be present. |
| + let beforeOptions = strippedText.substring(0, optionsMatch.index); |
| + let optionsText = text; |
| + for (let i = beforeOptions.split("$").length; i > 0; i--) |
| + optionsText = optionsText.substr(optionsText.indexOf("$") + 1); |
| + |
| + let options = optionsText.split(","); |
| + for (let i = 0; i < options.length; i++) |
| + { |
| + let option = options[i]; |
| + let cspMatch = /^ *c *s *p *=/i.exec(option); |
| + if (cspMatch) |
| + { |
| + options[i] = cspMatch[0].replace(/ +/g, "") + |
| + option.substr(cspMatch[0].length).trim().replace(/ +/g, " "); |
| + } |
| + else |
| + options[i] = option.replace(/ +/g, ""); |
| } |
| - return text.replace(/\s/g, ""); |
| + |
| + return beforeOptions + "$" + options.join(); |
| }; |
| /** |
| @@ -727,11 +757,12 @@ RegExpFilter.fromText = function(text) |
| let sitekeys = null; |
| let thirdParty = null; |
| let collapse = null; |
| + let csp = null; |
| let options; |
| let match = (text.indexOf("$") >= 0 ? Filter.optionsRegExp.exec(text) : null); |
| if (match) |
| { |
| - options = match[1].toUpperCase().split(","); |
| + options = match[1].split(","); |
| text = match.input.substr(0, match.index); |
| for (let option of options) |
| { |
| @@ -742,12 +773,20 @@ RegExpFilter.fromText = function(text) |
| value = option.substr(separatorIndex + 1); |
| option = option.substr(0, separatorIndex); |
| } |
| - option = option.replace(/-/, "_"); |
| + option = option.replace(/-/, "_").toUpperCase(); |
| if (option in RegExpFilter.typeMap) |
| { |
| if (contentType == null) |
| contentType = 0; |
| contentType |= RegExpFilter.typeMap[option]; |
| + |
| + if (option == "CSP" && typeof value != "undefined") |
| + { |
| + if (csp) |
| + csp.push(value); |
| + else |
| + csp = [value]; |
| + } |
| } |
| else if (option[0] == "~" && option.substr(1) in RegExpFilter.typeMap) |
| { |
| @@ -760,7 +799,7 @@ RegExpFilter.fromText = function(text) |
| else if (option == "~MATCH_CASE") |
| matchCase = false; |
| else if (option == "DOMAIN" && typeof value != "undefined") |
| - domains = value; |
| + domains = value.toUpperCase(); |
| else if (option == "THIRD_PARTY") |
| thirdParty = true; |
| else if (option == "~THIRD_PARTY") |
| @@ -770,7 +809,7 @@ RegExpFilter.fromText = function(text) |
| else if (option == "~COLLAPSE") |
| collapse = false; |
| else if (option == "SITEKEY" && typeof value != "undefined") |
| - sitekeys = value; |
| + sitekeys = value.toUpperCase(); |
| else |
| return new InvalidFilter(origText, "filter_unknown_option"); |
| } |
| @@ -780,8 +819,17 @@ RegExpFilter.fromText = function(text) |
| { |
| if (blocking) |
| { |
| + if (csp) |
| + { |
| + csp = csp.join("; ").toLowerCase(); |
| + |
| + // Prevent injecting directives which could be a privacy concern |
| + if (/(;|^) ?(report-to|report-uri|referrer)\b/.test(csp)) |
| + return new InvalidFilter(origText, "filter_invalid_csp"); |
| + } |
| + |
| return new BlockingFilter(origText, text, contentType, matchCase, domains, |
| - thirdParty, sitekeys, collapse); |
| + thirdParty, sitekeys, collapse, csp); |
| } |
| return new WhitelistFilter(origText, text, contentType, matchCase, domains, |
| thirdParty, sitekeys); |
| @@ -805,6 +853,7 @@ RegExpFilter.typeMap = { |
| DOCUMENT: 64, |
| WEBSOCKET: 128, |
| WEBRTC: 256, |
| + CSP: 512, |
| XBL: 1, |
| PING: 1024, |
| XMLHTTPREQUEST: 2048, |
| @@ -821,9 +870,10 @@ RegExpFilter.typeMap = { |
| GENERICHIDE: 0x80000000 |
| }; |
| -// DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options shouldn't |
| -// be there by default |
| -RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.DOCUMENT | |
| +// CSP, DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options |
| +// shouldn't be there by default |
| +RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.CSP | |
| + RegExpFilter.typeMap.DOCUMENT | |
| RegExpFilter.typeMap.ELEMHIDE | |
| RegExpFilter.typeMap.POPUP | |
| RegExpFilter.typeMap.GENERICHIDE | |
| @@ -840,16 +890,19 @@ RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.DOCUMENT | |
| * @param {string} sitekeys see RegExpFilter() |
| * @param {boolean} collapse |
| * defines whether the filter should collapse blocked content, can be null |
| + * @param {string} [csp] |
| + * Content Security Policy to inject when the filter matches |
| * @constructor |
| * @augments RegExpFilter |
| */ |
| function BlockingFilter(text, regexpSource, contentType, matchCase, domains, |
| - thirdParty, sitekeys, collapse) |
| + thirdParty, sitekeys, collapse, csp) |
| { |
| RegExpFilter.call(this, text, regexpSource, contentType, matchCase, domains, |
| thirdParty, sitekeys); |
| this.collapse = collapse; |
| + this.csp = csp; |
| } |
| exports.BlockingFilter = BlockingFilter; |
| @@ -861,7 +914,13 @@ BlockingFilter.prototype = extend(RegExpFilter, { |
| * Can be null (use the global preference). |
| * @type {boolean} |
| */ |
| - collapse: null |
| + collapse: null, |
| + |
| + /** |
| + * Content Security Policy to inject for matching requests. |
| + * @type {string} |
| + */ |
| + csp: null |
| }); |
| /** |
« no previous file with comments
|
« no previous file
|
test/filterClasses.js » ('j')
|
test/filterClasses.js » ('J')
