Unified Diff: lib/filterClasses.js
Issue 29680689:
[$csp2 adblockpluscore] Issue 6329 - Add the CSP filter type (Closed)
Patch Set: Addressed Sebastian's feedback
Created March 21, 2018, 4:51 p.m.
Use n/p to move between diff chunks;
N/P to move between comments.
« no previous file with comments
|
« no previous file
|
test/filterClasses.js » ('j')
|
no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')
| Index: lib/filterClasses.js |
| diff --git a/lib/filterClasses.js b/lib/filterClasses.js |
| index 1498ad8db2da7975ef3dce4916ef843d29d51420..689496224b1960881be2ea30c13c3d3eeac71b4b 100644 |
| --- a/lib/filterClasses.js |
| +++ b/lib/filterClasses.js |
| @@ -97,7 +97,12 @@ Filter.regexpRegExp = /^(@@)?\/.*\/(?:\$~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^, |
| * Regular expression that options on a RegExp filter should match |
| * @type {RegExp} |
| */ |
| -Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,\s]+)?)*)$/; |
| +Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,]+)?(?:,~?[\w-]+(?:=[^,]+)?)*)$/; |
| +/** |
| + * Regular expression that matches an invalid Content Security Policy |
| + * @type {RegExp} |
| + */ |
| +Filter.invalidCSPRegExp = /(;|^) ?(base-uri|referrer|report-to|report-uri|upgrade-insecure-requests)\b/i; |
| /** |
| * Creates a filter of correct type from its text representation - does the |
| @@ -172,22 +177,60 @@ Filter.normalize = function(text) |
| if (!text) |
| return text; |
| - // Remove line breaks and such |
| - text = text.replace(/[^\S ]/g, ""); |
| + // Remove line breaks, tabs etc |
| + text = text.replace(/[^\S ]+/g, ""); |
| - if (/^\s*!/.test(text)) |
| - { |
| - // Don't remove spaces inside comments |
| + // Don't remove spaces inside comments |
| + if (/^ *!/.test(text)) |
| return text.trim(); |
| - } |
| - else if (Filter.elemhideRegExp.test(text)) |
| + |
| + // Special treatment for element hiding filters, right side is allowed to |
| + // contain spaces |
| + if (Filter.elemhideRegExp.test(text)) |
| { |
| - // Special treatment for element hiding filters, right side is allowed to |
| - // contain spaces |
| let [, domain, separator, selector] = /^(.*?)(#@?#?)(.*)$/.exec(text); |
| - return domain.replace(/\s/g, "") + separator + selector.trim(); |
| + return domain.replace(/ +/g, "") + separator + selector.trim(); |
| } |
| - return text.replace(/\s/g, ""); |
| + |
| + // For most regexp filters we strip all spaces, but $csp filter options |
| + // are allowed to contain single (non trailing) spaces. |
| + let strippedText = text.replace(/ +/g, ""); |
| + if (!strippedText.includes("$") || !/\bcsp=/i.test(strippedText)) |
| + return strippedText; |
| + |
| + let optionsMatch = Filter.optionsRegExp.exec(strippedText); |
| + if (!optionsMatch) |
| + return strippedText; |
| + |
| + // For $csp filters we must first separate out the options part of the |
| + // text, being careful to preserve its spaces. |
| + let beforeOptions = strippedText.substring(0, optionsMatch.index); |
| + let strippedDollarIndex = -1; |
| + let dollarIndex = -1; |
| + do |
| + { |
| + strippedDollarIndex = beforeOptions.indexOf("$", strippedDollarIndex + 1); |
| + dollarIndex = text.indexOf("$", dollarIndex + 1); |
| + } |
| + while (strippedDollarIndex != -1); |
| + let optionsText = text.substr(dollarIndex + 1); |
| + |
| + // Then we can normalize spaces in the options part safely |
| + let options = optionsText.split(","); |
| + for (let i = 0; i < options.length; i++) |
| + { |
| + let option = options[i]; |
| + let cspMatch = /^ *c *s *p *=/i.exec(option); |
| + if (cspMatch) |
| + { |
| + options[i] = cspMatch[0].replace(/ +/g, "") + |
| + option.substr(cspMatch[0].length).trim().replace(/ +/g, " "); |
| + } |
| + else |
| + options[i] = option.replace(/ +/g, ""); |
| + } |
| + |
| + return beforeOptions + "$" + options.join(); |
| }; |
| /** |
| @@ -727,11 +770,12 @@ RegExpFilter.fromText = function(text) |
| let sitekeys = null; |
| let thirdParty = null; |
| let collapse = null; |
| + let csp = null; |
| let options; |
| let match = (text.indexOf("$") >= 0 ? Filter.optionsRegExp.exec(text) : null); |
| if (match) |
| { |
| - options = match[1].toUpperCase().split(","); |
| + options = match[1].split(","); |
| text = match.input.substr(0, match.index); |
| for (let option of options) |
| { |
| @@ -742,12 +786,15 @@ RegExpFilter.fromText = function(text) |
| value = option.substr(separatorIndex + 1); |
| option = option.substr(0, separatorIndex); |
| } |
| - option = option.replace(/-/, "_"); |
| + option = option.replace(/-/, "_").toUpperCase(); |
| if (option in RegExpFilter.typeMap) |
| { |
| if (contentType == null) |
| contentType = 0; |
| contentType |= RegExpFilter.typeMap[option]; |
| + |
| + if (option == "CSP" && typeof value != "undefined") |
| + csp = value; |
| } |
| else if (option[0] == "~" && option.substr(1) in RegExpFilter.typeMap) |
| { |
| @@ -760,7 +807,7 @@ RegExpFilter.fromText = function(text) |
| else if (option == "~MATCH_CASE") |
| matchCase = false; |
| else if (option == "DOMAIN" && typeof value != "undefined") |
| - domains = value; |
| + domains = value.toUpperCase(); |
| else if (option == "THIRD_PARTY") |
| thirdParty = true; |
| else if (option == "~THIRD_PARTY") |
| @@ -770,7 +817,7 @@ RegExpFilter.fromText = function(text) |
| else if (option == "~COLLAPSE") |
| collapse = false; |
| else if (option == "SITEKEY" && typeof value != "undefined") |
| - sitekeys = value; |
| + sitekeys = value.toUpperCase(); |
| else |
| return new InvalidFilter(origText, "filter_unknown_option"); |
| } |
| @@ -780,8 +827,11 @@ RegExpFilter.fromText = function(text) |
| { |
| if (blocking) |
| { |
| + if (csp && Filter.invalidCSPRegExp.test(csp)) |
| + return new InvalidFilter(origText, "filter_invalid_csp"); |
| + |
| return new BlockingFilter(origText, text, contentType, matchCase, domains, |
| - thirdParty, sitekeys, collapse); |
| + thirdParty, sitekeys, collapse, csp); |
| } |
| return new WhitelistFilter(origText, text, contentType, matchCase, domains, |
| thirdParty, sitekeys); |
| @@ -805,6 +855,7 @@ RegExpFilter.typeMap = { |
| DOCUMENT: 64, |
| WEBSOCKET: 128, |
| WEBRTC: 256, |
| + CSP: 512, |
| XBL: 1, |
| PING: 1024, |
| XMLHTTPREQUEST: 2048, |
| @@ -821,9 +872,10 @@ RegExpFilter.typeMap = { |
| GENERICHIDE: 0x80000000 |
| }; |
| -// DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options shouldn't |
| -// be there by default |
| -RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.DOCUMENT | |
| +// CSP, DOCUMENT, ELEMHIDE, POPUP, GENERICHIDE and GENERICBLOCK options |
| +// shouldn't be there by default |
| +RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.CSP | |
| + RegExpFilter.typeMap.DOCUMENT | |
| RegExpFilter.typeMap.ELEMHIDE | |
| RegExpFilter.typeMap.POPUP | |
| RegExpFilter.typeMap.GENERICHIDE | |
| @@ -840,16 +892,19 @@ RegExpFilter.prototype.contentType &= ~(RegExpFilter.typeMap.DOCUMENT | |
| * @param {string} sitekeys see RegExpFilter() |
| * @param {boolean} collapse |
| * defines whether the filter should collapse blocked content, can be null |
| + * @param {string} [csp] |
| + * Content Security Policy to inject when the filter matches |
| * @constructor |
| * @augments RegExpFilter |
| */ |
| function BlockingFilter(text, regexpSource, contentType, matchCase, domains, |
| - thirdParty, sitekeys, collapse) |
| + thirdParty, sitekeys, collapse, csp) |
| { |
| RegExpFilter.call(this, text, regexpSource, contentType, matchCase, domains, |
| thirdParty, sitekeys); |
| this.collapse = collapse; |
| + this.csp = csp; |
| } |
| exports.BlockingFilter = BlockingFilter; |
| @@ -861,7 +916,13 @@ BlockingFilter.prototype = extend(RegExpFilter, { |
| * Can be null (use the global preference). |
| * @type {boolean} |
| */ |
| - collapse: null |
| + collapse: null, |
| + |
| + /** |
| + * Content Security Policy to inject for matching requests. |
| + * @type {string} |
| + */ |
| + csp: null |
| }); |
| /** |
« no previous file with comments
|
« no previous file
|
test/filterClasses.js » ('j')
|
no next file with comments »
