lib/filterClasses.js - Issue 29793555: Issue 6704 - Prevent $rewrite filters from matching against request types that load code

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: lib/filterClasses.js

Issue 29793555: Issue 6704 - Prevent $rewrite filters from matching against request types that load code (Closed)

Patch Set: Added OBJECT_SUBREQUEST Created May 29, 2018, 1:50 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-present eyeo GmbH	3 * Copyright (C) 2006-present eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 808 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
819 collapse = false;	819 collapse = false;

820 else if (option == "SITEKEY" && value)	820 else if (option == "SITEKEY" && value)

821 sitekeys = value.toUpperCase();	821 sitekeys = value.toUpperCase();

822 else if (option == "REWRITE" && value)	822 else if (option == "REWRITE" && value)

823 rewrite = value;	823 rewrite = value;

824 else	824 else

825 return new InvalidFilter(origText, "filter_unknown_option");	825 return new InvalidFilter(origText, "filter_unknown_option");

826 }	826 }

827 }	827 }

828	828

	829 // For security reasons, never match $rewrite filters

	830 // against requests that might load any code to be executed.

	831 if (rewrite != null)

	832 {

	833 if (contentType == null)

	834 ({contentType} = RegExpFilter.prototype);

	835 contentType &= ~(RegExpFilter.typeMap.SCRIPT \|

	836 RegExpFilter.typeMap.SUBDOCUMENT \|

	837 RegExpFilter.typeMap.OBJECT \|

	838 RegExpFilter.typeMap.OBJECT_SUBREQUEST);

	839 }

	840

829 try	841 try

830 {	842 {

831 if (blocking)	843 if (blocking)

832 {	844 {

833 if (csp && Filter.invalidCSPRegExp.test(csp))	845 if (csp && Filter.invalidCSPRegExp.test(csp))

834 return new InvalidFilter(origText, "filter_invalid_csp");	846 return new InvalidFilter(origText, "filter_invalid_csp");

835	847

836 return new BlockingFilter(origText, text, contentType, matchCase, domains,	848 return new BlockingFilter(origText, text, contentType, matchCase, domains,

837 thirdParty, sitekeys, collapse, csp, rewrite);	849 thirdParty, sitekeys, collapse, csp, rewrite);

838 }	850 }

(...skipping 263 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1102 */	1114 */

1103 function ElemHideEmulationFilter(text, domains, selector)	1115 function ElemHideEmulationFilter(text, domains, selector)

1104 {	1116 {

1105 ElemHideBase.call(this, text, domains, selector);	1117 ElemHideBase.call(this, text, domains, selector);

1106 }	1118 }

1107 exports.ElemHideEmulationFilter = ElemHideEmulationFilter;	1119 exports.ElemHideEmulationFilter = ElemHideEmulationFilter;

1108	1120

1109 ElemHideEmulationFilter.prototype = extend(ElemHideBase, {	1121 ElemHideEmulationFilter.prototype = extend(ElemHideBase, {

1110 type: "elemhideemulation"	1122 type: "elemhideemulation"

1111 });	1123 });

OLD	NEW

« no previous file with comments | « no previous file | test/filterClasses.js » ('j') | no next file with comments »