Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Delta Between Two Patch Sets: lib/filterClasses.js

Issue 29793555: Issue 6704 - Prevent $rewrite filters from matching against request types that load code (Closed)
Left Patch Set: Created May 29, 2018, 1:21 p.m.
Right Patch Set: Added OBJECT_SUBREQUEST Created May 29, 2018, 1:50 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
Left: Side by side diff | Download
Right: Side by side diff | Download
« no previous file with change/comment | « no previous file | test/filterClasses.js » ('j') | no next file with change/comment »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
LEFTRIGHT
1 /* 1 /*
2 * This file is part of Adblock Plus <https://adblockplus.org/>, 2 * This file is part of Adblock Plus <https://adblockplus.org/>,
3 * Copyright (C) 2006-present eyeo GmbH 3 * Copyright (C) 2006-present eyeo GmbH
4 * 4 *
5 * Adblock Plus is free software: you can redistribute it and/or modify 5 * Adblock Plus is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3 as 6 * it under the terms of the GNU General Public License version 3 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 * 8 *
9 * Adblock Plus is distributed in the hope that it will be useful, 9 * Adblock Plus is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
(...skipping 816 matching lines...) Expand 10 before | Expand all | Expand 10 after
827 } 827 }
828 828
829 // For security reasons, never match $rewrite filters 829 // For security reasons, never match $rewrite filters
830 // against requests that might load any code to be executed. 830 // against requests that might load any code to be executed.
831 if (rewrite != null) 831 if (rewrite != null)
832 { 832 {
833 if (contentType == null) 833 if (contentType == null)
834 ({contentType} = RegExpFilter.prototype); 834 ({contentType} = RegExpFilter.prototype);
835 contentType &= ~(RegExpFilter.typeMap.SCRIPT | 835 contentType &= ~(RegExpFilter.typeMap.SCRIPT |
836 RegExpFilter.typeMap.SUBDOCUMENT | 836 RegExpFilter.typeMap.SUBDOCUMENT |
837 RegExpFilter.typeMap.OBJECT); 837 RegExpFilter.typeMap.OBJECT |
838 RegExpFilter.typeMap.OBJECT_SUBREQUEST);
838 } 839 }
839 840
840 try 841 try
841 { 842 {
842 if (blocking) 843 if (blocking)
843 { 844 {
844 if (csp && Filter.invalidCSPRegExp.test(csp)) 845 if (csp && Filter.invalidCSPRegExp.test(csp))
845 return new InvalidFilter(origText, "filter_invalid_csp"); 846 return new InvalidFilter(origText, "filter_invalid_csp");
846 847
847 return new BlockingFilter(origText, text, contentType, matchCase, domains, 848 return new BlockingFilter(origText, text, contentType, matchCase, domains,
(...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after
1113 */ 1114 */
1114 function ElemHideEmulationFilter(text, domains, selector) 1115 function ElemHideEmulationFilter(text, domains, selector)
1115 { 1116 {
1116 ElemHideBase.call(this, text, domains, selector); 1117 ElemHideBase.call(this, text, domains, selector);
1117 } 1118 }
1118 exports.ElemHideEmulationFilter = ElemHideEmulationFilter; 1119 exports.ElemHideEmulationFilter = ElemHideEmulationFilter;
1119 1120
1120 ElemHideEmulationFilter.prototype = extend(ElemHideBase, { 1121 ElemHideEmulationFilter.prototype = extend(ElemHideBase, {
1121 type: "elemhideemulation" 1122 type: "elemhideemulation"
1122 }); 1123 });
LEFTRIGHT

Powered by Google App Engine
This is Rietveld