Issue 6733 - Allow empty values in filter options

lib/filterClasses.js

Index: lib/filterClasses.js
===================================================================
--- a/lib/filterClasses.js
+++ b/lib/filterClasses.js
@@ -92,17 +92,17 @@
  * Regular expression that RegExp filters specified as RegExps should match
  * @type {RegExp}
  */
 Filter.regexpRegExp = /^(@@)?\/.*\/(?:\$~?[\w-]+(?:=[^,\s]+)?(?:,~?[\w-]+(?:=[^,\s]+)?)*)?$/;
 /**
  * Regular expression that options on a RegExp filter should match
  * @type {RegExp}
  */
-Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,]+)?(?:,~?[\w-]+(?:=[^,]+)?)*)$/;
+Filter.optionsRegExp = /\$(~?[\w-]+(?:=[^,]*)?(?:,~?[\w-]+(?:=[^,]*)?)*)$/;
 /**
  * Regular expression that matches an invalid Content Security Policy
  * @type {RegExp}
  */
 Filter.invalidCSPRegExp = /(;|^) ?(base-uri|referrer|report-to|report-uri|upgrade-insecure-requests)\b/i;
 
 /**
  * Creates a filter of correct type from its text representation - does the
@@ -584,17 +584,17 @@
   ActiveFilter.call(this, text, domains, sitekeys);
 
   if (contentType != null)
     this.contentType = contentType;
   if (matchCase)
     this.matchCase = matchCase;
   if (thirdParty != null)
     this.thirdParty = thirdParty;
-  if (sitekeys != null)

[kzar, 2018/06/07 13:21:56]

How come you remove this check here, but add it for some of the options later?

[Manish Jethani, 2018/06/25 13:13:44]

There's an explanation, but no longer relevant.

+  if (sitekeys)
     this.sitekeySource = sitekeys;
 
   if (regexpSource.length >= 2 &&
       regexpSource[0] == "/" &&
       regexpSource[regexpSource.length - 1] == "/")
   {
     // The filter is a regular expression - convert it immediately to
     // catch syntax errors
@@ -770,29 +770,29 @@
         if (contentType == null)
           ({contentType} = RegExpFilter.prototype);
         contentType &= ~RegExpFilter.typeMap[option.substr(1)];
       }
       else if (option == "MATCH_CASE")
         matchCase = true;
       else if (option == "~MATCH_CASE")
         matchCase = false;
-      else if (option == "DOMAIN" && value)
+      else if (option == "DOMAIN" && value != null)
         domains = value.toUpperCase();
       else if (option == "THIRD_PARTY")
         thirdParty = true;
       else if (option == "~THIRD_PARTY")
         thirdParty = false;
       else if (option == "COLLAPSE")
         collapse = true;
       else if (option == "~COLLAPSE")
         collapse = false;
-      else if (option == "SITEKEY" && value)
+      else if (option == "SITEKEY" && value != null)
         sitekeys = value.toUpperCase();
-      else if (option == "REWRITE" && value)
+      else if (option == "REWRITE" && value != null)

[kzar, 2018/06/07 13:21:56]

Come to think of it, why don't we just allow the $rewrite option to be used
without the =? Then we don't have to mess with the regular expression or other
logic? I figure we could do something like this:

else if (option == "REWRITE")
  rewrite = value || "";

[Manish Jethani, 2018/06/25 13:13:44]

We could do that but it would be weird to allow $rewrite without a value but
still disallow blank values. What do you think? Anyway, this version of the
patch just allows `$rewrite=` but not just `$rewrite`.

         rewrite = value;
       else
         return new InvalidFilter(origText, "filter_unknown_option");
     }
   }
 
   // For security reasons, never match $rewrite filters
   // against requests that might load any code to be executed.