inject.preload.js - Issue 29807586: Issue 6744 - Fixed wrapper injection on Chrome 67

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments.

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Side by Side Diff: inject.preload.js

Issue 29807586: Issue 6744 - Fixed wrapper injection on Chrome 67 (Closed)

Patch Set: Created June 14, 2018, 8:53 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * This file is part of Adblock Plus <https://adblockplus.org/>,	2 * This file is part of Adblock Plus <https://adblockplus.org/>,

3 * Copyright (C) 2006-present eyeo GmbH	3 * Copyright (C) 2006-present eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

(...skipping 345 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
356 }	356 }

357	357

358 if (document instanceof HTMLDocument)	358 if (document instanceof HTMLDocument)

359 {	359 {

360 let sandbox = window.frameElement &&	360 let sandbox = window.frameElement &&

361 window.frameElement.getAttribute("sandbox");	361 window.frameElement.getAttribute("sandbox");

362	362

363 if (typeof sandbox != "string" \|\| /(^\|\s)allow-scripts(\s\|$)/i.test(sandbox))	363 if (typeof sandbox != "string" \|\| /(^\|\s)allow-scripts(\s\|$)/i.test(sandbox))

364 {	364 {

365 let script = document.createElement("script");	365 let script = document.createElement("script");

	366 let code = "(" + injected + ")('" + randomEventName + "');";

	367

366 script.type = "application/javascript";	368 script.type = "application/javascript";

367 script.async = false;	369 script.async = false;

368 // Firefox 58 only bypasses site CSPs when assigning to 'src'.	370

369 let url = URL.createObjectURL(new Blob([	371 // Firefox 58 only bypasses site CSPs when assigning to 'src',

370 "(" + injected + ")('" + randomEventName + "');"	372 // while Chrome 67 only bypasses site CSPs when using 'textContent'.

371 ]));	373 if (browser.runtime.getURL("").startsWith("chrome-extension://"))
	Sebastian Noack 2018/06/14 21:03:09 FWIW, I'm not too happy with this check, but I don FWIW, I'm not too happy with this check, but I don't have a better idea. Ideally, we'd just try to load the script from the blob: URL and then fall back to textContent, but while this would fix the wrapper, there still would be a failed request logged to the console. kzar 2018/06/15 07:52:07 Acknowledged. Show quoted text On 2018/06/14 21:03:09, Sebastian Noack wrote: > FWIW, I'm not too happy with this check, but I don't have a better idea. > Ideally, we'd just try to load the script from the blob: URL and then fall back > to textContent, but while this would fix the wrapper, there still would be a > failed request logged to the console. Acknowledged.
372 script.src = url;	374 {

373 document.documentElement.appendChild(script);	375 script.textContent = code;

	376 document.documentElement.appendChild(script);

	377 }

	378 else

	379 {

	380 let url = URL.createObjectURL(new Blob([code]));

	381 script.src = url;

	382 document.documentElement.appendChild(script);

	383 URL.revokeObjectURL(url);

	384 }

	385

374 document.documentElement.removeChild(script);	386 document.documentElement.removeChild(script);

375 URL.revokeObjectURL(url);

376 }	387 }

377 }	388 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »