Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: lib/content/snippets.js

Issue 29828610: Issue 6791 - Implement abort-current-inline-script snippet (Closed) Base URL: https://hg.adblockplus.org/adblockpluscore/
Patch Set: Rebase Created July 13, 2018, 1 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * This file is part of Adblock Plus <https://adblockplus.org/>, 2 * This file is part of Adblock Plus <https://adblockplus.org/>,
3 * Copyright (C) 2006-present eyeo GmbH 3 * Copyright (C) 2006-present eyeo GmbH
4 * 4 *
5 * Adblock Plus is free software: you can redistribute it and/or modify 5 * Adblock Plus is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3 as 6 * it under the terms of the GNU General Public License version 3 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 * 8 *
9 * Adblock Plus is distributed in the hope that it will be useful, 9 * Adblock Plus is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details. 12 * GNU General Public License for more details.
13 * 13 *
14 * You should have received a copy of the GNU General Public License 14 * You should have received a copy of the GNU General Public License
15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>. 15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.
16 */ 16 */
17 17
18 /* eslint-env webextensions */ 18 /* eslint-env webextensions */
19 /* eslint no-console: "off" */ 19 /* eslint no-console: "off" */
20 20
21 "use strict"; 21 "use strict";
22 22
23 function regexEscape(s)
24 {
25 return s.replace(/[-/\\^$*+?.()|[\]{}]/g, "\\$&");
26 }
27
28 function findProperty(path, root = window)
29 {
30 let owner = root;
31
32 let chain = path.split(".");
33 let property = chain.pop();
34
35 for (let name of chain)
36 {
37 if (!owner)
38 break;
39
40 owner = owner[name];
41 }
42
43 if (!owner)
44 return null;
45
46 return {owner, property};
47 }
48
49 function injectPropertyAccessValidator(object, property, validate)
50 {
51 let value = object[property];
52
53 Object.defineProperty(object, property, {
54 get()
55 {
56 validate();
57 return value;
58 },
59 set(newValue)
60 {
61 validate();
62 value = newValue;
63 }
64 });
65 }
66
23 function injectCode(code) 67 function injectCode(code)
24 { 68 {
25 let script = document.createElement("script"); 69 let script = document.createElement("script");
26 70
27 script.type = "application/javascript"; 71 script.type = "application/javascript";
28 script.async = false; 72 script.async = false;
29 73
30 // Firefox 58 only bypasses site CSPs when assigning to 'src', 74 // Firefox 58 only bypasses site CSPs when assigning to 'src',
31 // while Chrome 67 only bypasses site CSPs when using 'textContent'. 75 // while Chrome 67 only bypasses site CSPs when using 'textContent'.
32 if (browser.runtime.getURL("").startsWith("chrome-extension://")) 76 if (browser.runtime.getURL("").startsWith("chrome-extension://"))
(...skipping 15 matching lines...) Expand all
48 function stringifyFunctionCall(func, ...params) 92 function stringifyFunctionCall(func, ...params)
49 { 93 {
50 return `"use strict";(${func})(${params.map(JSON.stringify).join(",")});`; 94 return `"use strict";(${func})(${params.map(JSON.stringify).join(",")});`;
51 } 95 }
52 96
53 function makeInjector(injectable) 97 function makeInjector(injectable)
54 { 98 {
55 return (...args) => injectCode(stringifyFunctionCall(injectable, ...args)); 99 return (...args) => injectCode(stringifyFunctionCall(injectable, ...args));
56 } 100 }
57 101
102 function getMagic()
103 {
104 return String.fromCharCode(Date.now() % 26 + 97) +
105 Math.floor(Math.random() * 982451653 + 982451653).toString(36);
106 }
107
108 function suppressMagicError(magic)
109 {
110 let {onerror} = window;
111 window.onerror = function(message, ...rest)
kzar 2018/07/16 16:33:15 The content script part of our snippet already run
112 {
113 if (typeof message == "string" && message.includes(magic))
114 return true;
115
116 if (typeof onerror instanceof Function)
117 return onerror.call(this, message, ...rest);
118 };
119 }
120
58 function log(...args) 121 function log(...args)
59 { 122 {
60 console.log(...args); 123 console.log(...args);
61 } 124 }
62 125
63 exports.log = log; 126 exports.log = log;
64 127
65 // This is an implementation of the uabinject-defuser technique used by uBlock 128 // This is an implementation of the uabinject-defuser technique used by uBlock
66 // Origin 129 // Origin
67 // https://github.com/uBlockOrigin/uAssets/blob/c091f861b63cd2254b8e9e4628f6bdcd 89d43caa/filters/resources.txt#L640 130 // https://github.com/uBlockOrigin/uAssets/blob/c091f861b63cd2254b8e9e4628f6bdcd 89d43caa/filters/resources.txt#L640
68 function uabinjectDefuser() 131 function uabinjectDefuser()
69 { 132 {
70 window.trckd = true; 133 window.trckd = true;
71 window.uabpdl = true; 134 window.uabpdl = true;
72 window.uabInject = true; 135 window.uabInject = true;
73 window.uabDetect = true; 136 window.uabDetect = true;
74 } 137 }
75 138
76 exports["uabinject-defuser"] = makeInjector(uabinjectDefuser); 139 exports["uabinject-defuser"] = makeInjector(uabinjectDefuser);
140
141 // This is an implementation of the abort-current-inline-script technique used
142 // by uBlock Origin
143 // https://github.com/uBlockOrigin/uAssets/blob/68cf8a364fb55deb96264c4e546b58f4 c851d782/filters/resources.txt#L1943
144 function abortCurrentInlineScript(target, needle)
kzar 2018/07/16 16:33:15 Could you give me an example of `target` and `need
145 {
146 if (!target)
147 return;
148
149 let re = null;
150
151 if (needle)
152 {
153 re = new RegExp(/^\/.+\/$/.test(needle) ?
154 needle.slice(1, -1) :
155 regexEscape(needle));
156 }
157
158 let {owner, property} = findProperty(target) || {};
159
160 if (!owner)
161 return;
162
163 let descriptor = Object.getOwnPropertyDescriptor(owner, property);
164 if (descriptor && descriptor.get)
kzar 2018/07/16 16:33:15 What's the idea with this check?
165 return;
166
167 let magic = getMagic();
168
169 injectPropertyAccessValidator(owner, property, () =>
170 {
171 let element = document.currentScript;
172 if (element instanceof HTMLScriptElement &&
173 element.src == "" && (!re || re.test(element.textContent)))
174 {
175 throw new ReferenceError(magic);
kzar 2018/07/16 16:33:15 How come you've used `ReferenceError` out of inter
176 }
177 });
178
179 suppressMagicError(magic);
180 }
181
182 exports["abort-current-inline-script"] = makeInjector(abortCurrentInlineScript);
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld