Index: lib/elemHide.js |
=================================================================== |
--- a/lib/elemHide.js |
+++ b/lib/elemHide.js |
@@ -472,29 +472,41 @@ |
// this could still lead to some selectors not working on Chromium, but it is |
// highly unlikely. |
// See issue #6298 and https://crbug.com/804179 |
for (let i = 0; i < selectors.length; i += selectorGroupSize) |
yield selectors.slice(i, i + selectorGroupSize); |
} |
/** |
+ * Escapes curly braces to prevent CSS rule injection. |
+ * |
+ * @param {string} selector |
+ * @returns {string} |
+ */ |
+function escapeSelector(selector) |
+{ |
+ return selector.replace("{", "\\7B ").replace("}", "\\7D "); |
+} |
+ |
+/** |
* Creates an element hiding CSS rule for a given list of selectors. |
* |
* @param {Array.<string>} selectors |
* @returns {string} |
*/ |
function createRule(selectors) |
{ |
let rule = ""; |
for (let i = 0; i < selectors.length - 1; i++) |
- rule += selectors[i] + ", "; |
+ rule += escapeSelector(selectors[i]) + ", "; |
Manish Jethani
2019/02/14 04:40:21
Performance-wise this additional code seems to be
|
- rule += selectors[selectors.length - 1] + " {display: none !important;}\n"; |
+ rule += escapeSelector(selectors[selectors.length - 1]) + |
+ " {display: none !important;}\n"; |
return rule; |
} |
/** |
* Creates an element hiding CSS style sheet from a given list of selectors. |
* @param {Array.<string>} selectors |
* @returns {string} |