include.postload.js - Issue 4935175632846848: Issue 1527 - Properly escape generated CSS selectors

Side by Side Diff: include.postload.js

Issue 4935175632846848: Issue 1527 - Properly escape generated CSS selectors (Closed)

Patch Set: Addressed comments Created Nov. 5, 2014, 6:08 p.m.

Left:
Right:

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * This file is part of Adblock Plus <http://adblockplus.org/>,	2 * This file is part of Adblock Plus <http://adblockplus.org/>,

3 * Copyright (C) 2006-2014 Eyeo GmbH	3 * Copyright (C) 2006-2014 Eyeo GmbH

4 *	4 *

5 * Adblock Plus is free software: you can redistribute it and/or modify	5 * Adblock Plus is free software: you can redistribute it and/or modify

6 * it under the terms of the GNU General Public License version 3 as	6 * it under the terms of the GNU General Public License version 3 as

7 * published by the Free Software Foundation.	7 * published by the Free Software Foundation.

8 *	8 *

9 * Adblock Plus is distributed in the hope that it will be useful,	9 * Adblock Plus is distributed in the hope that it will be useful,

10 * but WITHOUT ANY WARRANTY; without even the implied warranty of	10 * but WITHOUT ANY WARRANTY; without even the implied warranty of

11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the	11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

12 * GNU General Public License for more details.	12 * GNU General Public License for more details.

13 *	13 *

14 * You should have received a copy of the GNU General Public License	14 * You should have received a copy of the GNU General Public License

15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.	15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.

16 */	16 */

17	17

18 // Click-to-hide stuff	18 // Click-to-hide stuff

19 var clickHide_activated = false;	19 var clickHide_activated = false;

20 var clickHide_filters = null;	20 var clickHide_filters = null;

21 var currentElement = null;	21 var currentElement = null;

22 var clickHideFilters = null;	22 var clickHideFilters = null;

23 var highlightedElementsSelector = null;	23 var highlightedElementsSelector = null;

24 var clickHideFiltersDialog = null;	24 var clickHideFiltersDialog = null;

25 var lastRightClickEvent = null;	25 var lastRightClickEvent = null;

26	26

	27 var ctrlChar = /[\x00-\x1F\x7F]/g;

	28

	29 function escapeLiteral(chr)

	30 {

	31 return "\\" + chr;

	32 }

	33

	34 function escapeWithCharCode(chr)

	35 {

	36 return "\\" + chr.charCodeAt(0).toString(16) + " ";

	37 }

	38

27 function quote(value)	39 function quote(value)

28 {	40 {

29 return '"' + value.replace(/(["\\])/g, "\\$1") + '"';	41 value = value.replace(/["\\]/g, escapeLiteral);

	42 value = value.replace(ctrlChar, escapeWithCharCode);

	43

	44 return '"' + value + '"';

	45 }

	46

	47 function escapeToken(s)

	48 {

	49 return s.replace(

	50 /^\d\|^-(?![^\d-])\|[^\w-\u0080-\uFFFF]/g,
	Wladimir Palant 2014/11/05 19:56:52 Constructing character classes that deal with larg Constructing character classes that deal with large ranges was highly inefficient last time I tried using them. However, http://jsperf.com/character-classes-performance seems to confirm that there is no significant performance difference in modern browsers (anything below factor 10 doesn't really matter here, performance of this code isn't critical). Sebastian Noack 2014/11/06 08:25:14 You forgot to run the regex, but there still isn't Show quoted text On 2014/11/05 19:56:52, Wladimir Palant wrote: > Constructing character classes that deal with large ranges was highly > inefficient last time I tried using them. However, > http://jsperf.com/character-classes-performance seems to confirm that there is > no significant performance difference in modern browsers (anything below factor > 10 doesn't really matter here, performance of this code isn't critical). You forgot to run the regex, but there still isn't a notable difference: http://jsperf.com/character-classes-performance/2 Wladimir Palant 2014/11/06 14:13:59 No, I didn't intend to run it - the slowdown I kno Show quoted text On 2014/11/06 08:25:14, Sebastian Noack wrote: > You forgot to run the regex, but there still isn't a notable difference: > http://jsperf.com/character-classes-performance/2 No, I didn't intend to run it - the slowdown I know happened during initialization.
	51

	52 function(chr)

	53 {

	54 if (ctrlChar.test(chr) \|\| /\d/.test(chr))

	55 return escapeWithCharCode(chr);

	56

	57 return escapeLiteral(chr);

	58 }

	59 );

30 }	60 }

31	61

32 function supportsShadowRoot(element)	62 function supportsShadowRoot(element)

33 {	63 {

34 if (!("createShadowRoot" in element))	64 if (!("createShadowRoot" in element))

35 return false;	65 return false;

36	66

37 // There are some elements (e.g. <textarea>), which don't	67 // There are some elements (e.g. <textarea>), which don't

38 // support author created shadow roots and throw an exception.	68 // support author created shadow roots and throw an exception.

39 var clone = element.cloneNode(false);	69 var clone = element.cloneNode(false);

(...skipping 329 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
369 var elt = currentElement;	399 var elt = currentElement;

370 var url = null;	400 var url = null;

371 if (currentElement.classList.contains("__adblockplus__overlay"))	401 if (currentElement.classList.contains("__adblockplus__overlay"))

372 {	402 {

373 elt = currentElement.prisoner;	403 elt = currentElement.prisoner;

374 url = currentElement.prisonerURL;	404 url = currentElement.prisonerURL;

375 }	405 }

376 else if (elt.src)	406 else if (elt.src)

377 url = elt.src;	407 url = elt.src;

378	408

379 // Construct filters. The popup will retrieve these.

380 // Only one ID

381 var elementId = elt.id ? elt.id.split(' ').join('') : null;

382

383 clickHideFilters = new Array();	409 clickHideFilters = new Array();

384 selectorList = new Array();	410 selectorList = new Array();

385	411

386 var addSelector = function(selector)	412 var addSelector = function(selector)

387 {	413 {

388 clickHideFilters.push(document.domain + "##" + selector);	414 clickHideFilters.push(document.domain + "##" + selector);

389 selectorList.push(selector);	415 selectorList.push(selector);

390 };	416 };

391	417

392 if (elementId)	418 if (elt.id)

393 addSelector("#" + elementId);	419 addSelector("#" + escapeToken(elt.id));

394	420

395 if (elt.classList.length > 0)	421 if (elt.classList.length > 0)

396 {	422 {

397 var selector = "";	423 var selector = "";

398	424

399 for (var i = 0; i < elt.classList.length; i++)	425 for (var i = 0; i < elt.classList.length; i++)

400 selector += "." + elt.classList[i].replace(/([^\w-])/g, "\\$1");	426 selector += "." + escapeToken(elt.classList[i]);

401	427

402 addSelector(selector);	428 addSelector(selector);

403 }	429 }

404	430

405 if (url)	431 if (url)

406 {	432 {

407 var src = elt.getAttribute("src");	433 var src = elt.getAttribute("src");

408 var selector = src && elt.localName + '[src=' + quote(src) + ']';	434 var selector = src && escapeToken(elt.localName) + '[src=' + quote(src) + '] ';

409	435

410 if (/^https?:/i.test(url))	436 if (/^https?:/i.test(url))

411 {	437 {

412 clickHideFilters.push(url.replace(/^[\w\-]+:\/+(?:www\.)?/, "\|\|"));	438 clickHideFilters.push(url.replace(/^[\w\-]+:\/+(?:www\.)?/, "\|\|"));

413	439

414 if (selector)	440 if (selector)

415 selectorList.push(selector);	441 selectorList.push(selector);

416 }	442 }

417 else if (selector)	443 else if (selector)

418 addSelector(selector);	444 addSelector(selector);

419 }	445 }

420	446

421 // restore the original style, before generating the fallback filter that	447 // restore the original style, before generating the fallback filter that

422 // will include the style, and to prevent highlightElements from saving those	448 // will include the style, and to prevent highlightElements from saving those

423 unhighlightElement(currentElement);	449 unhighlightElement(currentElement);

424	450

425 // as last resort, create a filter based on inline styles	451 // as last resort, create a filter based on inline styles

426 if (clickHideFilters.length == 0)	452 if (clickHideFilters.length == 0)

427 {	453 {

428 var style = elt.getAttribute("style");	454 var style = elt.getAttribute("style");

429 if (style)	455 if (style)

430 addSelector(elt.localName + '[style=' + quote(style) + ']');	456 addSelector(escapeToken(elt.localName) + '[style=' + quote(style) + ']');

431 }	457 }

432	458

433 // Show popup	459 // Show popup

434 clickHide_showDialog(e.clientX, e.clientY, clickHideFilters);	460 clickHide_showDialog(e.clientX, e.clientY, clickHideFilters);

435	461

436 // Highlight the elements specified by selector in yellow	462 // Highlight the elements specified by selector in yellow

437 highlightElements(selectorList.join(","));	463 highlightElements(selectorList.join(","));

438 // Now, actually highlight the element the user clicked on in red	464 // Now, actually highlight the element the user clicked on in red

439 highlightElement(currentElement, "#fd1708", "#f6a1b5");	465 highlightElement(currentElement, "#fd1708", "#f6a1b5");

440	466

(...skipping 218 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
659 break;	685 break;

660 default:	686 default:

661 sendResponse({});	687 sendResponse({});

662 break;	688 break;

663 }	689 }

664 });	690 });

665	691

666 if (window == window.top)	692 if (window == window.top)

667 ext.backgroundPage.sendMessage({type: "report-html-page"});	693 ext.backgroundPage.sendMessage({type: "report-html-page"});

668 }	694 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »