Revision 014f2a2f
Added by koszko about 2 years ago
content/main.js | ||
---|---|---|
9 | 9 |
/* |
10 | 10 |
* IMPORTS_START |
11 | 11 |
* IMPORT handle_page_actions |
12 |
* IMPORT url_extract_target |
|
13 |
* IMPORT gen_unique |
|
12 |
* IMPORT extract_signed |
|
14 | 13 |
* IMPORT gen_nonce |
15 | 14 |
* IMPORT csp_rule |
16 | 15 |
* IMPORT is_privileged_url |
... | ... | |
98 | 97 |
} |
99 | 98 |
|
100 | 99 |
if (!is_privileged_url(document.URL)) { |
101 |
const targets = url_extract_target(document.URL); |
|
102 |
if (targets.policy) { |
|
103 |
if (targets.target2) |
|
104 |
window.location.href = targets.base_url + targets.target2; |
|
105 |
else |
|
106 |
history.replaceState(null, "", targets.base_url); |
|
100 |
const reductor = |
|
101 |
(ac, [_, sig, pol]) => ac[0] && ac || [extract_signed(sig, pol), sig]; |
|
102 |
const matches = [...document.cookie.matchAll(/hachette-(\w*)=([^;]*)/g)]; |
|
103 |
let [policy, signature] = matches.reduce(reductor, []); |
|
104 |
|
|
105 |
console.log("extracted policy", [signature, policy]); |
|
106 |
if (!policy || policy.url !== document.URL) { |
|
107 |
console.log("using default policy"); |
|
108 |
policy = {allow: false, nonce: gen_nonce()}; |
|
107 | 109 |
} |
108 | 110 |
|
109 |
const policy = targets.current ? targets.policy : {}; |
|
111 |
if (signature) |
|
112 |
document.cookie = `hachette-${signature}=; Max-Age=-1;`; |
|
110 | 113 |
|
111 |
nonce = policy.nonce || gen_nonce(); |
|
112 |
handle_page_actions(nonce); |
|
114 |
handle_page_actions(policy.nonce); |
|
113 | 115 |
|
114 | 116 |
if (!policy.allow) { |
115 | 117 |
block_nodes_recursively(document.documentElement); |
Also available in: Unified diff
implement smuggling via cookies instead of URL