Revision 014f2a2f
Added by koszko about 2 years ago
| content/main.js | ||
|---|---|---|
| 9 | 9 |
/* |
| 10 | 10 |
* IMPORTS_START |
| 11 | 11 |
* IMPORT handle_page_actions |
| 12 |
* IMPORT url_extract_target |
|
| 13 |
* IMPORT gen_unique |
|
| 12 |
* IMPORT extract_signed |
|
| 14 | 13 |
* IMPORT gen_nonce |
| 15 | 14 |
* IMPORT csp_rule |
| 16 | 15 |
* IMPORT is_privileged_url |
| ... | ... | |
| 98 | 97 |
} |
| 99 | 98 |
|
| 100 | 99 |
if (!is_privileged_url(document.URL)) {
|
| 101 |
const targets = url_extract_target(document.URL); |
|
| 102 |
if (targets.policy) {
|
|
| 103 |
if (targets.target2) |
|
| 104 |
window.location.href = targets.base_url + targets.target2; |
|
| 105 |
else |
|
| 106 |
history.replaceState(null, "", targets.base_url); |
|
| 100 |
const reductor = |
|
| 101 |
(ac, [_, sig, pol]) => ac[0] && ac || [extract_signed(sig, pol), sig]; |
|
| 102 |
const matches = [...document.cookie.matchAll(/hachette-(\w*)=([^;]*)/g)]; |
|
| 103 |
let [policy, signature] = matches.reduce(reductor, []); |
|
| 104 |
|
|
| 105 |
console.log("extracted policy", [signature, policy]);
|
|
| 106 |
if (!policy || policy.url !== document.URL) {
|
|
| 107 |
console.log("using default policy");
|
|
| 108 |
policy = {allow: false, nonce: gen_nonce()};
|
|
| 107 | 109 |
} |
| 108 | 110 |
|
| 109 |
const policy = targets.current ? targets.policy : {};
|
|
| 111 |
if (signature) |
|
| 112 |
document.cookie = `hachette-${signature}=; Max-Age=-1;`;
|
|
| 110 | 113 |
|
| 111 |
nonce = policy.nonce || gen_nonce(); |
|
| 112 |
handle_page_actions(nonce); |
|
| 114 |
handle_page_actions(policy.nonce); |
|
| 113 | 115 |
|
| 114 | 116 |
if (!policy.allow) {
|
| 115 | 117 |
block_nodes_recursively(document.documentElement); |
Also available in: Unified diff
implement smuggling via cookies instead of URL