Revision 692577bb
Added by jahoti about 2 years ago
| content/main.js | ||
|---|---|---|
| 2 | 2 |
* Myext main content script run in all frames |
| 3 | 3 |
* |
| 4 | 4 |
* Copyright (C) 2021 Wojtek Kosior |
| 5 |
* Copyright (C) 2021 jahoti |
|
| 5 | 6 |
* Redistribution terms are gathered in the `copyright' file. |
| 6 | 7 |
*/ |
| 7 | 8 |
|
| ... | ... | |
| 10 | 11 |
* IMPORT handle_page_actions |
| 11 | 12 |
* IMPORT url_item |
| 12 | 13 |
* IMPORT url_extract_target |
| 14 |
* IMPORT url_extract_policy |
|
| 13 | 15 |
* IMPORT gen_unique |
| 16 |
* IMPORT gen_nonce |
|
| 14 | 17 |
* IMPORT csp_rule |
| 15 | 18 |
* IMPORT is_privileged_url |
| 16 | 19 |
* IMPORT sanitize_attributes |
| ... | ... | |
| 32 | 35 |
* urls has not yet been added to the extension. |
| 33 | 36 |
*/ |
| 34 | 37 |
|
| 35 |
let url = url_item(document.URL); |
|
| 36 |
let unique = gen_unique(url); |
|
| 37 |
|
|
| 38 |
|
|
| 39 |
function is_http() |
|
| 40 |
{
|
|
| 41 |
return !!/^https?:\/\//i.exec(document.URL); |
|
| 42 |
} |
|
| 43 |
|
|
| 44 |
function is_whitelisted() |
|
| 45 |
{
|
|
| 46 |
const parsed_url = url_extract_target(document.URL); |
|
| 47 |
|
|
| 48 |
if (parsed_url.target !== undefined && |
|
| 49 |
parsed_url.target === '#' + unique) {
|
|
| 50 |
if (parsed_url.target2 !== undefined) |
|
| 51 |
window.location.href = parsed_url.base_url + parsed_url.target2; |
|
| 52 |
else |
|
| 53 |
history.replaceState(null, "", parsed_url.base_url); |
|
| 54 |
|
|
| 55 |
return true; |
|
| 56 |
} |
|
| 57 |
|
|
| 58 |
return false; |
|
| 59 |
} |
|
| 60 |
|
|
| 61 | 38 |
function handle_mutation(mutations, observer) |
| 62 | 39 |
{
|
| 63 | 40 |
if (document.readyState === 'complete') {
|
| ... | ... | |
| 113 | 90 |
|
| 114 | 91 |
let meta = document.createElement("meta");
|
| 115 | 92 |
meta.setAttribute("http-equiv", "Content-Security-Policy");
|
| 116 |
meta.setAttribute("content", csp_rule(unique));
|
|
| 93 |
meta.setAttribute("content", csp_rule(nonce));
|
|
| 117 | 94 |
|
| 118 | 95 |
if (head.firstElementChild === null) |
| 119 | 96 |
head.appendChild(meta); |
| ... | ... | |
| 122 | 99 |
} |
| 123 | 100 |
|
| 124 | 101 |
if (!is_privileged_url(document.URL)) {
|
| 102 |
const targets = url_extract_policy(document.URL); |
|
| 103 |
targets.policy = targets.policy || {};
|
|
| 104 |
const nonce = targets.policy.nonce || gen_nonce(); |
|
| 105 |
|
|
| 106 |
if (targets.signed) |
|
| 107 |
if (targets.target2 !== undefined) |
|
| 108 |
window.location.href = targets.base_url + targets.target2; |
|
| 109 |
else |
|
| 110 |
history.replaceState(null, "", targets.base_url); |
|
| 111 |
|
|
| 125 | 112 |
start_activity_info_server(); |
| 126 |
handle_page_actions(unique);
|
|
| 113 |
handle_page_actions(nonce);
|
|
| 127 | 114 |
|
| 128 |
if (is_http()) {
|
|
| 129 |
/* rely on CSP injected through webRequest */ |
|
| 130 |
} else if (is_whitelisted()) {
|
|
| 131 |
/* do not block scripts at all */ |
|
| 132 |
} else {
|
|
| 115 |
if (!targets.policy.allow) {
|
|
| 133 | 116 |
block_nodes_recursively(document.documentElement); |
| 134 | 117 |
|
| 135 | 118 |
if (is_chrome) {
|
Also available in: Unified diff
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a structure. While the details still need to be worked out, the
potential for future expansion is there.