Revision 692577bb
Added by jahoti about 2 years ago
content/main.js | ||
---|---|---|
2 | 2 |
* Myext main content script run in all frames |
3 | 3 |
* |
4 | 4 |
* Copyright (C) 2021 Wojtek Kosior |
5 |
* Copyright (C) 2021 jahoti |
|
5 | 6 |
* Redistribution terms are gathered in the `copyright' file. |
6 | 7 |
*/ |
7 | 8 |
|
... | ... | |
10 | 11 |
* IMPORT handle_page_actions |
11 | 12 |
* IMPORT url_item |
12 | 13 |
* IMPORT url_extract_target |
14 |
* IMPORT url_extract_policy |
|
13 | 15 |
* IMPORT gen_unique |
16 |
* IMPORT gen_nonce |
|
14 | 17 |
* IMPORT csp_rule |
15 | 18 |
* IMPORT is_privileged_url |
16 | 19 |
* IMPORT sanitize_attributes |
... | ... | |
32 | 35 |
* urls has not yet been added to the extension. |
33 | 36 |
*/ |
34 | 37 |
|
35 |
let url = url_item(document.URL); |
|
36 |
let unique = gen_unique(url); |
|
37 |
|
|
38 |
|
|
39 |
function is_http() |
|
40 |
{ |
|
41 |
return !!/^https?:\/\//i.exec(document.URL); |
|
42 |
} |
|
43 |
|
|
44 |
function is_whitelisted() |
|
45 |
{ |
|
46 |
const parsed_url = url_extract_target(document.URL); |
|
47 |
|
|
48 |
if (parsed_url.target !== undefined && |
|
49 |
parsed_url.target === '#' + unique) { |
|
50 |
if (parsed_url.target2 !== undefined) |
|
51 |
window.location.href = parsed_url.base_url + parsed_url.target2; |
|
52 |
else |
|
53 |
history.replaceState(null, "", parsed_url.base_url); |
|
54 |
|
|
55 |
return true; |
|
56 |
} |
|
57 |
|
|
58 |
return false; |
|
59 |
} |
|
60 |
|
|
61 | 38 |
function handle_mutation(mutations, observer) |
62 | 39 |
{ |
63 | 40 |
if (document.readyState === 'complete') { |
... | ... | |
113 | 90 |
|
114 | 91 |
let meta = document.createElement("meta"); |
115 | 92 |
meta.setAttribute("http-equiv", "Content-Security-Policy"); |
116 |
meta.setAttribute("content", csp_rule(unique));
|
|
93 |
meta.setAttribute("content", csp_rule(nonce));
|
|
117 | 94 |
|
118 | 95 |
if (head.firstElementChild === null) |
119 | 96 |
head.appendChild(meta); |
... | ... | |
122 | 99 |
} |
123 | 100 |
|
124 | 101 |
if (!is_privileged_url(document.URL)) { |
102 |
const targets = url_extract_policy(document.URL); |
|
103 |
targets.policy = targets.policy || {}; |
|
104 |
const nonce = targets.policy.nonce || gen_nonce(); |
|
105 |
|
|
106 |
if (targets.signed) |
|
107 |
if (targets.target2 !== undefined) |
|
108 |
window.location.href = targets.base_url + targets.target2; |
|
109 |
else |
|
110 |
history.replaceState(null, "", targets.base_url); |
|
111 |
|
|
125 | 112 |
start_activity_info_server(); |
126 |
handle_page_actions(unique);
|
|
113 |
handle_page_actions(nonce);
|
|
127 | 114 |
|
128 |
if (is_http()) { |
|
129 |
/* rely on CSP injected through webRequest */ |
|
130 |
} else if (is_whitelisted()) { |
|
131 |
/* do not block scripts at all */ |
|
132 |
} else { |
|
115 |
if (!targets.policy.allow) { |
|
133 | 116 |
block_nodes_recursively(document.documentElement); |
134 | 117 |
|
135 | 118 |
if (is_chrome) { |
Also available in: Unified diff
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a structure. While the details still need to be worked out, the
potential for future expansion is there.