/ - Diff - Haketilo - Hydrilla issue tracker

« Previous | Next »

Revision d09b7ee1

Added by koszko about 2 years ago

ID d09b7ee10541b5a81430d2e11abb3a9a09643ade
Parent 3d0efa15
Child 6b53d6c8

sanitize `' tags containing CSP rules under Chromium

This commit adds a mechanism of hijacking document when it loads and injecting sanitized nodes to the DOM from the level of content script.

      * IMPORT query_best
      * IMPORT sanitize_csp_header
      * IMPORT csp_rule
      * IMPORT is_csp_header_name
      * IMPORTS_END
      */
     var storage;
     const csp_header_names = new Set([
         "content-security-policy",
         "x-webkit-csp",
         "x-content-security-policy"
     ]);
     const report_only = "content-security-policy-report-only";
     function headers_inject(details)
+    {
         const url = details.url;
-...
         const [pattern, settings] = query_best(storage, url);
         const allow = !!(settings && settings.allow);
         const nonce = gen_nonce();
         const rule = `'nonce-${nonce}'`;
         let orig_csp_headers;
         let old_signature;
-...
+        }
         orig_csp_headers = orig_csp_headers ||
     	headers.filter(h => csp_header_names.has(h.name.toLowerCase()));
         headers = headers.filter(h => !csp_header_names.has(h.name.toLowerCase()));
     	headers.filter(h => is_csp_header_name(h.name));
         /* Remove headers that only snitch on us */
         if (!allow)
     	headers = headers.filter(h => h.name.toLowerCase() !== report_only);
         /* When blocking remove report-only CSP headers that snitch on us. */
         headers = headers.filter(h => !is_csp_header_name(h.name, !allow));
         if (old_signature)
     	headers = headers.filter(h => h.name.search(old_signature) === -1);
         const sanitizer = h => sanitize_csp_header(h, rule, allow);
         const policy_object = {allow, nonce, url};
         const sanitizer = h => sanitize_csp_header(h, policy_object);
         headers.push(...orig_csp_headers.map(sanitizer));
         const policy = encodeURIComponent(JSON.stringify({allow, nonce, url}));
         const policy = encodeURIComponent(JSON.stringify(policy_object));
         const policy_signature = sign_data(policy, new Date());
         const later_30sec = new Date(new Date().getTime() + 30000).toGMTString();
         headers.push({

         return `script-src ${rule}; script-src-elem ${rule}; script-src-attr 'none'; prefetch-src 'none';`;
+    }
     /* Check if some HTTP header might define CSP rules. */
     const csp_header_names = new Set([
         "content-security-policy",
         "x-webkit-csp",
         "x-content-security-policy"
     ]);
     const report_only_header_name = "content-security-policy-report-only";
     function is_csp_header_name(string, include_report_only)
+    {
         string = string && string.toLowerCase() || "";
         return (include_report_only && string === report_only_header_name) ||
     	csp_header_names.has(string);
+    }
     /*
      * Print item together with type, e.g.
      * nice_name("s", "hello") → "hello (script)"
-...
+    }
     /* Make CSP headers do our bidding, not interfere */
     function sanitize_csp_header(header, rule, allow)
     function sanitize_csp_header(header, policy)
+    {
         const rule = `'nonce-${policy.nonce}'`;
         const csp = parse_csp(header.value);
         if (!allow) {
         if (!policy.allow) {
     	/* No snitching */
     	delete csp['report-to'];
     	delete csp['report-uri'];
-...
         else
     	csp['script-src-elem'] = [rule];
         const new_policy = Object.entries(csp).map(
         const new_csp = Object.entries(csp).map(
     	i => `${i[0]} ${i[1].join(' ')};`
         );
         return {name: header.name, value: new_policy.join('')};
         return {name: header.name, value: new_csp.join('')};
+    }
     /* Regexes and objest to use as/in schemas for parse_json_with_schema(). */
-...
      * EXPORT extract_signed
      * EXPORT sign_data
      * EXPORT csp_rule
      * EXPORT is_csp_header_name
      * EXPORT nice_name
      * EXPORT open_in_settings
      * EXPORT is_privileged_url

      * IMPORT handle_page_actions
      * IMPORT extract_signed
      * IMPORT gen_nonce
      * IMPORT csp_rule
      * IMPORT is_privileged_url
      * IMPORT sanitize_attributes
      * IMPORT mozilla_suppress_scripts
      * IMPORT is_chrome
      * IMPORT is_mozilla
      * IMPORT start_activity_info_server
      * IMPORT modify_on_the_fly
      * IMPORTS_END
      */
     /*
      * Due to some technical limitations the chosen method of whitelisting sites
      * is to smuggle whitelist indicator in page's url as a "magical" string
      * after '#'. Right now this is only supplemental in HTTP(s) pages where
      * blocking of native scripts also happens through CSP header injection but is
      * necessary for protocols like ftp:// and file://.
+     *
      * The code that actually injects the magical string into ftp:// and file://
      * urls has not yet been added to the extension.
      */
     var nonce = undefined;
     function handle_mutation(mutations, observer)
+    {
         if (document.readyState === 'complete') {
     	console.log("mutation handling complete");
     	observer.disconnect();
     	return;
+        }
         for (const mutation of mutations) {
     	for (const node of mutation.addedNodes)
     	    block_node(node);
+        }
+    }
     function block_nodes_recursively(node)
+    {
         block_node(node);
         for (const child of node.children)
     	block_nodes_recursively(child);
+    }
     function block_node(node)
     function accept_node(node, parent)
+    {
         const clone = document.importNode(node, false);
         node.hachette_corresponding = clone;
         /*
          * Modifying <script> element doesn't always prevent its execution in some
          * Mozilla browsers. This is Chromium-specific code.
          * TODO: Stop page's own issues like "Error parsing a meta element's
          * content:" from appearing as extension's errors.
          */
         if (node.tagName === "SCRIPT") {
     	block_script(node);
     	return;
+        }
         sanitize_attributes(node);
         if (node.tagName === "HEAD")
     	inject_csp(node);
+    }
     function block_script(node)
+    {
         /*
          * Disabling scripts this way allows them to still be relatively
          * easily accessed in case they contain some useful data.
          */
         if (node.hasAttribute("type"))
     	node.setAttribute("blocked-type", node.getAttribute("type"));
         node.setAttribute("type", "application/json");
+    }
     function inject_csp(head)
+    {
         let meta = document.createElement("meta");
         meta.setAttribute("http-equiv", "Content-Security-Policy");
         meta.setAttribute("content", csp_rule(nonce));
         if (head.firstElementChild === null)
     	head.appendChild(meta);
         else
     	head.insertBefore(meta, head.firstElementChild);
         parent.hachette_corresponding.appendChild(clone);
+    }
     if (!is_privileged_url(document.URL)) {
-...
         handle_page_actions(policy.nonce);
         if (!policy.allow) {
     	block_nodes_recursively(document.documentElement);
         if (!policy.allow && is_mozilla)
     	addEventListener('beforescriptexecute', mozilla_suppress_scripts, true);
     	if (is_chrome) {
     	    var observer = new MutationObserver(handle_mutation);
     	    observer.observe(document.documentElement, {
     		attributes: true,
     		childList: true,
     		subtree: true
     	    });
+    	}
         if (!policy.allow && is_chrome) {
     	const old_html = document.documentElement;
     	const new_html = document.createElement("html");
     	old_html.replaceWith(new_html);
     	old_html.hachette_corresponding = new_html;
     	if (is_mozilla)
     	    addEventListener('beforescriptexecute', mozilla_suppress_scripts, true);
     	const modify_end =
     	      modify_on_the_fly(old_html, policy, {node_eater: accept_node});
     	document.addEventListener("DOMContentLoaded", modify_end);
+        }
         start_activity_info_server();

     /**
      * Hachette modify HTML document as it loads and reconstruct HTML code from it
+     *
      * Copyright (C) 2021 Wojtek Kosior
      * Redistribution terms are gathered in the `copyright' file.
      */
     /*
      * IMPORTS_START
      * IMPORT gen_nonce
      * IMPORT csp_rule
      * IMPORT is_csp_header_name
      * IMPORT sanitize_csp_header
      * IMPORT sanitize_attributes
      * IMPORTS_END
      */
     /*
      * Functions that sanitize elements. The script blocking measures are, when
      * possible, going to be applied together with CSP rules injected using
      * webRequest.
      */
     const blocked = "blocked";
     function block_attribute(node, attr)
+    {
         /*
          * Disabling attributed this way allows them to still be relatively
          * easily accessed in case they contain some useful data.
          */
         const construct_name = [attr];
         while (node.hasAttribute(construct_name.join("")))
     	construct_name.unshift(blocked);
         while (construct_name.length > 1) {
     	construct_name.shift();
     	const name = construct_name.join("");
     	node.setAttribute(`${blocked}-${name}`, node.getAttribute(name));
+        }
         node.removeAttribute(attr);
+    }
     function sanitize_script(script, policy)
+    {
         if (policy.allow)
     	return;
         block_attribute(script, "type");
         script.setAttribute("type", "application/json");
+    }
     function inject_csp(head, policy)
+    {
         if (policy.allow)
     	return;
         const meta = document.createElement("meta");
         meta.setAttribute("http-equiv", "Content-Security-Policy");
         meta.setAttribute("content", csp_rule(policy.nonce));
         meta.hachette_ignore = true;
         head.prepend(meta);
+    }
     function sanitize_http_equiv_csp_rule(meta, policy)
+    {
         const http_equiv = meta.getAttribute("http-equiv");
         if (!is_csp_header_name(http_equiv, !policy.allow))
     	return;
         if (policy.allow || is_csp_header_name(http_equiv, false)) {
     	let value = meta.getAttribute("content");
     	block_attribute(meta, "content");
     	if (value) {
     	    value = sanitize_csp_header({value}, policy).value;
     	    meta.setAttribute("content", value);
+    	}
     	return;
+        }
         block_attribute(meta, "http-equiv");
+    }
     function sanitize_node(node, policy)
+    {
         if (node.tagName === "SCRIPT")
     	sanitize_script(node, policy);
         if (node.tagName === "HEAD")
     	inject_csp(node, policy);
         if (node.tagName === "META")
     	sanitize_http_equiv_csp_rule(node, policy);
         if (!policy.allow)
     	sanitize_attributes(node, policy);
+    }
     const serializer = new XMLSerializer();
     function start_node(node, data)
+    {
         if (!data.writer)
     	return;
         node.hachette_started = true;
         const clone = node.cloneNode(false);
         clone.textContent = data.uniq;
         data.writer(data.uniq_reg.exec(clone.outerHTML)[1]);
+    }
     function finish_node(node, data)
+    {
         const nodes_to_process = [node];
         while (true) {
     	node = nodes_to_process.pop();
     	if (!node)
     	    break;
     	nodes_to_process.push(node, node.hachette_last_added);
+        }
         while (nodes_to_process.length > 0) {
     	const node = nodes_to_process.pop();
     	node.remove();
     	if (!data.writer)
     	    continue;
     	if (node.hachette_started) {
     	    node.textContent = data.uniq;
     	    data.writer(data.uniq_reg.exec(node.outerHTML)[2]);
     	    continue;
+    	}
     	data.writer(node.outerHTML || serializer.serializeToString(node));
+        }
+    }
     /*
      * Important! Due to some weirdness node.parentElement is not alway correct
      * under Chromium. Track node relations manually.
      */
     function handle_added_node(node, true_parent, data)
+    {
         if (node.hachette_ignore || true_parent.hachette_ignore)
     	return;
         if (!true_parent.hachette_started)
     	start_node(true_parent, data)
         sanitize_node(node, data.policy);
         if (data.node_eater)
     	data.node_eater(node, true_parent);
         finish_node(true_parent.hachette_last_added, data);
         true_parent.hachette_last_added = node;
+    }
     function handle_mutation(mutations, data)
+    {
         /*
          * Chromium: for an unknown reason mutation.target is not always the same as
          * node.parentElement. The former is the correct one.
          */
         for (const mutation of mutations) {
     	for (const node of mutation.addedNodes)
     	    handle_added_node(node, mutation.target, data);
+        }
+    }
     function finish_processing(data)
+    {
         handle_mutation(data.observer.takeRecords(), data);
         finish_node(data.html_element, data);
         data.observer.disconnect();
+    }
     function modify_on_the_fly(html_element, policy, consumers)
+    {
         const uniq = gen_nonce();
         const uniq_reg = new RegExp(`^(.*)${uniq}(.*)$`);
         const data = {policy, html_element, uniq, uniq_reg, ...consumers};
         start_node(data.html_element, data);
         var observer = new MutationObserver(m => handle_mutation(m, data));
         observer.observe(data.html_element, {
          	attributes: true,
     	childList: true,
     	subtree: true
         });
         data.observer = observer;
         return () => finish_processing(data);
+    }
     /*
      * EXPORTS_START
      * EXPORT modify_on_the_fly
      * EXPORTS_END
      */

Also available in: Unified diff

Project

General

Profile

Haketilo

Revision d09b7ee1

Added by koszko about 2 years ago