Revision dcfc78b0
Added by jahoti about 2 years ago
| common/misc.js | ||
|---|---|---|
| 2 | 2 |
* Myext miscellaneous operations refactored to a separate file |
| 3 | 3 |
* |
| 4 | 4 |
* Copyright (C) 2021 Wojtek Kosior |
| 5 |
* Copyright (C) 2021 jahoti |
|
| 5 | 6 |
* Redistribution terms are gathered in the `copyright' file. |
| 6 | 7 |
*/ |
| 7 | 8 |
|
| ... | ... | |
| 18 | 19 |
* generating unique, per-site value that can be computed synchronously |
| 19 | 20 |
* and is impossible to guess for a malicious website |
| 20 | 21 |
*/ |
| 22 |
|
|
| 23 |
/* Uint8toHex is a separate function not exported as (a) it's useful and (b) it will be used in crypto.subtle-based digests */ |
|
| 24 |
function Uint8toHex(data) |
|
| 25 |
{
|
|
| 26 |
let returnValue = ''; |
|
| 27 |
for (let byte of data) |
|
| 28 |
returnValue += ('00' + byte.toString(16)).slice(-2);
|
|
| 29 |
return returnValue; |
|
| 30 |
} |
|
| 31 |
|
|
| 32 |
function gen_nonce(length) // Default 16 |
|
| 33 |
{
|
|
| 34 |
let randomData = new Uint8Array(length || 16); |
|
| 35 |
crypto.getRandomValues(randomData); |
|
| 36 |
return Uint8toHex(randomData); |
|
| 37 |
} |
|
| 38 |
|
|
| 21 | 39 |
function gen_unique(url) |
| 22 | 40 |
{
|
| 23 | 41 |
return sha256(get_secure_salt() + url); |
| ... | ... | |
| 98 | 116 |
/* |
| 99 | 117 |
* EXPORTS_START |
| 100 | 118 |
* EXPORT gen_unique |
| 119 |
* EXPORT gen_nonce |
|
| 101 | 120 |
* EXPORT url_item |
| 102 | 121 |
* EXPORT url_extract_target |
| 103 | 122 |
* EXPORT csp_rule |
Also available in: Unified diff
Stop using the nonce consistently for a URL
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.