Revision dcfc78b0
Added by jahoti about 2 years ago
common/misc.js | ||
---|---|---|
2 | 2 |
* Myext miscellaneous operations refactored to a separate file |
3 | 3 |
* |
4 | 4 |
* Copyright (C) 2021 Wojtek Kosior |
5 |
* Copyright (C) 2021 jahoti |
|
5 | 6 |
* Redistribution terms are gathered in the `copyright' file. |
6 | 7 |
*/ |
7 | 8 |
|
... | ... | |
18 | 19 |
* generating unique, per-site value that can be computed synchronously |
19 | 20 |
* and is impossible to guess for a malicious website |
20 | 21 |
*/ |
22 |
|
|
23 |
/* Uint8toHex is a separate function not exported as (a) it's useful and (b) it will be used in crypto.subtle-based digests */ |
|
24 |
function Uint8toHex(data) |
|
25 |
{ |
|
26 |
let returnValue = ''; |
|
27 |
for (let byte of data) |
|
28 |
returnValue += ('00' + byte.toString(16)).slice(-2); |
|
29 |
return returnValue; |
|
30 |
} |
|
31 |
|
|
32 |
function gen_nonce(length) // Default 16 |
|
33 |
{ |
|
34 |
let randomData = new Uint8Array(length || 16); |
|
35 |
crypto.getRandomValues(randomData); |
|
36 |
return Uint8toHex(randomData); |
|
37 |
} |
|
38 |
|
|
21 | 39 |
function gen_unique(url) |
22 | 40 |
{ |
23 | 41 |
return sha256(get_secure_salt() + url); |
... | ... | |
98 | 116 |
/* |
99 | 117 |
* EXPORTS_START |
100 | 118 |
* EXPORT gen_unique |
119 |
* EXPORT gen_nonce |
|
101 | 120 |
* EXPORT url_item |
102 | 121 |
* EXPORT url_extract_target |
103 | 122 |
* EXPORT csp_rule |
Also available in: Unified diff
Stop using the nonce consistently for a URL
Nonces are now randomly generated, either in the page (for non-HTTP(S) pages)
or by a background module which stores them by tab and frame IDs. In order to
support the increased variance in nonce-generating methods and allow them to
be loaded from the background, handle_page_actions is now invoked separately
according to (non-)blocking mechanism.