/common/misc.js - Haketilo - Hydrilla issue tracker

Download (4.72 KB) Statistics

haketilo / common / misc.js @ e402e036

       /**
        * Hachette miscellaneous operations refactored to a separate file
+       *
        * Copyright (C) 2021 Wojtek Kosior
        * Copyright (C) 2021 jahoti
        * Redistribution terms are gathered in the `copyright' file.
        */
       /*
        * IMPORTS_START
        * IMPORT sha256
        * IMPORT browser
        * IMPORT is_chrome
        * IMPORT TYPE_NAME
        * IMPORTS_END
        */
       /* Generate a random base64-encoded 128-bit sequence */
       function gen_nonce()
+      {
           let randomData = new Uint8Array(16);
           crypto.getRandomValues(randomData);
           return btoa(String.fromCharCode.apply(null, randomData));
+      }
       /*
        * generating unique, per-site value that can be computed synchronously
        * and is impossible to guess for a malicious website
        */
       /* Uint8toHex is a separate function not exported as (a) it's useful and (b) it will be used in crypto.subtle-based digests */
       function Uint8toHex(data)
+      {
           let returnValue = '';
           for (let byte of data)
       	returnValue += ('00' + byte.toString(16)).slice(-2);
           return returnValue;
+      }
       function gen_nonce(length) // Default 16
+      {
           let randomData = new Uint8Array(length || 16);
           crypto.getRandomValues(randomData);
           return Uint8toHex(randomData);
+      }
       function gen_unique(url)
+      {
           return sha256(get_secure_salt() + url);
+      }
       function get_secure_salt()
+      {
           if (is_chrome)
       	return browser.runtime.getManifest().key.substring(0, 50);
           else
       	return browser.runtime.getURL("dummy");
+      }
       /*
        * stripping url from query and target (everything after `#' or `?'
        * gets removed)
        */
       function url_item(url)
+      {
           let url_re = /^([^?#]*).*$/;
           let match = url_re.exec(url);
           return match[1];
+      }
       /*
        * Assume a url like:
        *     https://example.com/green?illuminati=confirmed#<injected-policy>#winky
        * This function will make it into an object like:
        * {
        *     "base_url": "https://example.com/green?illuminati=confirmed",
        *     "target":   "#<injected-policy>",
        *     "target2":  "#winky",
        *     "policy":   <injected-policy-as-js-object>,
        *     "current":  <boolean-indicating-whether-policy-url-matches>
        * }
        * In case url doesn't have 2 #'s, target2 and target can be set to undefined.
        */
       function url_extract_target(url)
+      {
           const url_re = /^([^#]*)((#[^#]*)(#.*)?)?$/;
           const match = url_re.exec(url);
           const targets  = {
       	base_url: match[1],
       	target:   match[3] || "",
       	target2:  match[4] || ""
           };
           if (!targets.target)
       	return targets;
           /* %7B -> { */
           const index = targets.target.indexOf('%7B');
           if (index === -1)
       	return targets;
           const now = new Date();
           const sig = targets.target.substring(1, index);
           const policy = targets.target.substring(index);
           if (sig !== sign_policy(policy, now) &&
       	sig !== sign_policy(policy, now, -1))
       	return targets;
           try {
       	targets.policy = JSON.parse(decodeURIComponent(policy));
       	targets.current = targets.policy.base_url === targets.base_url;
           } catch (e) {
       	/* This should not be reached - it's our self-produced valid JSON. */
       	console.log("Unexpected internal error - invalid JSON smuggled!", e);
+          }
           return targets;
+      }
       /* csp rule that blocks all scripts except for those injected by us */
       function csp_rule(nonce)
+      {
           let rule = `script-src 'nonce-${nonce}';`;
           if (is_chrome)
       	rule += `script-src-elem 'nonce-${nonce}';`;
           return rule;
+      }
       /*
        * Print item together with type, e.g.
        * nice_name("s", "hello") → "hello (script)"
        */
       function nice_name(prefix, name)
+      {
           return `${name} (${TYPE_NAME[prefix]})`;
+      }
       /* Open settings tab with given item's editing already on. */
       function open_in_settings(prefix, name)
+      {
           name = encodeURIComponent(name);
           const url = browser.runtime.getURL("html/options.html#" + prefix + name);
           window.open(url, "_blank");
+      }
       /* Check if url corresponds to a browser's special page */
       function is_privileged_url(url)
+      {
           return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url);
+      }
       /* Sign a given policy for a given time */
       function sign_policy(policy, now, hours_offset) {
           let time = Math.floor(now / 3600000) + (hours_offset || 0);
           return gen_unique(time + policy);
+      }
       /* Parse a CSP header */
       function parse_csp(csp) {
           let directive, directive_array;
           let directives = {};
           for (directive of csp.split(';')) {
       	directive = directive.trim();
       	if (directive === '')
       	    continue;
       	directive_array = directive.split(/\s+/);
       	directive = directive_array.shift();
       	/* The "true" case should never occur; nevertheless... */
       	directives[directive] = directive in directives ?
       	    directives[directive].concat(directive_array) :
       	    directive_array;
+          }
           return directives;
+      }
       /*
        * EXPORTS_START
        * EXPORT gen_nonce
        * EXPORT gen_unique
        * EXPORT url_item
        * EXPORT url_extract_target
        * EXPORT sign_policy
        * EXPORT csp_rule
        * EXPORT nice_name
        * EXPORT open_in_settings
        * EXPORT is_privileged_url
        * EXPORT parse_csp
        * EXPORTS_END
        */

(4-4/9)