Haketilo

/**

 * Myext miscellaneous operations refactored to a separate file

 *

 * Copyright (C) 2021 Wojtek Kosior

 * Copyright (C) 2021 jahoti

 * Redistribution terms are gathered in the `copyright' file.

 */

/*

 * IMPORTS_START

 * IMPORT sha256

 * IMPORT browser

 * IMPORT is_chrome

 * IMPORT TYPE_NAME

 * IMPORTS_END

 */

/* Generate a random base64-encoded 128-bit sequence */

function gen_nonce()

{

    let randomData = new Uint8Array(16);

    crypto.getRandomValues(randomData);

    return btoa(String.fromCharCode.apply(null, randomData));

}

/*

 * generating unique, per-site value that can be computed synchronously

 * and is impossible to guess for a malicious website

 */

function gen_unique(url)

{

    return sha256(get_secure_salt() + url);

}

function get_secure_salt()

{

    if (is_chrome)

	return browser.runtime.getManifest().key.substring(0, 50);

    else

	return browser.runtime.getURL("dummy");

}

/*

 * stripping url from query and target (everything after `#' or `?'

 * gets removed)

 */

function url_item(url)

{

    let url_re = /^([^?#]*).*$/;

    let match = url_re.exec(url);

    return match[1];

}

/*

 * Assume a url like: https://example.com/green?illuminati=confirmed#tinky#winky

 * This function will make it into an object like:

 * {

 *     "base_url" : "https://example.com/green?illuminati=confirmed",

 *     "target" : "#tinky",

 *     "target2" : "#winky"

 * }

 * In case url doesn't have 2 #'s, target2 and target can be set to undefined.

 */

function url_extract_target(url)

{

    let url_re = /^([^#]*)((#[^#]*)(#.*)?)?$/;

    let match = url_re.exec(url);

    return {

	base_url : match[1],

	target : match[3],

	target2 : match[4]

    };

}

/* csp rule that blocks all scripts except for those injected by us */

function csp_rule(nonce)

{

    let rule = `script-src 'nonce-${nonce}';`;

    if (is_chrome)

	rule += `script-src-elem 'nonce-${nonce}';`;

    return rule;

}

/*

 * Print item together with type, e.g.

 * nice_name("s", "hello") → "hello (script)"

 */

function nice_name(prefix, name)

{

    return `${name} (${TYPE_NAME[prefix]})`;

}

/* Open settings tab with given item's editing already on. */

function open_in_settings(prefix, name)

{

    name = encodeURIComponent(name);

    const url = browser.runtime.getURL("html/options.html#" + prefix + name);

    window.open(url, "_blank");

}

/* Check if url corresponds to a browser's special page */

function is_privileged_url(url)

{

    return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url);

}

/* Sign a given policy for a given time */

function sign_policy(policy, now, hours_offset) {

    let time = Math.floor(now / 3600000) + (hours_offset || 0);

    return gen_unique(time + policy);

}

/* Extract any policy present in the URL */

function url_extract_policy(url)

{

    const targets = url_extract_target(url);

    if (!targets.target)

	return targets;

    /* %7B -> { */

    const index = targets.target.indexOf('%7B');

    if (index === -1)

	return targets;

    const now = new Date();

    const sig = targets.target.substring(1, index);

    const policy = targets.target.substring(index);

    if (

	sig !== sign_policy(policy, now) &&

	sig !== sign_policy(policy, now, -1) &&

	sig !== sign_policy(policy, now, 1)

    )

	return targets;

    try {

	targets.policy = JSON.parse(decodeURIComponent(policy));

	targets.current = targets.policy.base_url === targets.base_url;

    } catch (e) {

	/* TODO what should happen here? */

    }

    return targets;

}

/*

 * EXPORTS_START

 * EXPORT gen_nonce

 * EXPORT gen_unique

 * EXPORT url_item

 * EXPORT url_extract_target

 * EXPORT url_extract_policy

 * EXPORT sign_policy

 * EXPORT csp_rule

 * EXPORT nice_name

 * EXPORT open_in_settings

 * EXPORT is_privileged_url

 * EXPORTS_END

 */