diff options
| author | jahoti <jahoti@tilde.team> | 2021-07-16 00:00:00 +0000 |
|---|---|---|
| committer | jahoti <jahoti@tilde.team> | 2021-07-16 00:00:00 +0000 |
| commit | 692577bbde5e8110855c022ec913324dfddce9ae (patch) | |
| tree | 6cc013453cdac80fd427c63994f2f7cc019d9c42 /common | |
| parent | 0e002513d443ef7cddcc17acf178478844f609e9 (diff) | |
| download | browser-extension-692577bbde5e8110855c022ec913324dfddce9ae.tar.gz browser-extension-692577bbde5e8110855c022ec913324dfddce9ae.zip | |
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a <salt><unique value><JSON-encoded
settings> structure. While the details still need to be worked out, the
potential for future expansion is there.
Diffstat (limited to 'common')
| -rw-r--r-- | common/misc.js | 36 |
1 files changed, 34 insertions, 2 deletions
diff --git a/common/misc.js b/common/misc.js index 8b56e79..825a117 100644 --- a/common/misc.js +++ b/common/misc.js @@ -2,6 +2,7 @@ * Myext miscellaneous operations refactored to a separate file * * Copyright (C) 2021 Wojtek Kosior + * Copyright (C) 2021 jahoti * Redistribution terms are gathered in the `copyright' file. */ @@ -14,6 +15,14 @@ * IMPORTS_END */ +/* Generate a random base64-encoded 128-bit sequence */ +function gen_nonce() +{ + let randomData = new Uint8Array(16); + crypto.getRandomValues(randomData); + return btoa(String.fromCharCode.apply(null, randomData)); +} + /* * generating unique, per-site value that can be computed synchronously * and is impossible to guess for a malicious website @@ -26,9 +35,9 @@ function gen_unique(url) function get_secure_salt() { if (is_chrome) - return browser.runtime.getManifest().key.substring(0, 50); + return browser.runtime.getManifest().key.substring(0, 36); else - return browser.runtime.getURL("dummy"); + return browser.runtime.getURL("dummy").substr(16, 36); } /* @@ -95,11 +104,34 @@ function is_privileged_url(url) return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url); } +/* Extract any policy present in the URL */ +function url_extract_policy(url) +{ + const targets = url_extract_target(url); + const key = '#' + get_secure_salt(); + targets.sig = key + gen_unique(targets.base_url); + + if (targets.target && targets.target.startsWith(key)) { + targets.signed = true; + if (targets.target.startsWith(targets.sig)) + try { + const policy_string = targets.target.substring(101); + targets.policy = JSON.parse(decodeURIComponent(policy_string)); + } catch (e) { + /* TODO what should happen here? */ + } + } + + return targets; +} + /* * EXPORTS_START + * EXPORT gen_nonce * EXPORT gen_unique * EXPORT url_item * EXPORT url_extract_target + * EXPORT url_extract_policy * EXPORT csp_rule * EXPORT nice_name * EXPORT open_in_settings |