summaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorjahoti <jahoti@tilde.team>2021-07-16 00:00:00 +0000
committerjahoti <jahoti@tilde.team>2021-07-16 00:00:00 +0000
commit692577bbde5e8110855c022ec913324dfddce9ae (patch)
tree6cc013453cdac80fd427c63994f2f7cc019d9c42 /common
parent0e002513d443ef7cddcc17acf178478844f609e9 (diff)
downloadbrowser-extension-692577bbde5e8110855c022ec913324dfddce9ae.tar.gz
browser-extension-692577bbde5e8110855c022ec913324dfddce9ae.zip
Use URL-based policy smuggling
Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a <salt><unique value><JSON-encoded settings> structure. While the details still need to be worked out, the potential for future expansion is there.
Diffstat (limited to 'common')
-rw-r--r--common/misc.js36
1 files changed, 34 insertions, 2 deletions
diff --git a/common/misc.js b/common/misc.js
index 8b56e79..825a117 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -2,6 +2,7 @@
* Myext miscellaneous operations refactored to a separate file
*
* Copyright (C) 2021 Wojtek Kosior
+ * Copyright (C) 2021 jahoti
* Redistribution terms are gathered in the `copyright' file.
*/
@@ -14,6 +15,14 @@
* IMPORTS_END
*/
+/* Generate a random base64-encoded 128-bit sequence */
+function gen_nonce()
+{
+ let randomData = new Uint8Array(16);
+ crypto.getRandomValues(randomData);
+ return btoa(String.fromCharCode.apply(null, randomData));
+}
+
/*
* generating unique, per-site value that can be computed synchronously
* and is impossible to guess for a malicious website
@@ -26,9 +35,9 @@ function gen_unique(url)
function get_secure_salt()
{
if (is_chrome)
- return browser.runtime.getManifest().key.substring(0, 50);
+ return browser.runtime.getManifest().key.substring(0, 36);
else
- return browser.runtime.getURL("dummy");
+ return browser.runtime.getURL("dummy").substr(16, 36);
}
/*
@@ -95,11 +104,34 @@ function is_privileged_url(url)
return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url);
}
+/* Extract any policy present in the URL */
+function url_extract_policy(url)
+{
+ const targets = url_extract_target(url);
+ const key = '#' + get_secure_salt();
+ targets.sig = key + gen_unique(targets.base_url);
+
+ if (targets.target && targets.target.startsWith(key)) {
+ targets.signed = true;
+ if (targets.target.startsWith(targets.sig))
+ try {
+ const policy_string = targets.target.substring(101);
+ targets.policy = JSON.parse(decodeURIComponent(policy_string));
+ } catch (e) {
+ /* TODO what should happen here? */
+ }
+ }
+
+ return targets;
+}
+
/*
* EXPORTS_START
+ * EXPORT gen_nonce
* EXPORT gen_unique
* EXPORT url_item
* EXPORT url_extract_target
+ * EXPORT url_extract_policy
* EXPORT csp_rule
* EXPORT nice_name
* EXPORT open_in_settings