summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
authorWojtek Kosior <koszko@koszko.org>2022-01-17 14:15:43 +0100
committerWojtek Kosior <koszko@koszko.org>2022-01-17 14:15:43 +0100
commit31cc63c2b429b768379e1b2ef7598242d0b36d18 (patch)
treee279b77e3bb331e1b7e4807b7f755edf63197431 /content
parent7bedbcbd80eba9359d2e905b7693923c76ce563d (diff)
downloadbrowser-extension-31cc63c2b429b768379e1b2ef7598242d0b36d18.tar.gz
browser-extension-31cc63c2b429b768379e1b2ef7598242d0b36d18.zip
test script blocking with and without the CSP-based approach on
Diffstat (limited to 'content')
-rw-r--r--content/policy_enforcing.js62
1 files changed, 45 insertions, 17 deletions
diff --git a/content/policy_enforcing.js b/content/policy_enforcing.js
index 25c8b6b..8e26afb 100644
--- a/content/policy_enforcing.js
+++ b/content/policy_enforcing.js
@@ -109,7 +109,7 @@ function wait_for_head(doc, detached_html) {
const blocked_str = "blocked";
-function block_attribute(node, attr, ns=null, replace_with="") {
+function block_attribute(node, attr, ns=null, replace_with=null) {
const [hasa, geta, seta, rema] = ["has", "get", "set", "remove"]
.map(m => (n, ...args) => typeof ns === "string" ?
n[`${m}AttributeNS`](ns, ...args) : n[`${m}Attribute`](...args));
@@ -128,7 +128,8 @@ function block_attribute(node, attr, ns=null, replace_with="") {
}
rema(node, attr);
- seta(node, attr, replace_with);
+ if (replace_with !== null)
+ seta(node, attr, replace_with);
}
/*
@@ -180,11 +181,40 @@ function sanitize_tree_urls(root) {
.forEach(sanitize_element_urls);
}
-function start_urls_sanitizing(doc) {
- sanitize_tree_urls(doc);
+#IF MOZILLA
+function sanitize_element_onevent(element) {
+ for (const attribute_node of (element.attributes || [])) {
+ const attr = attribute_node.localName, attr_lo = attr.toLowerCase();;
+ if (!/^on/.test(attr_lo) || !(attr_lo in element.wrappedJSObject))
+ continue;
+
+ /*
+ * Guard against redefined getter on DOM object property. This should
+ * not be an issue */
+ if (Object.getOwnPropertyDescriptor(element.wrappedJSObject, attr)) {
+ console.error("Redefined property on a DOM object! The page might have bypassed our script blocking measures!");
+ continue;
+ }
+ element.wrappedJSObject[attr] = null;
+ block_attribute(element, attr, attribute_node.namespaceURI,
+ "javascript:void('blocked');");
+ }
+}
+
+function sanitize_tree_onevent(root) {
+ root.querySelectorAll("*")
+ .forEach(sanitize_element_onevent);
+}
+#ENDIF
+
+function start_mo_sanitizing(doc) {
if (!doc.content_loaded) {
- const mutation_handler =
- m => m.addedNodes.forEach(sanitize_element_urls);
+ function mutation_handler(mutation) {
+ mutation.addedNodes.forEach(sanitize_element_urls);
+#IF MOZILLA
+ mutation.addedNodes.forEach(sanitize_element_onevent);
+#ENDIF
+ }
const mo = new MutationObserver(ms => ms.forEach(mutation_handler));
mo.observe(doc, {childList: true, subtree: true});
wait_loaded(doc).then(() => mo.disconnect());
@@ -225,13 +255,8 @@ async function sanitize_document(doc, policy) {
doc.addEventListener(...listener_args);
wait_loaded(doc).then(() => doc.removeEventListener(...listener_args));
- for (const elem of doc.querySelectorAll("*")) {
- [...elem.attributes].map(attr => attr.localName)
- .filter(attr => /^on/.test(attr) && elem.wrappedJSObject[attr])
- .forEach(attr => elem.wrappedJSObject[attr] = null);
- }
-
sanitize_tree_urls(doc.documentElement);
+ sanitize_tree_onevent(doc.documentElement);
#ENDIF
/*
@@ -251,7 +276,7 @@ async function sanitize_document(doc, policy) {
Loading...
</body>
</html>`;
- const html =
+ const temporary_html =
new DOMParser().parseFromString(source, "text/html").documentElement;
/*
@@ -259,7 +284,7 @@ async function sanitize_document(doc, policy) {
* and sanitized.
*/
const root = doc.documentElement;
- root.replaceWith(html);
+ root.replaceWith(temporary_html);
/*
* When we don't inject payload, we neither block document's CSP `<meta>'
@@ -272,12 +297,15 @@ async function sanitize_document(doc, policy) {
.forEach(m => sanitize_meta(m, policy));
}
- root.querySelectorAll("script").forEach(s => sanitize_script(s, policy));
sanitize_tree_urls(root);
- html.replaceWith(root);
+ root.querySelectorAll("script").forEach(s => sanitize_script(s, policy));
+ temporary_html.replaceWith(root);
root.querySelectorAll("script").forEach(s => desanitize_script(s, policy));
+#IF MOZILLA
+ sanitize_tree_onevent(root);
+#ENDIF
- start_urls_sanitizing(doc);
+ start_mo_sanitizing(doc);
}
async function _disable_service_workers() {