implement smuggling via cookies instead of URL

1 files changed, 13 insertions, 11 deletions

diff --git a/content/main.js b/content/main.js
index 9ed557c..8adcd48 100644
--- a/content/main.js
+++ b/content/main.js
@@ -9,8 +9,7 @@
 /*
  * IMPORTS_START
  * IMPORT handle_page_actions
- * IMPORT url_extract_target
- * IMPORT gen_unique
+ * IMPORT extract_signed
  * IMPORT gen_nonce
  * IMPORT csp_rule
  * IMPORT is_privileged_url
@@ -98,18 +97,21 @@ function inject_csp(head)
 }
 
 if (!is_privileged_url(document.URL)) {
-    const targets = url_extract_target(document.URL);
-    if (targets.policy) {
-	if (targets.target2)
-	    window.location.href = targets.base_url + targets.target2;
-	else
-	    history.replaceState(null, "", targets.base_url);
+    const reductor =
+	  (ac, [_, sig, pol]) => ac[0] && ac || [extract_signed(sig, pol), sig];
+    const matches = [...document.cookie.matchAll(/hachette-(\w*)=([^;]*)/g)];
+    let [policy, signature] = matches.reduce(reductor, []);
+
+    console.log("extracted policy", [signature, policy]);
+    if (!policy || policy.url !== document.URL) {
+	console.log("using default policy");
+	policy = {allow: false, nonce: gen_nonce()};
     }
 
-    const policy = targets.current ? targets.policy : {};
+    if (signature)
+	document.cookie = `hachette-${signature}=; Max-Age=-1;`;
 
-    nonce = policy.nonce || gen_nonce();
-    handle_page_actions(nonce);
+    handle_page_actions(policy.nonce);
 
     if (!policy.allow) {
 	block_nodes_recursively(document.documentElement);