1 files changed, 59 insertions, 0 deletions

diff --git a/common/misc.js b/common/misc.js
new file mode 100644
index 0000000..5754bd0
--- /dev/null
+++ b/common/misc.js
@@ -0,0 +1,59 @@
+/**
+ * Myext miscellaneous operations refactored to a separate file
+ *
+ * Copyright (C) 2021 Wojtek Kosior
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+/*
+ * IMPORTS_START
+ * IMPORT sha256
+ * IMPORT browser
+ * IMPORT is_chrome
+ * IMPORTS_END
+ */
+
+/*
+ * generating unique, per-site value that can be computed synchronously
+ * and is impossible to guess for a malicious website
+ */
+function gen_unique(url)
+{
+    return sha256(get_secure_salt() + url);
+}
+
+function get_secure_salt()
+{
+    if (is_chrome)
+	return browser.runtime.getManifest().key.substring(0, 50);
+    else
+	return browser.runtime.getURL("dummy");
+}
+
+/*
+ * stripping url from query and target (everything after `#' or `?'
+ * gets removed)
+ */
+function url_item(url)
+{
+    let url_re = /^([^?#]*).*$/;
+    let match = url_re.exec(url);
+    return match[1];
+}
+
+/* csp rule that blocks all scripts except for those injected by us */
+function csp_rule(nonce)
+{
+    let rule = `script-src 'nonce-${nonce}';`;
+    if (is_chrome)
+	rule += `script-src-elem 'nonce-${nonce}';`;
+    return rule;
+}
+
+/*
+ * EXPORTS_START
+ * EXPORT gen_unique
+ * EXPORT url_item
+ * EXPORT csp_rule
+ * EXPORTS_END
+ */