From cd5272acb47a53ad71e5a6bcbcb4f712bdd285c5 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Wed, 30 Jun 2021 14:12:43 +0200 Subject: refactor 3 miscellaneous fnctionalities to a their single own file --- common/gen_unique.js | 33 ----------------------------- common/misc.js | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++ common/url_item.js | 19 ----------------- 3 files changed, 59 insertions(+), 52 deletions(-) delete mode 100644 common/gen_unique.js create mode 100644 common/misc.js delete mode 100644 common/url_item.js (limited to 'common') diff --git a/common/gen_unique.js b/common/gen_unique.js deleted file mode 100644 index 7ec8b4a..0000000 --- a/common/gen_unique.js +++ /dev/null @@ -1,33 +0,0 @@ -/** - * Myext generating unique, per-site hash - * - * Copyright (C) 2021 Wojtek Kosior - * Redistribution terms are gathered in the `copyright' file. - */ - -/* - * IMPORTS_START - * IMPORT sha256 - * IMPORT browser - * IMPORT is_chrome - * IMPORTS_END - */ - -function get_id() -{ - if (is_chrome) - return browser.runtime.getManifest().key.substring(0, 50); - else - return browser.runtime.getURL("dummy"); -} - -function gen_unique(url) -{ - return "#" + sha256(get_id() + url); -} - -/* - * EXPORTS_START - * EXPORT gen_unique - * EXPORTS_END - */ diff --git a/common/misc.js b/common/misc.js new file mode 100644 index 0000000..5754bd0 --- /dev/null +++ b/common/misc.js @@ -0,0 +1,59 @@ +/** + * Myext miscellaneous operations refactored to a separate file + * + * Copyright (C) 2021 Wojtek Kosior + * Redistribution terms are gathered in the `copyright' file. + */ + +/* + * IMPORTS_START + * IMPORT sha256 + * IMPORT browser + * IMPORT is_chrome + * IMPORTS_END + */ + +/* + * generating unique, per-site value that can be computed synchronously + * and is impossible to guess for a malicious website + */ +function gen_unique(url) +{ + return sha256(get_secure_salt() + url); +} + +function get_secure_salt() +{ + if (is_chrome) + return browser.runtime.getManifest().key.substring(0, 50); + else + return browser.runtime.getURL("dummy"); +} + +/* + * stripping url from query and target (everything after `#' or `?' + * gets removed) + */ +function url_item(url) +{ + let url_re = /^([^?#]*).*$/; + let match = url_re.exec(url); + return match[1]; +} + +/* csp rule that blocks all scripts except for those injected by us */ +function csp_rule(nonce) +{ + let rule = `script-src 'nonce-${nonce}';`; + if (is_chrome) + rule += `script-src-elem 'nonce-${nonce}';`; + return rule; +} + +/* + * EXPORTS_START + * EXPORT gen_unique + * EXPORT url_item + * EXPORT csp_rule + * EXPORTS_END + */ diff --git a/common/url_item.js b/common/url_item.js deleted file mode 100644 index 102f117..0000000 --- a/common/url_item.js +++ /dev/null @@ -1,19 +0,0 @@ -/** - * Myext stripping url from query and target - * - * Copyright (C) 2021 Wojtek Kosior - * Redistribution terms are gathered in the `copyright' file. - */ - -function url_item(url) -{ - let url_re = /^([^?#]*).*$/; - let match = url_re.exec(url); - return match[1]; -} - -/* - * EXPORTS_START - * EXPORT url_item - * EXPORTS_END - */ -- cgit v1.2.3