From 4c6a2323d90e9321ec2b78e226167b3013ea69ab Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Sat, 29 Jan 2022 00:03:51 +0100 Subject: make Haketilo buildable again (for Mozilla) How cool it is to throw away 5755 lines of code... --- content/activity_info_server.js | 128 -------------- content/content.js | 4 +- content/main.js | 357 ---------------------------------------- content/page_actions.js | 113 ------------- content/policy_enforcing.js | 4 +- content/repo_query.js | 140 ---------------- content/repo_query_cacher.js | 1 + 7 files changed, 5 insertions(+), 742 deletions(-) delete mode 100644 content/activity_info_server.js delete mode 100644 content/main.js delete mode 100644 content/page_actions.js delete mode 100644 content/repo_query.js (limited to 'content') diff --git a/content/activity_info_server.js b/content/activity_info_server.js deleted file mode 100644 index 6c0badc..0000000 --- a/content/activity_info_server.js +++ /dev/null @@ -1,128 +0,0 @@ -/** - * This file is part of Haketilo. - * - * Function: Informing the popup about what happens in the content script - * (script injection, script blocking, etc.). - * - * Copyright (C) 2021 Wojtek Kosior - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * As additional permission under GNU GPL version 3 section 7, you - * may distribute forms of that code without the copy of the GNU - * GPL normally required by section 4, provided you include this - * license notice and, in case of non-source distribution, a URL - * through which recipients can access the Corresponding Source. - * If you modify file(s) with this exception, you may extend this - * exception to your version of the file(s), but you are not - * obligated to do so. If you do not wish to do so, delete this - * exception statement from your version. - * - * As a special exception to the GPL, any HTML file which merely - * makes function calls to this code, and for that purpose - * includes it by reference shall be deemed a separate work for - * copyright law purposes. If you modify this code, you may extend - * this exception to your version of the code, but you are not - * obligated to do so. If you do not wish to do so, delete this - * exception statement from your version. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * I, Wojtek Kosior, thereby promise not to sue for violation of this file's - * license. Although I request that you do not make use of this code in a - * proprietary program, I am not going to enforce this in court. - */ - -#IMPORT common/connection_types.js AS CONNECTION_TYPE -#IMPORT content/repo_query.js - -#FROM common/message_server.js IMPORT listen_for_connection - -var activities = []; -var ports = new Set(); - -function report_activity_oneshot(name, data, port) -{ - port.postMessage([name, data]); -} - -function report_activity(name, data) -{ - const activity = [name, data]; - activities.push(activity); - - for (const port of ports) - port.postMessage(activity); -} - -function report_script(script_data) -{ - report_activity("script", script_data); -} -#EXPORT report_script - -function report_settings(settings) -{ - const settings_clone = {}; - Object.assign(settings_clone, settings) - report_activity("settings", settings_clone); -} -#EXPORT report_settings - -function report_document_type(is_html) -{ - report_activity("is_html", is_html); -} -#EXPORT report_document_type - -function report_repo_query_action(update, port) -{ - report_activity_oneshot("repo_query_action", update, port); -} - -function trigger_repo_query(query_specifier) -{ - repo_query.query(...query_specifier); -} - -function handle_disconnect(port, report_action) -{ - ports.delete(port) - repo_query.unsubscribe_results(report_action); -} - -function new_connection(port) -{ - console.log("new activity info connection!"); - - ports.add(port); - - for (const activity of activities) - port.postMessage(activity); - - const report_action = u => report_repo_query_action(u, port); - repo_query.subscribe_results(report_action); - - /* - * So far the only thing we expect to receive is repo query order. Once more - * possibilities arrive, we will need to complicate this listener. - */ - port.onMessage.addListener(trigger_repo_query); - - port.onDisconnect.addListener(() => handle_disconnect(port, report_action)); -} - -function start() -{ - listen_for_connection(CONNECTION_TYPE.ACTIVITY_INFO, new_connection); -} -#EXPORT start diff --git a/content/content.js b/content/content.js index feef5db..c501187 100644 --- a/content/content.js +++ b/content/content.js @@ -74,7 +74,7 @@ globalThis.haketilo_content_script_main = async function() { const policy = decide_policy(globalThis.haketilo_pattern_tree, document.URL, - globalThis.haketilo_defualt_allow, + globalThis.haketilo_default_allow, globalThis.haketilo_secret); const page_info = Object.assign({url: document.URL}, policy); ["csp", "nonce"].forEach(prop => delete page_info[prop]); @@ -93,7 +93,7 @@ globalThis.haketilo_content_script_main = async function() { resolve_page_info(Object.assign(page_info, script_response)); return; } else { - for (const script_contents of script_response) { + for (const script_contents of script_response.files) { const html_ns = "http://www.w3.org/1999/xhtml"; const script = document.createElementNS(html_ns, "script"); diff --git a/content/main.js b/content/main.js deleted file mode 100644 index 8b24323..0000000 --- a/content/main.js +++ /dev/null @@ -1,357 +0,0 @@ -/** - * This file is part of Haketilo. - * - * Function: Main content script that runs in all frames. - * - * Copyright (C) 2021 Wojtek Kosior - * Copyright (C) 2021 jahoti - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * As additional permission under GNU GPL version 3 section 7, you - * may distribute forms of that code without the copy of the GNU - * GPL normally required by section 4, provided you include this - * license notice and, in case of non-source distribution, a URL - * through which recipients can access the Corresponding Source. - * If you modify file(s) with this exception, you may extend this - * exception to your version of the file(s), but you are not - * obligated to do so. If you do not wish to do so, delete this - * exception statement from your version. - * - * As a special exception to the GPL, any HTML file which merely - * makes function calls to this code, and for that purpose - * includes it by reference shall be deemed a separate work for - * copyright law purposes. If you modify this code, you may extend - * this exception to your version of the code, but you are not - * obligated to do so. If you do not wish to do so, delete this - * exception statement from your version. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - * I, Wojtek Kosior, thereby promise not to sue for violation of this file's - * license. Although I request that you do not make use of this code in a - * proprietary program, I am not going to enforce this in court. - */ - -#IMPORT content/activity_info_server.js - -#FROM content/page_actions.js IMPORT handle_page_actions -#FROM common/misc.js IMPORT gen_nonce, is_privileged_url, \ - csp_header_regex -#FROM common/browser.js IMPORT browser - -/* CSP rule that blocks scripts according to policy's needs. */ -function make_csp_rule(policy) -{ - let rule = "prefetch-src 'none'; script-src-attr 'none';"; - const script_src = policy.nonce !== undefined ? - `'nonce-${policy.nonce}'` : "'none'"; - rule += ` script-src ${script_src}; script-src-elem ${script_src};`; - return rule; -} - -document.content_loaded = document.readyState === "complete"; -const wait_loaded = e => e.content_loaded ? Promise.resolve() : - new Promise(c => e.addEventListener("DOMContentLoaded", c, {once: true})); - -wait_loaded(document).then(() => document.content_loaded = true); - -/* - * In the case of HTML documents: - * 1. When injecting some payload we need to sanitize CSP tags before - * they reach the document. - * 2. Only tags inside are considered valid by the browser and - * need to be considered. - * 3. We want to detach from document, wait until its completes - * loading, sanitize it and re-attach . - * 4. We shall wait for anything to appear in or after and take that as - * a sign has finished loading. - * 5. Otherwise, getting the `DOMContentLoaded' event on the document shall also - * be a sign that is fully loaded. - */ - -function make_body_start_observer(DOM_element, waiting) -{ - const observer = new MutationObserver(() => try_body_started(waiting)); - observer.observe(DOM_element, {childList: true}); - return observer; -} - -function try_body_started(waiting) -{ - const body = waiting.detached_html.querySelector("body"); - - if ((body && (body.firstChild || body.nextSibling)) || - waiting.doc.documentElement.nextSibling) { - finish_waiting(waiting); - return true; - } - - if (body && waiting.observers.length < 2) - waiting.observers.push(make_body_start_observer(body, waiting)); -} - -function finish_waiting(waiting) -{ - if (waiting.finished) - return; - waiting.finished = true; - waiting.observers.forEach(observer => observer.disconnect()); - setTimeout(waiting.callback, 0); -} - -function _wait_for_head(doc, detached_html, callback) -{ - const waiting = {doc, detached_html, callback, observers: []}; - - if (try_body_started(waiting)) - return; - - waiting.observers = [make_body_start_observer(detached_html, waiting)]; - - wait_loaded(doc).then(() => finish_waiting(waiting)); -} - -function wait_for_head(doc, detached_html) -{ - return new Promise(cb => _wait_for_head(doc, detached_html, cb)); -} - -const blocked_str = "blocked"; - -function block_attribute(node, attr, ns=null) -{ - const [hasa, geta, seta, rema] = ["has", "get", "set", "remove"] - .map(m => (n, ...args) => typeof ns === "string" ? - n[`${m}AttributeNS`](ns, ...args) : n[`${m}Attribute`](...args)); - /* - * Disabling attributes by prepending `-blocked' allows them to still be - * relatively easily accessed in case they contain some useful data. - */ - const construct_name = [attr]; - while (hasa(node, construct_name.join(""))) - construct_name.unshift(blocked_str); - - while (construct_name.length > 1) { - construct_name.shift(); - const name = construct_name.join(""); - seta(node, `${blocked_str}-${name}`, geta(node, name)); - } - - rema(node, attr); -} - -/* - * Used to disable `