From 692577bbde5e8110855c022ec913324dfddce9ae Mon Sep 17 00:00:00 2001 From: jahoti Date: Fri, 16 Jul 2021 00:00:00 +0000 Subject: Use URL-based policy smuggling Increase the power of URL-based smuggling by making it (effectively) compulsory in all cases and adapting a structure. While the details still need to be worked out, the potential for future expansion is there. --- content/main.js | 49 ++++++++++++++++--------------------------------- 1 file changed, 16 insertions(+), 33 deletions(-) (limited to 'content') diff --git a/content/main.js b/content/main.js index 9acf749..e75f61d 100644 --- a/content/main.js +++ b/content/main.js @@ -2,6 +2,7 @@ * Myext main content script run in all frames * * Copyright (C) 2021 Wojtek Kosior + * Copyright (C) 2021 jahoti * Redistribution terms are gathered in the `copyright' file. */ @@ -10,7 +11,9 @@ * IMPORT handle_page_actions * IMPORT url_item * IMPORT url_extract_target + * IMPORT url_extract_policy * IMPORT gen_unique + * IMPORT gen_nonce * IMPORT csp_rule * IMPORT is_privileged_url * IMPORT sanitize_attributes @@ -32,32 +35,6 @@ * urls has not yet been added to the extension. */ -let url = url_item(document.URL); -let unique = gen_unique(url); - - -function is_http() -{ - return !!/^https?:\/\//i.exec(document.URL); -} - -function is_whitelisted() -{ - const parsed_url = url_extract_target(document.URL); - - if (parsed_url.target !== undefined && - parsed_url.target === '#' + unique) { - if (parsed_url.target2 !== undefined) - window.location.href = parsed_url.base_url + parsed_url.target2; - else - history.replaceState(null, "", parsed_url.base_url); - - return true; - } - - return false; -} - function handle_mutation(mutations, observer) { if (document.readyState === 'complete') { @@ -113,7 +90,7 @@ function inject_csp(head) let meta = document.createElement("meta"); meta.setAttribute("http-equiv", "Content-Security-Policy"); - meta.setAttribute("content", csp_rule(unique)); + meta.setAttribute("content", csp_rule(nonce)); if (head.firstElementChild === null) head.appendChild(meta); @@ -122,14 +99,20 @@ function inject_csp(head) } if (!is_privileged_url(document.URL)) { + const targets = url_extract_policy(document.URL); + targets.policy = targets.policy || {}; + const nonce = targets.policy.nonce || gen_nonce(); + + if (targets.signed) + if (targets.target2 !== undefined) + window.location.href = targets.base_url + targets.target2; + else + history.replaceState(null, "", targets.base_url); + start_activity_info_server(); - handle_page_actions(unique); + handle_page_actions(nonce); - if (is_http()) { - /* rely on CSP injected through webRequest */ - } else if (is_whitelisted()) { - /* do not block scripts at all */ - } else { + if (!targets.policy.allow) { block_nodes_recursively(document.documentElement); if (is_chrome) { -- cgit v1.2.3