From 692577bbde5e8110855c022ec913324dfddce9ae Mon Sep 17 00:00:00 2001
From: jahoti <jahoti@tilde.team>
Date: Fri, 16 Jul 2021 00:00:00 +0000
Subject: Use URL-based policy smuggling

Increase the power of URL-based smuggling by making it (effectively)
compulsory in all cases and adapting a <salt><unique value><JSON-encoded
settings> structure. While the details still need to be worked out, the
potential for future expansion is there.
---
 content/main.js | 49 ++++++++++++++++---------------------------------
 1 file changed, 16 insertions(+), 33 deletions(-)

(limited to 'content')

diff --git a/content/main.js b/content/main.js
index 9acf749..e75f61d 100644
--- a/content/main.js
+++ b/content/main.js
@@ -2,6 +2,7 @@
  * Myext main content script run in all frames
  *
  * Copyright (C) 2021 Wojtek Kosior
+ * Copyright (C) 2021 jahoti
  * Redistribution terms are gathered in the `copyright' file.
  */
 
@@ -10,7 +11,9 @@
  * IMPORT handle_page_actions
  * IMPORT url_item
  * IMPORT url_extract_target
+ * IMPORT url_extract_policy
  * IMPORT gen_unique
+ * IMPORT gen_nonce
  * IMPORT csp_rule
  * IMPORT is_privileged_url
  * IMPORT sanitize_attributes
@@ -32,32 +35,6 @@
  * urls has not yet been added to the extension.
  */
 
-let url = url_item(document.URL);
-let unique = gen_unique(url);
-
-
-function is_http()
-{
-    return !!/^https?:\/\//i.exec(document.URL);
-}
-
-function is_whitelisted()
-{
-    const parsed_url = url_extract_target(document.URL);
-
-    if (parsed_url.target !== undefined &&
-	parsed_url.target === '#' + unique) {
-	if (parsed_url.target2 !== undefined)
-	    window.location.href = parsed_url.base_url + parsed_url.target2;
-	else
-	    history.replaceState(null, "", parsed_url.base_url);
-
-	return true;
-    }
-
-    return false;
-}
-
 function handle_mutation(mutations, observer)
 {
     if (document.readyState === 'complete') {
@@ -113,7 +90,7 @@ function inject_csp(head)
 
     let meta = document.createElement("meta");
     meta.setAttribute("http-equiv", "Content-Security-Policy");
-    meta.setAttribute("content", csp_rule(unique));
+    meta.setAttribute("content", csp_rule(nonce));
 
     if (head.firstElementChild === null)
 	head.appendChild(meta);
@@ -122,14 +99,20 @@ function inject_csp(head)
 }
 
 if (!is_privileged_url(document.URL)) {
+    const targets = url_extract_policy(document.URL);
+    targets.policy = targets.policy || {};
+    const nonce = targets.policy.nonce || gen_nonce();
+
+    if (targets.signed)
+	if (targets.target2 !== undefined)
+	    window.location.href = targets.base_url + targets.target2;
+	else
+	    history.replaceState(null, "", targets.base_url);
+
     start_activity_info_server();
-    handle_page_actions(unique);
+    handle_page_actions(nonce);
 
-    if (is_http()) {
-	/* rely on CSP injected through webRequest */
-    } else if (is_whitelisted()) {
-	/* do not block scripts at all */
-    } else {
+    if (!targets.policy.allow) {
 	block_nodes_recursively(document.documentElement);
 
 	if (is_chrome) {
-- 
cgit v1.2.3