From fbfddb02afc6f144b1255b677e0d4249adc10b89 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Thu, 27 Jan 2022 21:24:49 +0100
Subject: add actual payload injection functionality to new content script

---
 content/content.js | 39 ++++++++++++++++++++++++++++++++++-----
 1 file changed, 34 insertions(+), 5 deletions(-)

(limited to 'content')

diff --git a/content/content.js b/content/content.js
index 804a473..feef5db 100644
--- a/content/content.js
+++ b/content/content.js
@@ -48,16 +48,19 @@
 #FROM common/policy.js            IMPORT decide_policy
 #FROM content/policy_enforcing.js IMPORT enforce_blocking
 
-let already_run = false, page_info;
+let already_run = false, resolve_page_info,
+    page_info_prom = new Promise(cb => resolve_page_info = cb);
 
 function on_page_info_request([type], sender, respond_cb) {
     if (type !== "page_info")
 	return;
 
-    respond_cb(page_info);
+    page_info_prom.then(respond_cb);
+
+    return true;
 }
 
-globalThis.haketilo_content_script_main = function() {
+globalThis.haketilo_content_script_main = async function() {
     if (already_run)
         return;
 
@@ -73,10 +76,36 @@ globalThis.haketilo_content_script_main = function() {
 				 document.URL,
 				 globalThis.haketilo_defualt_allow,
 				 globalThis.haketilo_secret);
-    page_info = Object.assign({url: document.URL}, policy);
+    const page_info = Object.assign({url: document.URL}, policy);
     ["csp", "nonce"].forEach(prop => delete page_info[prop]);
 
-    enforce_blocking(policy);
+    if ("payload" in policy) {
+	const msg = ["indexeddb_files", policy.payload.identifier];
+	var scripts_prom = browser.runtime.sendMessage(msg);
+    }
+
+    await enforce_blocking(policy);
+
+    if ("payload" in policy) {
+	const script_response = await scripts_prom;
+
+	if ("error" in script_response) {
+	    resolve_page_info(Object.assign(page_info, script_response));
+	    return;
+	} else {
+	    for (const script_contents of script_response) {
+		const html_ns = "http://www.w3.org/1999/xhtml";
+		const script = document.createElementNS(html_ns, "script");
+
+		script.innerText = script_contents;
+		script.setAttribute("nonce", policy.nonce);
+		document.documentElement.append(script);
+		script.remove();
+	    }
+	}
+    }
+
+    resolve_page_info(page_info);
 }
 
 function main() {
-- 
cgit v1.2.3