/**
 * Myext main content script run in all frames
 *
 * Copyright (C) 2021 Wojtek Kosior
 * Redistribution terms are gathered in the `copyright' file.
 */

/*
 * IMPORTS_START
 * IMPORT handle_page_actions
 * IMPORT url_item
 * IMPORT url_extract_target
 * IMPORT gen_unique
 * IMPORT csp_rule
 * IMPORT sanitize_attributes
 * IMPORT script_suppressor
 * IMPORT is_chrome
 * IMPORT is_mozilla
 * IMPORTS_END
 */

/*
 * Due to some technical limitations the chosen method of whitelisting sites
 * is to smuggle whitelist indicator in page's url as a "magical" string
 * after '#'. Right now this is not needed in HTTP(s) pages where native
 * script blocking happens through CSP header injection but is needed for
 * protocols like ftp:// and file://.
 *
 * The code that actually injects the magical string into ftp:// and file://
 * urls has not yet been added to the extension.
 */

let url = url_item(document.URL);
let unique = gen_unique(url);

const suppressor = script_suppressor(unique);

function needs_blocking()
{
    if (url.startsWith("https://") || url.startsWith("http://"))
	return false;

    const parsed_url = url_extract_target(document.URL);

    if (parsed_url.target !== undefined &&
	parsed_url.target === '#' + unique) {
	if (parsed_url.target2 !== undefined)
	    window.location.href = parsed_url.base_url + parsed_url.target2;
	else
	    history.replaceState(null, "", parsed_url.base_url);

	console.log(["allowing whitelisted", document.URL]);
	return false;
    }

    console.log(["disallowing", document.URL]);
    return true;
}

function handle_mutation(mutations, observer)
{
    if (document.readyState === 'complete') {
	console.log("mutation handling complete");
	observer.disconnect();
	return;
    }
    for (const mutation of mutations) {
	for (const node of mutation.addedNodes)
	    block_node(node);
    }
}

function block_nodes_recursively(node)
{
    block_node(node);
    for (const child of node.children)
	block_nodes_recursively(child);
}

function block_node(node)
{
    /*
     * Modifying <script> element doesn't always prevent its
     * execution in some Mozilla browsers. Additional blocking
     * through CSP meta tag injection is required.
     */
    if (node.tagName === "SCRIPT") {
	block_script(node);
	return;
    }

    sanitize_attributes(node);

    if (node.tagName === "HEAD")
	inject_csp(node);
}

function block_script(node)
{
    /*
     * Disabling scripts this way allows them to still be relatively
     * easily accessed in case they contain some useful data.
     */
    if (node.hasAttribute("type"))
	node.setAttribute("blocked-type", node.getAttribute("type"));
    node.setAttribute("type", "application/json");
}

function inject_csp(head)
{
    console.log('injecting CSP');

    let meta = document.createElement("meta");
    meta.setAttribute("http-equiv", "Content-Security-Policy");
    meta.setAttribute("content", csp_rule(unique));

    if (head.firstElementChild === null)
	head.appendChild(meta);
    else
	head.insertBefore(meta, head.firstElementChild);
}

if (needs_blocking()) {
    block_nodes_recursively(document.documentElement);

    if (is_chrome) {
	var observer = new MutationObserver(handle_mutation);
	observer.observe(document.documentElement, {
	    attributes: true,
	    childList: true,
	    subtree: true
	});
    }

    if (is_mozilla)
	addEventListener('beforescriptexecute', suppressor, true);
}

handle_page_actions(unique);