blob: 0a3a4259920037387a42705d7aeaadf3c86a6a77 (
about) (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
/**
* Myext miscellaneous operations refactored to a separate file
*
* Copyright (C) 2021 Wojtek Kosior
* Redistribution terms are gathered in the `copyright' file.
*/
/*
* IMPORTS_START
* IMPORT sha256
* IMPORT browser
* IMPORT is_chrome
* IMPORTS_END
*/
/*
* generating unique, per-site value that can be computed synchronously
* and is impossible to guess for a malicious website
*/
function gen_unique(url)
{
return sha256(get_secure_salt() + url);
}
function get_secure_salt()
{
if (is_chrome)
return browser.runtime.getManifest().key.substring(0, 50);
else
return browser.runtime.getURL("dummy");
}
/*
* stripping url from query and target (everything after `#' or `?'
* gets removed)
*/
function url_item(url)
{
let url_re = /^([^?#]*).*$/;
let match = url_re.exec(url);
return match[1];
}
/*
* Assume a url like: https://example.com/green?illuminati=confirmed#tinky#winky
* This function will make it into an object like:
* {
* "base_url" : "https://example.com/green?illuminati=confirmed",
* "target" : "#tinky",
* "target2" : "#winky"
* }
* In case url doesn't have 2 #'s, target2 and target can be set to undefined.
*/
function url_extract_target(url)
{
let url_re = /^([^#]*)((#[^#]*)(#.*)?)?$/;
let match = url_re.exec(url);
return {
base_url : match[1],
target : match[3],
target2 : match[4]
};
}
/* csp rule that blocks all scripts except for those injected by us */
function csp_rule(nonce)
{
let rule = `script-src 'nonce-${nonce}';`;
if (is_chrome)
rule += `script-src-elem 'nonce-${nonce}';`;
return rule;
}
/*
* EXPORTS_START
* EXPORT gen_unique
* EXPORT url_item
* EXPORT url_extract_target
* EXPORT csp_rule
* EXPORTS_END
*/
|