summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2018-10-13 10:08:37 +0200
committerhackademix2018-10-13 10:08:37 +0200
commit808fd652be324098b3083302bc3218e47a11aba5 (patch)
treee6c53d53ad578f871c0cbca8126921045b4d5e07
parente44fce3ebd6c348b9e09304d8b79e90f3867bd60 (diff)
downloadnoscript-808fd652be324098b3083302bc3218e47a11aba5.tar.gz
noscript-808fd652be324098b3083302bc3218e47a11aba5.tar.xz
noscript-808fd652be324098b3083302bc3218e47a11aba5.zip
Use cookie instead of window.name as a tab-configuration hack.
-rw-r--r--src/bg/ChildPolicies.js27
-rw-r--r--src/bg/RequestGuard.js9
-rw-r--r--src/bg/Settings.js1
-rw-r--r--src/content/staticNS.js29
4 files changed, 30 insertions, 36 deletions
diff --git a/src/bg/ChildPolicies.js b/src/bg/ChildPolicies.js
index f3845bd..b6904f8 100644
--- a/src/bg/ChildPolicies.js
+++ b/src/bg/ChildPolicies.js
@@ -1,6 +1,6 @@
"use strict";
{
- let marker = JSON.stringify(uuid());
+ let marker = uuid();
let allUrls = ["<all_urls>"];
let Scripts = {
@@ -47,7 +47,7 @@
if (typeof perms !== "string") {
perms = JSON.stringify(perms);
}
- return `ns.setup(${perms}, ${marker});`
+ return `ns.setup(${perms}, "${marker}");`
}
};
@@ -104,18 +104,17 @@
: [];
var ChildPolicies = {
- async storeTabInfo(tabId, info) {
- try {
- let preamble = info ? `${marker} + ${JSON.stringify(JSON.stringify([info]))} + ${marker} + "," + ` : "";
- await browser.tabs.executeScript(tabId, {
- code: `window.name = ${preamble}window.name.split(${marker} + ",").pop();`,
- allFrames: true,
- matchAboutBlank: true,
- runAt: "document_start",
- });
- } catch (e) {
- error(e);
+ addTabInfoCookie(request, info) {
+ let h = {
+ name: "Set-Cookie",
+ value: `${marker}=${JSON.stringify(info)}`
+ };
+ let {responseHeaders} = request;
+ if (responseHeaders.some(({value, name}) => h.value === value && h.name === name)) {
+ return false;
}
+ responseHeaders.push(h);
+ return true;
},
async update(policy, tracing) {
if (tracing !== "undefined") Scripts.debug = tracing;
@@ -123,7 +122,7 @@
await Scripts.init();
if (!policy.enforced) {
- await Scripts.register(`ns.setup(null, ${marker});`, allUrls);
+ await Scripts.register(Scripts.buildPerms("null"), allUrls);
return;
}
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index 436d043..9be532f 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -292,6 +292,7 @@ var RequestGuard = (() => {
async onHeadersReceived(request) {
// called for main_frame, sub_frame and object
// check for duplicate calls
+ let headersModified = false;
let pending = pendingRequests.get(request.requestId);
if (pending) {
if (pending.headersProcessed) {
@@ -319,7 +320,10 @@ var RequestGuard = (() => {
capabilities = perms.capabilities;
} else {
if (isMainFrame || type === "sub_frame") {
- await Settings.enforceTabRestrictions(tabId);
+ let unrestricted = ns.unrestrictedTabs.has(tabId) && {unrestricted: true};
+ if (unrestricted) {
+ headersModified = ChildPolicies.addTabInfoCookie(request, unrestricted);
+ }
}
}
if (isMainFrame && !TabStatus.map.has(tabId)) {
@@ -331,6 +335,9 @@ var RequestGuard = (() => {
if (header) {
pending.cspHeader = header;
debug(`CSP blocker on %s:`, url, header.value);
+ headersModified = true;
+ }
+ if (headersModified) {
return {responseHeaders};
}
} catch (e) {
diff --git a/src/bg/Settings.js b/src/bg/Settings.js
index a5fca55..0a911ee 100644
--- a/src/bg/Settings.js
+++ b/src/bg/Settings.js
@@ -90,7 +90,6 @@ var Settings = {
if (typeof unrestrictedTab === "boolean") {
ns.unrestrictedTabs[unrestrictedTab ? "add" : "delete"](tabId);
- this.enforceTabRestrictions(tabId, unrestrictedTab);
}
if (reloadAffected) {
browser.tabs.reload(tabId);
diff --git a/src/content/staticNS.js b/src/content/staticNS.js
index 429814c..c746180 100644
--- a/src/content/staticNS.js
+++ b/src/content/staticNS.js
@@ -47,33 +47,22 @@
this.config.permissions = permissions;
// ugly hack: since now we use registerContentScript instead of the
- // filterRequest dynamic script injection hack, we use window.name
- // to store per-tab information. We don't want web content to
- // mess with it, though, so we wrap it around auto-hiding accessors
+ // filterRequest dynamic script injection hack, we use a session cookie
+ // to store per-tab information, erasing it as soon as we see it
+ // (before any content can access it)
if (this.config.MARKER = MARKER) {
- let splitter = `${MARKER},`;
- this.getWindowName = () => window.name.split(splitter).pop();
-
- let tabInfoRx = new RegExp(`^${MARKER}\\[([^]*?)\\]${MARKER},`);
-
- let tabInfoMatch = window.name.match(tabInfoRx);
- if (tabInfoMatch) {
+ let cookieRx = new RegExp(`(?:^|;\\s*)${MARKER}=([^;]*)`);
+ let match = document.cookie.match(cookieRx);
+ if (match) {
+ // delete cookie NOW
+ document.cookie = `${MARKER}=;expires=${new Date(Date.now() - 31536000000).toGMTString()}`;
try {
- this.config.tabInfo = JSON.parse(tabInfoMatch[1]);
+ this.config.tabInfo = JSON.parse(decodeURIComponent(match[1]));
} catch (e) {
error(e);
}
}
-
- Reflect.defineProperty(window.wrappedJSObject, "name", {
- get: exportFunction(() => this.getWindowName(), window.wrappedJSObject),
- set: exportFunction(value => {
- let tabInfoMatch = window.name.match(tabInfoRx);
- window.name = tabInfoMatch ? `${tabInfoMatch[0]}${value}` : value;
- return value;
- }, window.wrappedJSObject)
- });
}
if (!this.config.permissions || this.config.tabInfo.unrestricted) {
debug("%s is loading unrestricted by user's choice (%o).", document.URL, this.config);