diff options
Diffstat (limited to 'src')
86 files changed, 10371 insertions, 0 deletions
diff --git a/src/_locales/en/messages.json b/src/_locales/en/messages.json new file mode 100644 index 0000000..467347c --- /dev/null +++ b/src/_locales/en/messages.json @@ -0,0 +1,675 @@ +{ + "Add": { + "message": "Add" + }, + "Add_accesskey": { + "message": "A" + }, + "AdditionalPermissions": { + "message": "Additional permissions for trusted sites" + }, + "AdditionalRestrictions": { + "message": "Additional restrictions for untrusted sites" + }, + "SectionAdvanced": { + "message": "Advanced" + }, + "Allow": { + "message": "Allow" + }, + "Allow_accesskey": { + "message": "l" + }, + "AllowBookmarks": { + "message": "Allow sites opened through bookmarks" + }, + "AllowClipboard": { + "message": "Allow rich text copy and paste from external clipboard" + }, + "AllowLocalLinks": { + "message": "Allow local links" + }, + "AllowPage": { + "message": "Allow all this page" + }, + "AllowPage_accesskey": { + "message": "A" + }, + "AllowPing": { + "message": "Allow <A PING…>" + }, + "AllowViaBookmarks": { + "message": "Allow sites opened through bookmarks" + }, + "AlwaysBlockUntrustedContent": { + "message": "Block every object coming from a site marked as untrusted" + }, + "SectionAppearance": { + "message": "Appearance" + }, + "AutoAllowTopLevel": { + "message": "Temporarily set top-level sites to TRUSTED" + }, + "AutoReload": { + "message": "Automatically reload affected pages when permissions change" + }, + "AutoReload_currentTab": { + "message": "Reload the current tab only" + }, + "BaseDom": { + "message": "Base 2nd level Domains (noscript.net)" + }, + "BlockedItems": { + "message": "Blocked $1 of $2 items." + }, + "BlockedObjects": { + "message": "NoScript Blocked Objects" + }, + "BookmarkSync": { + "message": "Backup NoScript configuration in a bookmark for easy synchronization" + }, + "Cancel": { + "message": "Cancel" + }, + "CascadePermissions": { + "message": "Cascade top document's permissions to 3rd party scripts" + }, + "ClearClickDescription": { + "message": "NoScript intercepted a mouse or keyboard interaction with a partially hidden element. Click on the image below to cycle between the obstructed and the clear version." + }, + "ClearClickHeader": { + "message": "Potential Clickjacking / UI Redressing Attempt!" + }, + "ClearClickOpt": { + "message": "ClearClick protection on pages…" + }, + "ClearClickReport": { + "message": "Report" + }, + "ClearClickReport_accesskey": { + "message": "R" + }, + "ClearClickReportId": { + "message": "Report ID:" + }, + "ClearClickTitle": { + "message": "ClearClick Warning" + }, + "Close": { + "message": "Close" + }, + "CollapseBlockedObjects": { + "message": "Collapse blocked objects" + }, + "ConfirmUnblock": { + "message": "Ask for confirmation before temporarily unblocking an object" + }, + "ContentBlocker": { + "message": "Apply these restrictions to whitelisted sites too" + }, + "CtxMenu": { + "message": "Contextual menu" + }, + "Custom": { + "message": "Custom" + }, + "CustomizePresets": { + "message": "Preset customization (for all the sites sharing a preset)" + }, + "Default": { + "message": "Default" + }, + "DefaultPolicies": { + "message": "Default Policies" + }, + "Description": { + "message": "Extra protection for your Firefox: NoScript allows JavaScript, Flash (and other plugins) only for trusted domains of your choice (e.g. your home-banking web site). This whitelist based pre-emptive blocking approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality… Experts will agree: Firefox is really safer with NoScript :-)" + }, + "Donate": { + "message": "Donate" + }, + "Donate_accesskey": { + "message": "o" + }, + "Embeddings": { + "message": "Embeddings" + }, + "Exceptions": { + "message": "Exceptions…" + }, + "Export": { + "message": "Export" + }, + "Export_accesskey": { + "message": "E" + }, + "FixLinks": { + "message": "Attempt to fix JavaScript links" + }, + "Hider": { + "message": "Drop here to hide." + }, + "Reveal": { + "message": "Click here to retrieve missing buttons…" + }, + "ShowFullAddresses": { + "message": "List full addresses in the permissions popup (https://www.noscript.net)" + }, + + "SectionGeneral": { + "message": "General" + }, + "GlobalHttpsWhitelist": { + "message": "Allow HTTPS scripts globally on HTTPS documents" + }, + "NotEnforced": { + "message": "Restrictions disabled" + }, + "NoEnforcement": { + "message": "Disable restrictions globally (dangerous)" + }, + "Enforce": { + "message": "Enable restrictions globally" + }, + "NoEnforcementForTab": { + "message": "Disable restrictions for this tab" + }, + "EnforceForTab": { + "message": "Enable restrictions for this tab" + }, + "httpsOnly": { + "message": "Match HTTPS content only" + }, + "Https": { + "message": "HTTPS" + }, + "Https_always": { + "message": "Always" + }, + "Https_behavior": { + "message": "Behavior" + }, + "Https_cookies": { + "message": "Cookies" + }, + "Https_description": { + "message": "Forbid active web content unless it comes from a secure (HTTPS) connection:" + }, + "Https_never": { + "message": "Never" + }, + "Https_proxy": { + "message": "When using a proxy (recommended with Tor)" + }, + "HttpsFaq": { + "message": "HTTPS FAQ…" + }, + "HttpsFaq_accesskey": { + "message": "Q" + }, + "HttpsForced": { + "message": "Force the following sites to use secure (HTTPS) connections:" + }, + "HttpsForcedExceptions": { + "message": "Never force secure (HTTPS) connections for the following sites:" + }, + "Import": { + "message": "Import" + }, + "Import_accesskey": { + "message": "I" + }, + "KeepLocked": { + "message": "Keep this element locked (recommended)" + }, + "MatchSample": { + "message": "Pattern matching sample:" + }, + "Next": { + "message": "Next" + }, + "NoUntrustedPlaceholder": { + "message": "No placeholder for objects coming from sites marked as untrusted" + }, + "Notifications": { + "message": "Notifications" + }, + "Notify": { + "message": "Show message about blocked scripts" + }, + "Notify_bottom": { + "message": "Place message at the bottom" + }, + "NotifyMeta": { + "message": "Show message about blocked META redirections" + }, + "NotifyMeta_accesskey": { + "message": "R" + }, + "NselForce": { + "message": "Show the <NOSCRIPT> element which follows a blocked <SCRIPT>" + }, + "NselNever": { + "message": "Hide <NOSCRIPT> elements" + }, + "OK": { + "message": "OK" + }, + "OptBlockCssScanners": { + "message": "Block CSS-based scanners" + }, + "OptFilterXGet": { + "message": "Sanitize cross-site suspicious requests" + }, + "OptFilterXPost": { + "message": "Turn cross-site POST requests into data-less GET requests" + }, + "Options": { + "message": "Options…" + }, + "Options_accesskey": { + "message": "O" + }, + "OptionsLong": { + "message": "NoScript Options" + }, + "OptionsWidth": { + "message": "40em" + }, + "PermanentInPrivate": { + "message": "Permanent \"Allow\" commands in private windows" + }, + "SectionSitePermissions": { + "message": "Per-site Permissions" + }, + "PermissionsText": { + "message": "You can specify which web sites are allowed to execute scripts. Type the address or the domain (e.g. \"http://www.site.com\" or \"site.com\") of the site you want to allow and then click Allow." + }, + "Plugins": { + "message": "Plugins" + }, + "Policies": { + "message": "Policies" + }, + "Preset": { + "message": "Security Level" + }, + "Preset_high": { + "message": "Fortress (Full lockdown)" + }, + "Preset_low": { + "message": "Easy going (Blacklist + Web Security)" + }, + "Preset_medium": { + "message": "Classic (Whitelist + Web Security)" + }, + "Preset_off": { + "message": "Off (are you serious?!)" + }, + "Prev": { + "message": "Previous" + }, + "RecentBlocked": { + "message": "Recently blocked sites" + }, + "Refresh": { + "message": "Refresh" + }, + + "ReloadWarn": { + "message": "These options will take effect on new or (manually) reloaded pages" + }, + "RemoveSelected": { + "message": "Remove Selected Sites" + }, + "Reset": { + "message": "Reset" + }, + "Reset_accesskey": { + "message": "s" + }, + "ResetDef": { + "message": "Reset to Default" + }, + "ResetDef_accesskey": { + "message": "D" + }, + "RestrictSubdocScripting": { + "message": "Block scripting in whitelisted subdocuments of non-whitelisted pages" + }, + "RevokeTemp": { + "message": "Revoke Temporary Permissions" + }, + "RevokeTemp_accesskey": { + "message": "R" + }, + "SecureCookies": { + "message": "Enable Automatic Secure Cookies Management" + }, + "SecureCookiesExceptions": { + "message": "Ignore unsafe cookies set over HTTPS by the following sites:" + }, + "SecureCookiesForced": { + "message": "Force encryption for all the cookies set over HTTPS by the following sites:" + }, + "SecurityManager": { + "message": "Security Manager" + }, + "Show": { + "message": "Show…" + }, + "ShowConsole": { + "message": "Show Console…" + }, + "ShowConsole_accesskey": { + "message": "S" + }, + "ShowPlaceholder": { + "message": "Show placeholder icon" + }, + "ShowReleaseNotes": { + "message": "Display the release notes on updates" + }, + "ShowCtxMenuItem": { + "message": "Show NoScript contextual menu item" + }, + "ShowCountBadge": { + "message": "Display script count badge" + }, + "SitePermissions": { + "message": "Site Permissions" + }, + "SitePermissions_accessKey": { + "message": "S" + }, + "SitePolicies": { + "message": "Site Specific Policies" + }, + "TempTrustPage": { + "message": "Set all on this page to Temporarily TRUSTED" + }, + "TempTrustPage_accesskey": { + "message": "T" + }, + "TempToPerm": { + "message": "Make page permissions permanent" + }, + "TempToPerm_accesskey": { + "message": "M" + }, + + "Trust": { + "message": "Mark as Trusted" + }, + "Trust_accesskey": { + "message": "T" + }, + "Trusted": { + "message": "Trusted" + }, + "Trusted_temporary": { + "message": "Temp. TRUSTED" + }, + "Trusted_permanent": { + "message": "TRUSTED" + }, + "TrustedPagesAdj": { + "message": "trusted" + }, + "Uninstall": { + "message": "Uninstall" + }, + "Unknown": { + "message": "Unknown" + }, + "UnsafeReload": { + "message": "Unsafe Reload" + }, + "UnsafeReload_accesskey": { + "message": "R" + }, + "Untrust": { + "message": "Mark as Untrusted" + }, + "Untrust_accesskey": { + "message": "U" + }, + "Untrusted": { + "message": "Untrusted" + }, + "UntrustedPagesAdj": { + "message": "untrusted" + }, + "WebAddress": { + "message": "Search or add a web site:" + }, + "WebAddress_accesskey": { + "message": "w" + }, + "Whitelist": { + "message": "Whitelist" + }, + "XSS_notify": { + "message": "Show XSS notifications" + }, + "XSS_clearUserChoices": { + "message": "Clear XSS Choices" + }, + "XSS_promptTitle": { + "message": "NoScript XSS Warning" + }, + "XSS_promptMessage": { + "message": "NoScript detected a potential Cross-Site Scripting attack\nfrom $1 to $2.\nSuspicious data:\n$3" + }, + "XSS_optBlock": { + "message": "Block this request" + }, + "XSS_optSanitize": { + "message": "Sanitize this request" + }, + "XSS_optAllow": { + "message": "Allow this request" + }, + "XSS_optAlwaysAllow": { + "message": "Always allow document requests from $1 to $2" + }, + "XSS_optAlwaysBlock": { + "message": "Always block document requests from $1 to $2" + }, + "Xss": { + "message": "XSS" + }, + "Xss_accesskey": { + "message": "X" + }, + "XssExceptions": { + "message": "Anti-XSS Protection Exceptions" + }, + "XssExceptions_description": { + "message": "Destinations matching these regular expressions will NOT be protected against XSS." + }, + "XssFaq": { + "message": "XSS FAQ…" + }, + "XssFaq_accesskey": { + "message": "Q" + }, + "about": { + "message": "About $1" + }, + "allowFrom": { + "message": "Allow all from $1" + }, + "allowGlobal": { + "message": "Disable all the permissions checks (dangerous)" + }, + "allowLocal": { + "message": "Allow $1" + }, + "allowTemp": { + "message": "Temporarily allow $1" + }, + "allowTempFrom": { + "message": "Temporarily allow all from $1" + }, + + "allowed_no": { + "message": "Scripts Currently Forbidden" + }, + "allowed_prt": { + "message": "Scripts Partially Allowed" + }, + "allowed_yes": { + "message": "Scripts Currently Allowed" + }, + "alwaysAsk": { + "message": "Always ask for confirmation" + }, + "audio_samples": { + "message": "Audio samples" + }, + "bookmarkSync_confirm": { + "message": "NoScript has found a configuration bookmark seemingly saved on\n$1.\nDo you really want to overwrite your local NoScript configuration with this bookmark's content?" + }, + "bookmarkSync_message": { + "message": "This bookmark is NOT meant to be opened, but to be synchronized using a service such as Weave or the XMarks extension." + }, + "bookmarkSync_title": { + "message": "NoScript Configuration Bookmark" + }, + "cap_script": { + "message": "script" + }, + "cap_frame": { + "message": "frame" + }, + "cap_object": { + "message": "object" + }, + "cap_media": { + "message": "media" + }, + "cap_font": { + "message": "font" + }, + "cap_webgl": { + "message": "webgl" + }, + "cap_fetch": { + "message": "fetch" + }, + "cap_other": { + "message": "other" + }, + "changelog": { + "message": "Changelog" + }, + "changelog_tip": { + "message": "Show changelog" + }, + "confirm": { + "message": "Are you sure?" + }, + "disable": { + "message": "Disable $1" + }, + "disable_accessKey": { + "message": "D" + }, + "distrust": { + "message": "Mark $1 as Untrusted" + }, + "extensionContributors": { + "message": "Contributors:" + }, + "extensionContributors_tip": { + "message": "People you should thank for this extension" + }, + "extensionCreator_tip": { + "message": "Visit author home page" + }, + "extensionCreatorLabel": { + "message": "Author:" + }, + "extensionHomepage_tip": { + "message": "Visit extension home page" + }, + "forbidGlobal": { + "message": "Forbid Scripts Globally (advised)" + }, + "forbidLocal": { + "message": "Forbid $1" + }, + "freshInstallReload": { + "message": "In order to operate on this tab, NoScript needs to reload it.\nProceed?" + }, + + "privilegedPage": { + "message": "This is a privileged page, whose permissions cannot be configured." + }, + + "incompatibleOptions": { + "message": "\"$1\"\nis incompatible with \"$2\".\nDo you want to enable the former and disable the latter?" + }, + "incompatibleOptions_title": { + "message": "Incompatible Options Warning" + }, + "informaction_tip": { + "message": "Visit InformAction home page" + }, + "license": { + "message": "License" + }, + "license_tip": { + "message": "Read end-user license" + }, + "logo_tip": { + "message": "Visit extension home page" + }, + "metaRefresh_notify": { + "message": "NoScript blocked a <META> redirection inside a <NOSCRIPT> element: $1 in $2 seconds." + }, + + "Reload": { + "message": "Reload" + }, + "removal_message": { + "message": "By disabling or uninstalling NoScript, you give up ALL the protections provided by NoScript.\n\nIf you're just tired of handling script permissions site by site, there's a safer choice.\n\nNoScript can stop blocking scripts, except those you mark as untrusted, while still protecting you with the most advanced security countermeasures against XSS, Clickjacking, CSRF and other web threats.\n\nDo you really want to remove ALL the NoScript protections?\n" + }, + "removal_no": { + "message": "No, just stop blocking scripts" + }, + "removal_title": { + "message": "Security Downgrade Warning" + }, + "removal_yes": { + "message": "Yes, remove ALL protections" + }, + "reset_title": { + "message": "NoScript Reset" + }, + "reset_warning": { + "message": "ALL the NoScript preferences and site permissions will be reset to their default values immediately.\nThis action cannot be reverted.\nDo you want to continue?" + }, + "siteInfo_confirm": { + "message": "You're about to ask for information about the \"$1\" site\nby submitting a query to $2.\nDo you want to continue?" + }, + "siteInfo_tooltip": { + "message": "Middle-click or shift+click for site info..." + }, + "sponsor_tip": { + "message": "Visit sponsor home page" + }, + "unsafeReload_warning": { + "message": "UNSAFELY reloading a suspicious\n\n$1 [$2]\n\nFROM [$3]\n\nNoScript will NOT protect this request!\n" + }, + "untrustedOrigin": { + "message": "an untrusted origin" + }, + "version": { + "message": "Version $1" + }, + "versionShort": { + "message": "v $1" + } +} diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js new file mode 100644 index 0000000..0f1558c --- /dev/null +++ b/src/bg/RequestGuard.js @@ -0,0 +1,549 @@ +var RequestGuard = (() => { + 'use strict'; + const VERSION_LABEL = `NoScript ${browser.runtime.getManifest().version}`; + browser.browserAction.setTitle({title: VERSION_LABEL}); + const REPORT_URI = "https://noscript-csp.invalid/__NoScript_Probe__/"; + const REPORT_GROUP = "NoScript-Endpoint"; + const REPORT_TO = { + name: "Report-To", + value: JSON.stringify({ "url": REPORT_URI, + "group": REPORT_GROUP, + "max-age": 10886400 }), + }; + const CSP = { + name: "content-security-policy", + start: `report-uri ${REPORT_URI};`, + end: `;report-to ${REPORT_URI};`, + isMine(header) { + let {name, value} = header; + if (name.toLowerCase() !== CSP.name) return false; + let startIdx = value.indexOf(this.start); + return startIdx > -1 && startIdx < value.lastIndexOf(this.end); + }, + inject(headerValue, mine) { + let startIdx = headerValue.indexOf(this.start); + if (startIdx < 0) return `${headerValue};${mine}`; + let endIdx = headerValue.lastIndexOf(this.end); + let retValue = `${headerValue.substring(0, startIdx)}${mine}`; + + return endIdx < 0 ? retValue : `${retValue}${headerValue.substring(endIdx + this.end.length + 1)}`; + }, + create(...directives) { + return `${this.start}${directives.join(';')}${this.end}`; + }, + createBlocker(...types) { + return this.create(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`))); + }, + blocks(header, type) { + return header.includes(`;${type}-src 'none';`) + }, + types: ["script", "object", "media"], + }; + + const policyTypesMap = { + main_frame: "", + sub_frame: "frame", + script: "script", + xslt: "script", + xbl: "script", + font: "font", + object: "object", + object_subrequest: "fetch", + xmlhttprequest: "fetch", + ping: "ping", + beacon: "ping", + media: "media", + other: "", + }; + const allTypes = Object.keys(policyTypesMap); + Object.assign(policyTypesMap, {"webgl": "webgl"}); // fake types + + const FORBID_DATAURI_TYPES = ["font", "media", "object"]; + + const TabStatus = { + map: new Map(), + types: ["script", "object", "media", "frame", "font"], + newRecords() { + return { + allowed: {}, + blocked: {}, + noscriptFrames: {}, + } + }, + + initTab(tabId, records = this.newRecords()) { + this.map.set(tabId, records); + return records; + }, + + _record(request, what, optValue) { + let {tabId, frameId, type, url, documentUrl} = request; + let policyType = policyTypesMap[type] || type; + let requestKey = Policy.requestKey(url, documentUrl, policyType); + let map = this.map; + let records; + if (map.has(tabId)) { + records = map.get(tabId); + } else { + records = this.initTab(tabId); + } + + if (what === "noscriptFrame") { + let nsf = records.noscriptFrames; + if (frameId in nsf) { + return null; + } + nsf[frameId] = optValue; + what = optValue ? "blocked" : "allowed"; + if (frameId === 0) { + request.type = type = "main_frame"; + Content.reportTo(request, optValue, type); + } + } + let collection = records[what]; + if (type in collection) { + if (!collection[type].includes(requestKey)) { + collection[type].push(requestKey); + } + } else { + collection[type] = [requestKey]; + } + return records; + }, + + record(request, what, optValue) { + let records = this._record(request, what, optValue); + if (records) { + this.updateTab(request.tabId); + } + }, + + _pendingTabs: new Set(), + + updateTab(tabId) { + if (this._pendingTabs.size === 0) { + window.setTimeout(() => { // clamp UI updates + for (let tabId of this._pendingTabs) { + this._updateTabNow(tabId); + } + this._pendingTabs.clear(); + }, 200); + } + this._pendingTabs.add(tabId); + }, + _updateTabNow(tabId) { + this._pendingTabs.delete(tabId); + let records = this.map.get(tabId) || this.initTab(tabId); + let {allowed, blocked, noscriptFrames} = records; + let topAllowed = !(noscriptFrames && noscriptFrames[0]); + + let numAllowed = 0, numBlocked = 0, sum = 0; + let report = this.types.map(t => { + let a = allowed[t] && allowed[t].length || 0, b = blocked[t] && blocked[t].length || 0, s = a + b; + numAllowed+= a, numBlocked += b, sum += s; + return s && `<${t === "sub_frame" ? "frame" : t}>: ${b}/${s}`; + }).filter(s => s).join("\n"); + + let enforced = ns.isEnforced(tabId); + + let icon = topAllowed ? + (numBlocked ? "part" + : enforced ? "yes" : "global") + : (numAllowed ? "sub" : "no"); + let showBadge = ns.local.showCountBadge && numBlocked > 0; + + let browserAction = browser.browserAction; + browserAction.setIcon({tabId, path: {64: `/img/ui-${icon}64.png`}}); + browserAction.setBadgeText({tabId, text: showBadge ? numBlocked.toString() : ""}); + browserAction.setBadgeBackgroundColor({tabId, color: [255, 0, 0, 128]}); + browserAction.setTitle({tabId, + title: `${VERSION_LABEL} \n${enforced ? + _("BlockedItems", [numBlocked, numAllowed + numBlocked]) + ` \n${report}` + : _("NotEnforced")}` + }); + }, + + totalize(sum, value) { + return sum + value; + }, + + async probe(tabId) { + if (tabId === undefined) { + (await browser.tabs.query({})).forEach(tab => TabStatus.probe(tab.id)); + } else { + try { + TabStatus.recordAll(tabId, await ns.collectSeen(tabId)); + } catch (e) { + error(e); + } + } + }, + + recordAll(tabId, seen) { + if (seen) { + let records = TabStatus.map.get(tabId); + if (records) { + records.allowed = {}; + records.blocked = {}; + } + for (let thing of seen) { + thing.request.tabId = tabId; + TabStatus._record(thing.request, thing.allowed ? "allowed" : "blocked"); + } + this._updateTabNow(tabId); + } + }, + + async onActivatedTab(info) { + let {tabId} = info; + let seen = await ns.collectSeen(tabId); + + TabStatus.recordAll(tabId, seen); + }, + onRemovedTab(tabId) { + TabStatus.map.delete(tabId); + }, + } + browser.tabs.onActivated.addListener(TabStatus.onActivatedTab); + browser.tabs.onRemoved.addListener(TabStatus.onRemovedTab); + + if (!("setIcon" in browser.browserAction)) { // unsupported on Android + TabStatus._updateTabNow = TabStatus.updateTab = () => {}; + } + + const Content = { + + + async hearFrom(message, sender) { + debug("Received message from content", message, sender); + switch (message.type) { + case "pageshow": + TabStatus.recordAll(sender.tab.id, message.seen); + return true; + case "enable": + let {url, documentUrl, policyType} = message; + let TAG = `<${policyType.toUpperCase()}>`; + let origin = Sites.origin(url); + let {siteKey} = Sites.parse(url); + let options; + if (siteKey === origin) { + TAG += `@${siteKey}`; + } else { + options = [ + {label: _("allowLocal", siteKey), checked: true}, + {label: _("allowLocal", origin)} + ]; + } + // let parsedDoc = Sites.parse(documentUrl); + let t = u => `${TAG}@${u}`; + let ret = await Prompts.prompt({ + title: _("BlockedObjects"), + message: _("allowLocal", TAG), + options}); + debug(`Prompt returned %o`); + if (ret.button !== 0) return; + let key = [siteKey, origin][ret.option || 0]; + if (!key) return; + let {siteMatch, contextMatch, perms} = ns.policy.get(key, documentUrl); + let {capabilities} = perms; + if (!capabilities.has(policyType)) { + perms = new Permissions(new Set(capabilities), false); + perms.capabilities.add(policyType); + + /* TODO: handle contextual permissions + if (documentUrl) { + let context = new URL(documentUrl).origin; + let contextualSites = new Sites([context, perms]); + perms = new Permissions(new Set(capabilities), false, contextualSites); + } + */ + ns.policy.set(key, perms); + ns.savePolicy(); + } + return true; + case "canScript": + let records = TabStatus.map.get(sender.tab.id); + debug("Records.noscriptFrames %o, canScript: %s", records && records.noscriptFrames, !(records && records.noscriptFrames[sender.frameId])); + return !(records && records.noscriptFrames[sender.frameId]); + } + }, + + async reportTo(request, allowed, policyType) { + let {requestId, tabId, frameId, type, url, documentUrl, originUrl} = request; + let pending = pendingRequests.get(requestId); // null if from a CSP report + let initialUrl = pending ? pending.initialUrl : request.url; + request = { + key: Policy.requestKey(url, type, documentUrl || "", /^(media|object|frame)$/.test(type)), + type, url, documentUrl, originUrl + }; + if (tabId < 0) return; + if (pending) request.initialUrl = pending.initialUrl; + try { + browser.tabs.sendMessage( + tabId, + {type: "seen", request, allowed, policyType, ownFrame: true}, + {frameId} + ); + } catch (e) { + debug(`Couldn't deliver "seen" message for ${type}@${url} ${allowed ? "A" : "F" } to document ${documentUrl} (${frameId}/${tabId}`, e); + } + if (frameId === 0) return; + try { + browser.tabs.sendMessage( + tabId, + {type: "seen", request, allowed, policyType}, + {frameId: 0} + ); + } catch (e) { + debug(`Couldn't deliver "seen" message to top frame containing ${documentUrl} (${frameId}/${tabId}`, e); + } + } + }; + browser.runtime.onMessage.addListener(Content.hearFrom); + + const pendingRequests = new Map(); + function initPendingRequest(request) { + let {requestId, url} = request; + let redirected = pendingRequests.get(requestId); + let initialUrl = redirected ? redirected.initialUrl : url; + pendingRequests.set(requestId, { + url, redirected, + onCompleted: new Set(), + }); + return redirected; + } + + + const ABORT = {cancel: true}, ALLOW = {}; + const listeners = { + onBeforeRequest(request) { + try { + let redirected = initPendingRequest(request); + let {policy} = ns; + let policyType = policyTypesMap[request.type]; + if (policyType) { + let {url, originUrl, documentUrl} = request; + if (("fetch" === policyType || "frame" === policyType) && + (url === originUrl && originUrl === documentUrl || + /^(?:chrome|resource|moz-extension|about):/.test(originUrl)) + ) { + // livemark request or similar browser-internal, always allow; + return ALLOW; + } + + if (/^(?:data|blob):/.test(url)) { + request._dataUrl = url; + request.url = url = documentUrl; + } + let allowed = !ns.isEnforced(request.tabId) || + policy.can(url, policyType, originUrl); + Content.reportTo(request, allowed, policyType); + + if (!allowed) { + debug(`Blocking ${policyType}`, request); + TabStatus.record(request, "blocked"); + return ABORT; + } + } + } catch (e) { + error(e); + } + + return ALLOW; + }, + + async onHeadersReceived(request) { + // called for main_frame, sub_frame and object + debug("onHeadersReceived", request); + + try { + let header, blocker; + let responseHeaders = request.responseHeaders; + let content = {} + for (let h of responseHeaders) { + if (CSP.isMine(h)) { + header = h; + h.value = CSP.inject(h.value, ""); + } else if (/^\s*Content-(Type|Disposition)\s*$/i.test(h.name)) { + content[h.name.split("-")[1].trim().toLowerCase()] = h.value; + } + } + + + if (ns.isEnforced(request.tabId)) { + let policy = ns.policy; + let perms = policy.get(request.url, request.documentUrl).perms; + if (policy.autoAllowTop && request.frameId === 0 && perms === policy.DEFAULT) { + policy.set(Sites.optimalKey(request.url), perms = policy.TRUSTED.tempTwin); + } + + let {capabilities} = perms; + let canScript = capabilities.has("script"); + + let blockedTypes; + let forbidData = FORBID_DATAURI_TYPES.filter(t => !capabilities.has(t)); + if (!content.disposition && + (!content.type || /^\s*(?:video|audio|application)\//.test(content.type))) { + debug(`Suspicious content type "%s" in request %o with capabilities %o`, + content.type, request, capabilities); + blockedTypes = CSP.types.filter(t => !capabilities.has(t)); + } else if(!canScript) { + blockedTypes = ["script"]; + forbidData.push("object"); // data: URIs loaded in objects may run scripts + } + + for (let type of forbidData) { // object, font, media + // HTTP is blocked in onBeforeRequest, let's allow it only and block + // for instance data: and blob: URIs + let dataBlocker = {name: type, value: "http: https:"}; + if (blockedTypes) blockedTypes.push(dataBlocker) + else blockedTypes = [dataBlocker]; + } + + debug("Blocked types", blockedTypes); + if (blockedTypes && blockedTypes.length) { + blocker = CSP.createBlocker(...blockedTypes); + } + + if (canScript) { + if (!capabilities.has("webgl")) { + await RequestUtil.executeOnStart(request, { + file: "/content/webglHook.js" + }); + } + if (!capabilities.has("media")) { + await RequestUtil.executeOnStart(request, { + code: "window.mediaBlocker = true;" + }); + } + await RequestUtil.executeOnStart(request, { + file: "content/media.js" + }); + } + } + + debug(`CSP blocker:`, blocker); + if (blocker) { + if (header) { + header.value = CSP.inject(header.value, blocker); + } else { + header = {name: CSP.name, value: blocker}; + responseHeaders.push(header); + } + } + + if (header) return {responseHeaders}; + } catch (e) { + error(e, "Error in onHeadersReceived", uneval(request)); + } + return ALLOW; + }, + + onResponseStarted(request) { + if (request.type === "main_frame") { + TabStatus.initTab(request.tabId); + } + let scriptBlocked = request.responseHeaders.some( + h => CSP.isMine(h) && CSP.blocks(h.value, "script") + ); + debug("%s scriptBlocked=%s setting noscriptFrame on ", request.url, scriptBlocked, request.tabId, request.frameId); + TabStatus.record(request, "noscriptFrame", scriptBlocked); + pendingRequests.get(request.requestId).scriptBlocked = scriptBlocked; + }, + + onCompleted(request) { + let {requestId} = request; + if (pendingRequests.has(requestId)) { + let r = pendingRequests.get(requestId); + pendingRequests.delete(requestId); + for (let callback of r.onCompleted) { + try { + callback(request, r); + } catch (e) { + error(e); + } + } + } + }, + + onErrorOccurred(request) { + pendingRequests.delete(request.requestId); + } + }; + + function fakeRequestFromCSP(report, request) { + let type = report["violated-directive"].split("-", 1)[0]; // e.g. script-src 'none' => script + if (type === "frame") type = "sub_frame"; + let url = report['blocked-uri']; + if (url === 'self') url = request.documentUrl; + return Object.assign({}, request, { + url, + type, + }); + } + + async function onViolationReport(request) { + try { + let decoder = new TextDecoder("UTF-8"); + const report = JSON.parse(decoder.decode(request.requestBody.raw[0].bytes))['csp-report']; + let csp = report["original-policy"] + debug("CSP report", report); + if (report['blocked-uri'] !== 'self') { + let r = fakeRequestFromCSP(report, request); + Content.reportTo(r, false, policyTypesMap[r.type]); + TabStatus.record(r, "blocked"); + } else if (report["violated-directive"] === "script-src 'none'") { + let r = fakeRequestFromCSP(report, request); + TabStatus.record(r, "noscriptFrame", true); + } + } catch(e) { + error(e); + } + return ABORT; + } + + const RequestGuard = { + async start() { + let wr = browser.webRequest; + let listen = (what, ...args) => wr[what].addListener(listeners[what], ...args); + + let allUrls = ["<all_urls>"]; + let docTypes = ["main_frame", "sub_frame", "object"]; + + listen("onBeforeRequest", + {urls: allUrls, types: allTypes}, + ["blocking"] + ); + listen("onHeadersReceived", + {urls: allUrls, types: docTypes}, + ["blocking", "responseHeaders"] + ); + listen("onResponseStarted", + {urls: allUrls, types: docTypes}, + ["responseHeaders"] + ); + listen("onCompleted", + {urls: allUrls, types: allTypes}, + ); + listen("onErrorOccurred", + {urls: allUrls, types: allTypes}, + ); + + + wr.onBeforeRequest.addListener(onViolationReport, + {urls: [REPORT_URI], types: ["csp_report"]}, ["blocking", "requestBody"]); + + TabStatus.probe(); + }, + + stop() { + let wr = browser.webRequest; + for (let [name, listener] of Object.entries(this.listeners)) { + wr[name].removeListener(listener); + } + wr.onBeforeRequest.removeListener(onViolationReport); + } + }; + + return RequestGuard; +})(); diff --git a/src/bg/RequestUtil.js b/src/bg/RequestUtil.js new file mode 100644 index 0000000..1ebbbaa --- /dev/null +++ b/src/bg/RequestUtil.js @@ -0,0 +1,130 @@ +'use strict'; +{ + let runningScripts = new Map(); + + var RequestUtil = { + async executeOnStart(request, details) { + let {requestId, tabId, frameId} = request; + details = Object.assign({ + runAt: "document_start", + frameId, + }, details); + browser.tabs.executeScript(tabId, details); + return; + let filter = browser.webRequest.filterResponseData(requestId); + filter.onstart = event => { + browser.tabs.executeScript(tabId, details); + debug("Execute on start", details); + filter.write(new Uint8Array()); + }; + filter.ondata = event => { + filter.write(event.data); + filter.disconnect(); + + } + }, + async executeOnStartCS(request, details) { + let {url, requestId, tabId, frameId} = request; + + let urlObj = new URL(url); + if (urlObj.hash || urlObj.port || urlObj.username) { + urlObj.hash = urlObj.port = urlObj.username = ""; + url = urlObj.toString(); + } + let wr = browser.webRequest; + let filter = { + urls: [`${urlObj.origin}/*`], + types: ["main_frame", "sub_frame", "object"] + }; + let finalize; + let cleanup = r => { + if (cleanup && r.requestId === requestId) { + wr.onCompleted.removeListener(cleanup); + wr.onErrorOccurred.removeListener(cleanup); + cleanup = null; + if (finalize) { + finalize(); + } + } + }; + wr.onCompleted.addListener(cleanup, filter); + wr.onErrorOccurred.addListener(cleanup, filter); + + details = Object.assign({ + runAt: "document_start", + frameId, + }, details); + + if (browser.contentScripts) { + let js = [{}]; + if (details.file) js[0].file = details.file; + else if (details.code) js[0].code = details.code; + let settings = { + "runAt": details.runAt, + js, + matches: [url], + allFrames: frameId !== 0, + } + // let's try to avoid duplicates + let key = JSON.stringify(settings); + if (runningScripts.has(key)) { + let scriptRef = runningScripts.get(key); + scriptRef.count++; + return; + } + if (settings.allFrames) { + // let's check whether the same script is registered for top frames: + // if it is, let's unregister it first to avoid duplicates + settings.allFrames = false; + let topKey = JSON.stringify(settings); + settings.allFrames = true; + if (runningScripts.has(topKey)) { + let topScript = runningScripts.get(topKey); + try { + topScript.unregister(); + } catch (e) { + error(e); + } finally { + runningScripts.delete(topKey); + } + } + } + + let script = await browser.contentScripts.register(settings); + debug("Content script %o registered.", settings); + finalize = () => { + debug("Finalizing content script %o...", settings); + try { + script.unregister(); + runningScripts.delete(key); + debug("Content script %o unregistered!", settings); + } finally { + finalize = null; + } + } + runningScripts.set(key, script); + if (!cleanup) { // the request has already been interrupted + finalize(); + } + + return; + } + + function listener(r) { + if (r.requestId === requestId) { + browser.tabs.executeScript(tabId, details); + finalize(); + finalize = null; + } + } + finalize = () => { + wr.onResponseStarted.removeListener(listener); + } + wr.onResponseStarted.addListener(listener, filter); + debug("Executing %o", details); + + }, + + + } +} diff --git a/src/bg/Settings.js b/src/bg/Settings.js new file mode 100644 index 0000000..4fb656f --- /dev/null +++ b/src/bg/Settings.js @@ -0,0 +1,125 @@ +var Settings = { + + async import(data) { + + // figure out whether it's just a whitelist, a legacy backup or a "Quantum" export + try { + let json = JSON.parse(data); + if (json.whitelist) { + return await this.importLegacy(json); + } + if (json.trusted) { + return await this.importPolicy(json); + } + if (json.policy) { + return await this.importSettings(json); + } + } catch (e) { + return await this.importLists(data); + } + }, + + async importLegacy(json) { + await include("/legacy/Legacy.js"); + if (await Legacy.import(json)) { + try { + ns.policy = Legacy.migratePolicy(); + await ns.savePolicy(); + await Legacy.persist(); + return true; + } catch (e) { + error(e, "Importing legacy settings"); + Legacy.migrated = Legacy.undo; + } + } + return false; + }, + + async importLists(data) { + await include("/legacy/Legacy.js"); + try { + let [trusted, untrusted] = Legacy.extractLists(data.split("[UNTRUSTED]")); + let policy = ns.policy; + for (let site of trusted) { + policy.set(site, policy.TRUSTED); + } + for (let site of untrusted) { + policy.set(site, policy.UNTRUSTED, true); + } + await ns.savePolicy(); + } catch (e) { + error(e, "Importing white/black lists %s", data); + return false; + } + return true; + }, + + async importPolicy(json) { + try { + ns.policy = new Policy(json); + await ns.savePolicy(); + return true; + } catch (e) { + error(e, "Importing policy %o", json); + } + }, + + async importSettings(json) { + try { + await this.update(json); + return true; + } catch (e) { + error(e, "Importing settings %o", json); + } + return false; + }, + + async update(settings) { + let { + policy, + xssUserChoices, + tabId, + unrestrictedTab, + reloadAffected, + } = settings; + if (xssUserChoices) await XSS.saveUserChoices(xssUserChoices); + if (policy) { + ns.policy = new Policy(policy); + await ns.savePolicy(); + } + + if (typeof unrestrictedTab === "boolean") { + ns.unrestrictedTabs[settings.unrestrictedTab ? "add" : "delete"](tabId); + } + if (reloadAffected) { + browser.tabs.reload(tabId); + } + + let oldDebug = ns.local.debug; + await Promise.all(["local", "sync"].map( + storage => (settings[storage] || // changed or... + settings[storage] === null // ... needs reset to default + ) && ns.save( + ns[storage] = settings[storage] || ns.defaults[storage]) + )); + if (ns.local.debug !== oldDebug) { + await include("/lib/log.js"); + if (oldDebug) debug = () => {}; + } + if (ns.sync.xss) { + XSS.start(); + } else { + XSS.stop(); + } + }, + + export() { + return JSON.stringify({ + policy: ns.policy.dry(), + local: ns.local, + sync: ns.sync, + xssUserChoices: XSS.getUserChoices(), + }, null, 2); + }, + +} diff --git a/src/bg/defaults.js b/src/bg/defaults.js new file mode 100644 index 0000000..220bd23 --- /dev/null +++ b/src/bg/defaults.js @@ -0,0 +1,37 @@ +'use strict'; + +ns.defaults = (async () => { + let defaults = { + local: { + debug: false, + showCtxMenuItem: true, + showCountBadge: true, + showFullAddresses: false, + }, + sync: { + "global": false, + "xss": true, + "clearclick": true + } + }; + let defaultsClone = JSON.parse(JSON.stringify(defaults)); + + for (let [k, v] of Object.entries(defaults)) { + let store = await Storage.get(k, k); + if (k in store) { + Object.assign(v, store[k]); + } + v.storage = k; + } + + Object.assign(ns, defaults); + + // dynamic settings + if (!ns.local.uuid) { + await include("/lib/uuid.js"); + ns.local.uuid = uuid(); + await ns.save(ns.local); + } + + return ns.defaults = defaultsClone; +})(); diff --git a/src/bg/main.js b/src/bg/main.js new file mode 100644 index 0000000..74df62d --- /dev/null +++ b/src/bg/main.js @@ -0,0 +1,282 @@ + var ns = (() => { + 'use strict'; + + const popupURL = browser.extension.getURL("/ui/popup.html"); + let popupFor = tabId => `${popupURL}#tab${tabId}`; + + let ctxMenuId = "noscript-ctx-menu"; + + async function toggleCtxMenuItem(show = ns.local.showCtxMenuItem) { + if (!"contextMenus" in browser) return; + let id = ctxMenuId; + try { + await browser.contextMenus.remove(id); + } catch (e) {} + + if (show) { + browser.contextMenus.create({ + id, + title: "NoScript", + contexts: ["all"] + }); + } + } + + async function init() { + let policyData = (await Storage.get("sync", "policy")).policy; + if (policyData && policyData.DEFAULT) { + ns.policy = new Policy(policyData); + } else { + await include("/legacy/Legacy.js"); + ns.policy = await Legacy.createOrMigratePolicy(); + ns.savePolicy(); + } + + await include("/bg/defaults.js"); + await ns.defaults; + await include(["/bg/RequestGuard.js", "/bg/RequestUtil.js"]); + await RequestGuard.start(); + await XSS.start(); // we must start it anyway to initialize sub-objects + if (!ns.sync.xss) { + XSS.stop(); + } + Commands.install(); + }; + + var Commands = { + openPageUI() { + try { + browser.browserAction.openPopup(); + return; + } catch (e) { + debug(e); + } + browser.windows.create({ + url: popupURL, + width: 800, + height: 600, + type: "panel" + }); + }, + + togglePermissions() {}, + install() { + + + if ("command" in browser) { + // keyboard shortcuts + browser.commands.onCommand.addListener(cmd => { + if (cmd in Commands) { + Commands[cmd](); + } + }); + } + + if ("contextMenus" in browser) { + toggleCtxMenuItem(); + browser.contextMenus.onClicked.addListener((info, tab) => { + if (info.menuItemId == ctxMenuId) { + this.openPageUI(); + } + }); + } + + // wiring main UI + let ba = browser.browserAction; + if ("setIcon" in ba) { + //desktop + ba.setPopup({ + popup: popupURL + }); + } else { + // mobile + ba.onClicked.addListener(async tab => { + try { + await browser.tabs.remove(await browser.tabs.query({ + url: popupURL + })); + } catch (e) {} + await browser.tabs.create({ + url: popupFor(tab.id) + }); + }); + } + } + } + + var MessageHandler = { + responders: { + + async updateSettings(settings, sender) { + await Settings.update(settings); + toggleCtxMenuItem(); + }, + async broadcastSettings({ + tabId = -1 + }) { + let policy = ns.policy.dry(true); + let seen = tabId !== -1 ? await ns.collectSeen(tabId) : null; + let xssUserChoices = await XSS.getUserChoices(); + browser.runtime.sendMessage({ + type: "settings", + policy, + seen, + xssUserChoices, + local: ns.local, + sync: ns.sync, + unrestrictedTab: ns.unrestrictedTabs.has(tabId), + }); + }, + + exportSettings(m, sender, sendResponse) { + sendResponse(Settings.export()); + return false; + }, + + async importSettings({ + data + }) { + return await Settings.import(data); + }, + + async openStandalonePopup() { + let win = await browser.windows.getLastFocused({ + windowTypes: ["normal"] + }); + let [tab] = (await browser.tabs.query({ + lastFocusedWindow: true, + active: true + })); + + if (!tab || tab.id === -1) { + log("No tab found to open the UI for"); + return; + } + browser.windows.create({ + url: popupFor(tab.id), + width: 800, + height: 600, + top: win.top + 48, + left: win.left + 48, + type: "panel" + }); + } + }, + onMessage(m, sender, sendResponse) { + let { + type + } = m; + let { + responders + } = MessageHandler; + + + if (type && (type = type.replace(/^NoScript\./, '')) in responders) { + return responders[type](m, sender, sendResponse); + } else { + debug("Received unkown message", m, sender); + } + return false; + }, + + listen() { + browser.runtime.onMessage.addListener(this.onMessage); + }, + } + + + + return { + running: false, + policy: null, + local: null, + sync: null, + unrestrictedTabs: new Set(), + isEnforced(tabId = -1) { + return this.policy.enforced && (tabId === -1 || !this.unrestrictedTabs.has(tabId)); + }, + + async start() { + if (this.running) return; + this.running = true; + + let initializing = init(); + let wr = browser.webRequest; + let waitForPolicy = async r => { + try { + await initializing; + } catch (e) { + error(e); + } + } + wr.onBeforeRequest.addListener(waitForPolicy, { + urls: ["<all_urls>"] + }, ["blocking"]); + await initializing; + wr.onBeforeRequest.removeListener(waitForPolicy); + + await include("/bg/Settings.js"); + MessageHandler.listen(); + + log("STARTED"); + + this.devMode = (await browser.management.getSelf()).installType === "development"; + if (this.local.debug) { + if (this.devMode) { + include("/test/run.js"); + } + } else { + debug = () => {}; // suppress verbosity + } + }, + + stop() { + if (!this.running) return; + this.running = false; + RequestGuard.stop(); + log("STOPPED"); + }, + + async savePolicy() { + if (this.policy) { + await Storage.set("sync", { + policy: this.policy.dry() + }); + await browser.webRequest.handlerBehaviorChanged() + } + return this.policy; + }, + + + + async save(obj) { + if (obj && obj.storage) { + let toBeSaved = { + [obj.storage]: obj + }; + Storage.set(obj.storage, toBeSaved); + } + return obj; + }, + + async collectSeen(tabId) { + + try { + let seen = Array.from(await browser.tabs.sendMessage(tabId, { + type: "collect" + }, { + frameId: 0 + })); + debug("Collected seen", seen); + return seen; + } catch (e) { + // probably a page where content scripts cannot run, let's open the options instead + error(e, "Cannot collect noscript activity data"); + } + + return null; + }, + }; + })(); + + ns.start(); diff --git a/src/common/Entities.js b/src/common/Entities.js new file mode 100644 index 0000000..03a5d11 --- /dev/null +++ b/src/common/Entities.js @@ -0,0 +1,30 @@ +var Entities = { + get htmlNode() { + delete this.htmlNode; + return this.htmlNode = document.implementation.createHTMLDocument("") + .createElement("body"); + }, + convert: function(e) { + try { + this.htmlNode.innerHTML = e; + var child = this.htmlNode.firstChild || null; + return child && child.nodeValue || e; + } catch(ex) { + return e; + } + }, + convertAll: function(s) { + return s.replace(/[\\&][^<>]+/g, function(e) { return Entities.convert(e) }); + }, + convertDeep: function(s) { + for (var prev = null; (s = this.convertAll(s)) !== prev || (s = unescape(s)) !== prev; prev = s); + return s; + }, + neutralize: function(e, whitelist) { + var c = this.convert(e); + return (c == e) ? c : (whitelist && whitelist.test(c) ? e : e.replace(";", ",")); + }, + neutralizeAll: function(s, whitelist) { + return s.replace(/&[\w#-]*?;/g, function(e) { return Entities.neutralize(e, whitelist || null); }); + } +}; diff --git a/src/common/Policy.js b/src/common/Policy.js new file mode 100644 index 0000000..6adc2ae --- /dev/null +++ b/src/common/Policy.js @@ -0,0 +1,390 @@ +var {Permissions, Policy, Sites} = (() => { + 'use strict'; + + const SECURE_DOMAIN_PREFIX = "§:"; + const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`); + const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i"); + const SKIP_RX = /^(?:(?:about|chrome|resource|moz-.*):|\[System)/; + + class Sites extends Map { + static secureDomainKey(domain) { + return domain.includes(":") ? domain : `${SECURE_DOMAIN_PREFIX}${domain}`; + } + static isSecureDomainKey(domain) { + return domain.startsWith(SECURE_DOMAIN_PREFIX); + } + static toggleSecureDomainKey(domain, b = !Sites.isSecureDomainKey(domain)) { + return b ? Sites.secureDomainKey(domain) : domain.replace(SECURE_DOMAIN_RX, ''); + } + + static isValid(site) { + return /^(?:https?:(?:\/\/)?)?([\w\u0100-\uf000][\w\u0100-\uf000.-]*)?[\w\u0100-\uf000](?::\d+)?$/.test(site); + } + + static parse(site) { + let url, siteKey = ""; + if (site instanceof URL) { + url = site; + } else { + try { + url = new URL(site); + } catch (e) { + siteKey = typeof site === "string" ? site : site.toString(); + } + } + if (url) { + let path = url.pathname; + siteKey = url.origin; + if (path !== '/') siteKey += path; + } + return {url, siteKey}; + } + + static optimalKey(site) { + let {url, siteKey} = Sites.parse(site); + if (url && url.protocol === "https:") return Sites.secureDomainKey(tld.getDomain(url.hostname)); + return url && url.origin || siteKey; + } + + static origin(site) { + try { + return new URL(site).origin; + } catch (e) {}; + return site; + } + + static toExternal(url) { // domains are stored in punycode internally + let s = typeof url === "string" ? url : url && url.toString() || ""; + if (s.startsWith(SECURE_DOMAIN_PREFIX)) s = s.substring(SECURE_DOMAIN_PREFIX.length); + let [,domain] = DOMAIN_RX.exec(s); + return domain.startsWith("xn--") ? + s.replace(domain, punycode.toUnicode(domain)) + : s; + } + + set(k, v) { + if (!k || SKIP_RX.test(k)) return this; + let [,domain] = DOMAIN_RX.exec(k); + if (/[^\u0000-\u007f]/.test(domain)) { + k = k.replace(domain, punycode.toASCII(domain)); + } + return super.set(k, v); + } + + match(site) { + if (site && this.size) { + if (this.has(site)) return site; + + let {url, siteKey} = Sites.parse(site); + + if (site !== siteKey && this.has(siteKey)) { + return siteKey; + } + + if (url) { + let {origin} = url; + if (origin && origin !== "null" && origin < siteKey && this.has(origin)) { + return origin; + } + let domain = this.domainMatch(url); + if (domain) return domain; + let protocol = url.protocol; + if (this.has(protocol)) { + return protocol; + } + } + } + return null; + } + + domainMatch(url) { + let {protocol, hostname} = url; + if (!hostname) return null; + + let secure = protocol === "https:"; + for (let domain = hostname;;) { + if (this.has(domain)) { + return domain; + } + if (secure) { + let ssDomain = Sites.secureDomainKey(domain); + if (this.has(ssDomain)) { + return ssDomain; + } + } + let dotPos = domain.indexOf("."); + if (dotPos === -1) { + break; + } + domain = domain.substring(dotPos + 1); // sub + if (!domain) { + break; + } + } + return null; + } + + dry() { + let dry; + if (this.size) { + dry = Object.create(null); + for (let [key, perms] of this) { + dry[key] = perms.dry(); + } + } + return dry; + } + + static hydrate(dry, obj = new Sites()) { + if (dry) { + for (let [key, dryPerms] of Object.entries(dry)) { + obj.set(key, Permissions.hydrate(dryPerms)); + } + } + return obj; + } + } + + class Permissions { + + constructor(capabilities, temp = false, contextual = null) { + this.capabilities = new Set(capabilities); + this.temp = temp; + this.contextual = contextual instanceof Sites ? contextual : new Sites(contextual); + } + + dry() { + return {capabilities: [...this.capabilities], contextual: this.contextual.dry(), temp: this.temp}; + } + + static hydrate(dry = {}, obj = null) { + let capabilities = new Set(dry.capabilities); + let contextual = Sites.hydrate(dry.contextual); + let temp = dry.temp; + return obj ? Object.assign(obj, {capabilities, temp, contextual, _tempTwin: undefined}) + : new Permissions(capabilities, temp, contextual); + } + + static typed(capability, type) { + let [capName] = capability.split(":"); + return `${capName}:${type}`; + } + + allowing(capability) { + return this.capabilities.has(capability); + } + + set(capability, enabled = true) { + if (enabled) { + this.capabilities.add(capability); + } else { + this.capabilities.delete(capability); + } + return enabled; + } + + get tempTwin() { + return this._tempTwin || (this._tempTwin = new Permissions(this.capabilities, true, this.contextual)); + } + } + + Permissions.ALL = ["script", "object", "media", "frame", "font", "webgl", "fetch", "other"]; + Permissions.IMMUTABLE = { + UNTRUSTED: { + "script": false, + "object": false, + "webgl": false, + "fetch": false, + "other": false, + }, + TRUSTED: { + "script": true, + } + }; + + Object.freeze(Permissions.ALL); + + function defaultOptions() { + return { + sites:{ + trusted: `addons.mozilla.org + afx.ms ajax.aspnetcdn.com + ajax.googleapis.com bootstrapcdn.com + code.jquery.com firstdata.com firstdata.lv gfx.ms + google.com googlevideo.com gstatic.com + hotmail.com live.com live.net + maps.googleapis.com mozilla.net + netflix.com nflxext.com nflximg.com nflxvideo.net + noscript.net + outlook.com passport.com passport.net passportimages.com + paypal.com paypalobjects.com + securecode.com securesuite.net sfx.ms tinymce.cachefly.net + wlxrs.com + yahoo.com yahooapis.com + yimg.com youtube.com ytimg.com`.split(/\s+/).map(Sites.secureDomainKey), + untrusted: [], + custom: {}, + }, + DEFAULT: new Permissions(["frame", "fetch", "other"]), + TRUSTED: new Permissions(Permissions.ALL), + UNTRUSTED: new Permissions(), + enforced: true, + autoAllowTop: false, + }; + } + + function normalizePolicyOptions(dry) { + let options = Object.assign({}, dry); + for (let p of ["DEFAULT", "TRUSTED", "UNTRUSTED"]) { + options[p] = dry[p] instanceof Permissions ? dry[p] : Permissions.hydrate(dry[p]); + } + + if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) { + let {trusted, untrusted, temp, custom} = dry.sites; + let sites = Sites.hydrate(custom); + for (let key of trusted) sites.set(key, options.TRUSTED); + for (let key of untrusted) sites.set(key, options.UNTRUSTED); + if (temp) { + let tempPreset = options.TRUSTED.tempTwin; + for (let key of temp) sites.set(key, tempPreset); + } + options.sites = sites; + } + enforceImmutable(options); + return options; + } + + function enforceImmutable(policy) { + for (let [preset, filter] of Object.entries(Permissions.IMMUTABLE)) { + let presetCaps = policy[preset].capabilities; + for (let [cap, value] of Object.entries(filter)) { + if (value) presetCaps.add(cap); + else presetCaps.delete(cap); + } + } + } + + class Policy { + + constructor(options = defaultOptions()) { + Object.assign(this, normalizePolicyOptions(options)); + } + + static hydrate(dry, policyObj) { + return policyObj ? Object.assign(policyObj, normalizePolicyOptions(dry)) + : new Policy(dry); + } + + dry(includeTemp = false) { + let trusted = [], + temp = [], + untrusted = [], + custom = Object.create(null); + + const {DEFAULT, TRUSTED, UNTRUSTED} = this; + for(let [key, perms] of this.sites) { + if (!includeTemp && perms.temp) { + continue; + } + switch(perms) { + case TRUSTED: + trusted.push(key); + break; + case TRUSTED.tempTwin: + temp.push(key); + break; + case UNTRUSTED: + untrusted.push(key); + break; + case DEFAULT: + break; + default: + custom[key] = perms.dry(); + } + } + + let sites = { + trusted, + untrusted, + custom + }; + if (includeTemp) { + sites.temp = temp; + } + enforceImmutable(this); + return { + DEFAULT: DEFAULT.dry(), + TRUSTED: TRUSTED.dry(), + UNTRUSTED: UNTRUSTED.dry(), + sites, + enforced: this.enforced, + autoAllowTop: this.autoAllowTop, + }; + } + + static requestKey(url, type, documentUrl, includePath = false) { + url = includePath ? Sites.parse(url).siteKey : Sites.origin(url); + return `${type}@${url}<${Sites.origin(documentUrl)}`; + } + + static explodeKey(requestKey) { + let [, type, url, documentUrl] = /(\w+)@([^<]+)<(.*)/.exec(requestKey); + return {url, type, documentUrl}; + } + + set(site, perms, cascade = false) { + let sites = this.sites; + let {url, siteKey} = Sites.parse(site); + + sites.delete(siteKey); + + if (perms === this.UNTRUSTED) { + cascade = true; + Sites.toggleSecureDomainKey(siteKey, false); + } + if (cascade && !url) { + for (let subMatch; (subMatch = sites.match(siteKey));) { + sites.delete(subMatch); + } + } + + if (!perms || perms === this.DEFAULT) { + perms = this.DEFAULT; + } else { + sites.set(siteKey, perms); + } + return {siteKey, perms}; + } + + get(site, ctx = null) { + let perms, contextMatch; + let siteMatch = !(this.onlySecure && /^\w+tp:/i.test(site)) && this.sites.match(site); + if (siteMatch) { + perms = this.sites.get(siteMatch); + if (ctx) { + contextMatch = perms.contextual.match(ctx); + if (contextMatch) perms = perms.contextual.get(ctx); + } + } else { + perms = this.DEFAULT; + } + + return {perms, siteMatch, contextMatch}; + } + + can(url, capability = "script", ctx = null) { + return !this.enforced || + this.get(url, ctx).perms.allowing(capability); + } + + get snapshot() { + return JSON.stringify(this.dry(true)); + } + + equals(other) { + this.snapshot === other.snapshot; + } + } + + return {Permissions, Policy, Sites}; +})(); diff --git a/src/common/Storage.js b/src/common/Storage.js new file mode 100644 index 0000000..4555a28 --- /dev/null +++ b/src/common/Storage.js @@ -0,0 +1,24 @@ +var Storage = { + + async safeOp(op, type, keys) { + try { + return await browser.storage[type][op](keys); + } catch (e) { + if (type === "sync") { + debug("Sync disabled? Falling back to local storage (%s %o)", op, keys); + } else { + error(e); + throw e; + } + } + return await browser.storage.local[op](keys); + }, + + async get(type, keys) { + return await this.safeOp("get", type, keys); + }, + + async set(type, keys) { + return await this.safeOp("set", type, keys); + } +} diff --git a/src/common/SyntaxChecker.js b/src/common/SyntaxChecker.js new file mode 100644 index 0000000..8646901 --- /dev/null +++ b/src/common/SyntaxChecker.js @@ -0,0 +1,29 @@ +class SyntaxChecker { + constructor() { + this.lastError = null; + this.lastFunction = null; + this.lastScript = ""; + } + check(script) { + this.lastScript = script; + try { + return !!(this.lastFunction = new Function(script)); + } catch(e) { + this.lastError = e; + this.lastFunction = null; + } + return false; + } + unquote(s, q) { + // check that this is really a double or a single quoted string... + if (s.length > 1 && s.startsWith(q) && s.endsWith(q) && + // if nothing is left if you remove all he escapes and all the stuff between quotes + s.replace(/\\./g, '').replace(/^(['"])[^\n\r]*?\1/, '') === '') { + try { + return eval(s); + } catch (e) { + } + } + return null; + } +} diff --git a/src/common/locale.js b/src/common/locale.js new file mode 100644 index 0000000..60498a2 --- /dev/null +++ b/src/common/locale.js @@ -0,0 +1,45 @@ +'use strict'; +var _ = browser.i18n.getMessage; +var i18n = (() => { + var i18n = { + // derived from http://github.com/piroor/webextensions-lib-l10n + + updateString(aString) { + return aString.replace(/__MSG_(.+?)__/g, function(aMatched) { + var key = aMatched.slice(6, -2); + return _(key); + }); + }, + updateDOM(rootNode = document) { + var texts = document.evaluate( + 'descendant::text()[contains(self::text(), "__MSG_")]', + rootNode, + null, + XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, + null + ); + for (let i = 0, maxi = texts.snapshotLength; i < maxi; i++) + { + let text = texts.snapshotItem(i); + text.nodeValue = this.updateString(text.nodeValue); + } + + var attributes = document.evaluate( + 'descendant::*/attribute::*[contains(., "__MSG_")]', + rootNode, + null, + XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, + null + ); + for (let i = 0, maxi = attributes.snapshotLength; i < maxi; i++) + { + let attribute = attributes.snapshotItem(i); + debug('apply', attribute); + attribute.value = this.updateString(attribute.value); + } + } + }; + + document.addEventListener('DOMContentLoaded', e => i18n.updateDOM()); + return i18n; +})() diff --git a/src/content/PlaceHolder.js b/src/content/PlaceHolder.js new file mode 100644 index 0000000..37c0198 --- /dev/null +++ b/src/content/PlaceHolder.js @@ -0,0 +1,150 @@ +var PlaceHolder = (() => { + const HANDLERS = new Map(); + + class Handler { + constructor(type, selector) { + this.type = type; + this.selector = selector; + this.placeHolders = new Map(); + HANDLERS.set(type, this); + } + filter(element, request) { + let url = request.initialUrl || request.url; + return "data" in element ? element.data === url : element.src === url; + } + } + + new Handler("frame", "iframe"); + new Handler("object", "object, embed"); + new Handler("media", "video, audio"); + + function cloneStyle(src, dest, + props = ["width", "height", "position", "*", "margin*"]) { + var suffixes = ["Top", "Right", "Bottom", "Left"]; + for (let i = props.length; i-- > 0;) { + let p = props[i]; + if (p.endsWith("*")) { + let prefix = p.substring(0, p.length - 1); + props.splice(i, 1, ... + (suffixes.map(prefix ? (suffix => prefix + suffix) : + suffix => suffix.toLowerCase()))); + } + }; + + let srcStyle = window.getComputedStyle(src, null); + let destStyle = dest.style; + for (let p of props) { + destStyle[p] = srcStyle[p]; + } + destStyle.display = srcStyle.display !== "block" ? "inline-block" : "block"; + } + + class PlaceHolder { + + static create(policyType, request) { + return new PlaceHolder(policyType, request); + } + static canReplace(policyType) { + return HANDLERS.has(policyType); + } + + static listen() { + PlaceHolder.listen = () => {}; + window.addEventListener("click", ev => { + if (ev.button === 0) { + let replacement = ev.target.closest("a.__NoScript_PlaceHolder__"); + let ph = replacement && ev.isTrusted && replacement._placeHolderObj; + if (ph) { + ev.preventDefault(); + ev.stopPropagation(); + if (ev.target.value === "close") { + ph.close(replacement); + } else { + ph.enable(replacement); + } + } + } + }, true, false); + } + + constructor(policyType, request) { + this.policyType = policyType; + this.request = request; + this.replacements = new Set(); + this.handler = HANDLERS.get(policyType); + if (this.handler) { + [...document.querySelectorAll(this.handler.selector)] + .filter(element => this.handler.filter(element, request)) + .forEach(element => this.replace(element)); + }; + if (this.replacements.size) PlaceHolder.listen(); + } + + replace(element) { + let { + url + } = this.request; + this.origin = new URL(url).origin; + let TYPE = `<${this.policyType.toUpperCase()}>`; + + let replacement = document.createElement("a"); + replacement.className = "__NoScript_PlaceHolder__"; + cloneStyle(element, replacement); + replacement.style.backgroundImage = `url(${ICON_URL})`; + replacement.href = url; + replacement.title = `${TYPE}@${url}`; + + let inner = replacement.appendChild(document.createElement("span")); + inner.className = replacement.className; + + let button = inner.appendChild(document.createElement("button")); + button.className = replacement.className; + button.setAttribute("aria-label", button.title = _("Close")); + button.value = "close"; + button.textContent = "🗙"; + + let description = inner.appendChild(document.createElement("span")); + description.textContent = `${TYPE}@${this.origin}`; + + replacement._placeHolderObj = this; + replacement._placeHolderElement = element; + this.replacements.add(replacement); + + if (element.parentNode) element.parentNode.replaceChild(replacement, element); + else document.body.appendChild(replacement); + } + + async enable(replacement) { + debug("Enabling %o", this.request, this.policyType); + let ok = await browser.runtime.sendMessage({ + type: "enable", + url: this.request.url, + policyType: this.policyType, + documentUrl: document.URL + }); + debug("Received response", ok); + if (!ok) return; + if (this.request.embeddingDocument) { + window.location.reload(); + return; + } + try { + var element = replacement._placeHolderElement; + replacement.parentNode.replaceChild(element, replacement); + this.replacements.delete(replacement); + } catch (e) { + error(e, "While replacing"); + } + } + + close(replacement) { + replacement.classList.add("closing"); + this.replacements.delete(replacement); + window.setTimeout(() => replacement.parentNode.removeChild(replacement), 500); + } + } + + const ICON_URL = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAgAElEQVR4nOxddXxV5f9/E1KiIqV0qJR0STcIo0Y3DEQ6RfyC/hBhdAgC0jJqdI4B0o2EwChBhoTEqDF6vc/vj89zzn3OuefGtnvPJtvzej0vZffEU5/3+fQHSG7/5ZYFQCkADQF4AfgfgGkAfABsBXAIwDkA1wHcBxAC4A2ASAAxokeKv4WIa66Lew6JZ/iIZ/5PvKOheGcWt88uuSW35IbUAD4H4AngWwBzAewEcAUAJXC/IsYyV4zNU4w1tVtWIrklt7e8pQB/XTsDmAjgDyQ8kce1/yHm0FnMKYUL1ym5Jbe3oqUFUBXAIABHEUsiywJQKYAaAuQF0P8AmgaQD0BbAToE0DmArgN0H6AQgN4AFAlQjOiR4m8h4prr4p5D4hk+4pn/E+9oKN6ZJW6gcFTMtaqYe3JLbkmuFQPQA8BpOEE0qQH6HCBPgL4FaC5AOwG6IgiXEqi/EWPYKcb0rRjj52LMzswNwCmxFsXcvOZpAAwAsE/8f3JLbqa2agBGAAiGHYJIIb6unQGaCJAfQIEJSORx7YFi7BPFXEqJudmbu1ibEWKtXNlaAAiU3jPCxc9PbsnNsNUGMAasaXfqi1gOzH4nNAG7owcAtBSgQQBVBSit/bWIEWtXOx7rXxrAQYNnvwSQKx7PTW7JzWarCOB72DncxQD61AEQfAVQUCIgWncDwkKAeog1sbceYk0rOrkHHwNY7OB5y+OzycktucktF4CvADyDjQNXFaARAPkDdBigVI4PPKUH6AeAXiYCYnV3DxFrM0KslZ11eSbW2ugLnhHAOLBPg6P1jQJzCMktucW5VQdwHjYOWTWARgG0D6Bo6bBXc4L45f4xQIsTAZGa1aPFmo1yvFbnxR4ADApBsVlXAEfccyyS29vc0gHoABtf+xIAfQPQDoDCDQ73plgSv9xLA3QwERComT1crOU3Ym1trE1UXNcUrCBMbsnNYcsOYAgMDtH7ALUD28vvOzjMjmR/Z3ozgC4nAuI0u98Xa9wOoIwuWEfRA5FsFkxudlpuAD/C4PCUAGgkQEecPMATXXdoKRVAfQEKTgSEaWYPFvNO6cK1RLJZMLkZtNKw4YZbD6BZAN2K5cHN7NpDSwDoA4Cmw1jceJt6uJjnB25YQ7D/QWaXn6Dk9p9smQF4w+CgtARoBeKmle/rnoOr9k/B+oWEJlR39E1wjejkoM916SlKbv+5lhIG9vvUALUHaEM8DvBlOGf2c0WvCNDJREC0rugnxXzMWDewItHd7sjJLZG2fjA4FO0A2uiCg9zYvEOs9o4A3U4ERByXfluM3+w1A+DvisOU3P47rSWAh9AdhGYArXbhgb4BtuO3A9v09e9zV/+vORK9FONNby7RhwBYA/YjKOCSU5XcEn0rB45C0xyGGgAtAOiVmw/6VYBmA9QC7lEM6vvH4Gi9qERA5EY9SozPDHC0EaV4SpyJ5JYE2mDoDkAhgLyRcCzzBYCmgEUFN2m5CWB/+52JgODlvhNOxQHEuX8g1nWKWOfbYq8LGV8/2KUnLbklqlYP2pBQSgtQb4COJwJCkPtxgMaBE2+4gx2uKIghIed4WczP1XNLL547zsG+Hhd7bxCRGCjOSnJ7i9oI6Da6LkC+CUwEzvQosF/8GIDqwLXWhEow32LwCGwSddU8Uol1GSPWKbZiji/4LBg8O9k56C1otQFchbSxHwP0f4idE09i6m8A2g1OzfWui4goBzj9l7vHPQ6u5Wg+ddG4b4HPhIEO4iril48guSVgGwTdhjYBZ6lJaCKOb//ZBkFkzJgxXgTV2U3j9QUobzzGlT9/fvriiy+oePHihr//7KJx+oHPiME7Brn+eCY3d7b5kDYwGzi09F4iIN749gG6w/nuu++Sl5cX+fn5UUxMDAUHB9OmTZto8ODBVLhw4VgT20dwnVgQV0eewoUL0+DBg2nTpk0UHBxMSouJiSE/Pz/y8vKid999V3PPABeN+Z44K9msxzXfrSc2ubmktQDwANLG1UH8vPgSU/fSHcr69evT2rVryV4LCgqiNWvWUK9evahAgQJOE2FrxD0XYaC439l3FShQgHr16kVr1qyhoKAgu/NR2tq1a6l+/fqa53i5cK03iLOjG+sDJIcPJ9o2DLoNGwDOWpvQhOuKrv/y9+7dm65du+YUscjt9u3b5OvrSx07dqRcuXLZJcw04Dj8Z06O8Zm4Po0Dgv/oo4+oY8eO5OvrS7dv3471HJR27do16t27t9Weu2rNrxisu+jDTDnRyc3pNgvSBn0GjtZLaKJ1VdfL/MOGDaMXL17EmXDkduPGDVqwYAF5enpasdVKzwz7jkSKI48jp6b69evTxYsXXTJupb148YKGDRumeY+rdAJKnyXOlG4+s0w73cnNZqsG4CKkjfkSnEEmoYnWVf2E7uD17t3bZcRvREzt2rWzScAZAaoP0HiAloHNbvMAKmoAGLVMHreeEzjh4n3YIc6Wbk0uwvUpzJObk60VgEeQNqQX3h6WX+lloP2CxoXtj027du2alWxt1FPB4labEqDcAHkANAOgf8HpyxJy3GXcsBdXxBnTrcUjcRaTm4mtD6RNyATQWLjfh9+s/hJsm54lzfHdd991qPBzVVu7dq1NccBRTwmtO3NCjtsdBVVeibOWyXrufUw6+0m+jYS08IUBWpQIiDa+PQicLtwbHI2ot5t7eXmZQkRK8/LyUt/96aefPqpbt+61ypUr3/zss88eZMqU6TXgHCAk5Lgnu3G/Fomzp5vvSPPIIGm2SZAWvBq4eGVCE29c+xOAtoNr6pWH4VdF7X5+fqYSkp+fn+b9v/32255FixbtmT9//t7Zs2fvmzx58sFRo0YdHTRo0KlOnToFVK9e/Z8sWbK8TGzjdmcE5FYYpi2fZCI9JKk2B9JCNwXoWCIg4tj2CPCX/gdwUtH37BC90mvWrEkxMTGmElJMTAzVrFlTHUOWLFleFyhQIPjzzz9/8MUXX9ytWbPmjWbNmv3dtWvX8/369fvz+++//2PSpEmHevbseTYxjfugm/fzmDiLuj2bYyZhJIWmKfPUGaBLiYCYY9PvgDXmHrCf0jpt2rThhQsXDsqdO7daRHTEiBFxIoY7d+7Q4sWLqVu3blSyZEnKmDEjZcyYkUqWLEndunWjxYsX0507d2zeP2LECIfgZK8nhnFPNGFvL4kzqZv/YveTRdJoyyEtbB+wljmhCdqZHgE2R30LLpkNGz1t2rThxYsXv1ujRo1rnp6eF7t06XImb968T5TfY6tEi4mJoYULF1KVKlUcEmmVKlVo4cKFhl/qtWvXxgsAEsO425q01/+Ks6kbZ3L9wXg2X0gLOgQsNyc0YTtD+NvE4bOV5SZt2rThRYoUuacQfbdu3c4MHTr0D29v70M///zz/g8++ECtb3f+/HmniSg4OJi+++67WBPrd999p/G7JyI6f/685ZpMnxHaHSW03E1otoXQcBWhzjxCpXGEUt8QPulAyFqZgJSUmMZd0sR9fyLOqG6Mvu4hjbe/aYj/OyT+3HaRYB/ypjBm81OmTBmdP3/+R5UrV/6nUaNGlzt06HBuwIABJ7y9vQ+NHTv2cOvWrS/lzZv3qf6+p0+fOkVEMTExcSIidY2/+07zRX369Knl97QfEHreJHx9i/D1bUKvO4Redwm97xH6BBH6PCD0fUhImylRjftDk8/AS3FWdWNMBoFYNg3bPxKgsERA4Lb6G7BGuBmMK9a88847kYULF75fu3btqy1atLjYo0ePP0eOHHl00qRJB1q3bn0pV65cNqsKA6Do6GinCGnhwoVxJiKlL1y4UH1edHS05bcUKQndLhK8LhO6XyF0/5vQI5Dw1XVCzxsCGP7l6xLRuFMmwHkIE2dWN8ZkccDJplH4jUTirXoTAdYyt4ZxAEzatGnDixYterd+/fpX2rZtG9C/f/8TY8eOPdivX7/TRl96tadMQ0iZWv23M1/SO3fuOCU7O+pVqlRRFWwaDiDNe4T2xwgd/iB0PEnodJrQ+SyhSwCh6wVCt0sMDGneT1TjNpsDUHo4DEEgWTHooGlMfd8h8X75z4LdQrMaHMb06dOHFS9e/N8GDRr81aFDh3NDhw49PmXKlH2tWrW6lDVr1lf66wEQUr1LyP0locw3hLq/Et7Lrf7mjCy9ePHieBOR0hcvXkxEOh3A+/kJLfwJLXcQWu0itN5DaLOP0PYgod0RQofjhI4nWFeQiMZtpg5A38NgKA4kmwhtNI2TzxAkTpk/BGxaKmhwANOlSxdWvHjxOwrhDxs27PhPP/10qFGjRn+nSZPGuoR1ipSErBUIxb8mVJ9EqDWDUPsXQp3ZhOxl1euc0aZ369bNZYTUrVs3ItJZAXJ8QfDwJTReTWi8htB0PaHZRkKzzQRPP0KL7YSWvxNy10xU4zbLCmCrv4ShYjDZWUjXNO69fZD4tP2RAG0BqLbBwXvnnXciihQpcr9+/fpX2rVrpyF8/bUACO9kIxTwJJT/llBlDKHaeEL1iYQaUwg1phJqTiMUaKxe74w9vWTJki4jpJIlSxKRzg/gU09C/QWE+gsJDRYTGvxG+NKH0HAZodEKAQ5rCEU7Japxm+EH4Kg/gaGJMNltWDRNYE9nJD47/00wiutddVOlShVVsGDBB7Vr177apk2bgMGDBx+fNGnS/hYtWlxOmTKl9Rf/g+KEEv0I1SYSqnoTKo/mXmUsoeo4QrUJDATVJxFK9lLvc8ajLr75AOWeMWNGK486lBkguJNZzKHUmcOiSr15hHrzLcBQ4X+JatwHE8H5IXGmDZyFknwAUStIC9IUicvDLwZcG7C8wWHLlStXcPXq1a81b978Yu/evU9OnDjxQM+ePc9kypTpjf5aZK9GqPg9E0/NaUzkVb0JVX4iVP6R/1tlLP+t6jjRvTXPcORT72pC0vvUo/okC3dScxqh5nRCrZ+F2DLTIrrUnpWoxh2RCM6R0i/B0G04yYYSV4MUz18NidO3f5Ruw9KkSRNRpEiRuw0aNPirW7duf/7444+Hvvnmmz9y5coVAt21yFqJUHksocEi/lrWmsFsfrUJWgCoPFqAwBgGAqXnb6A+y1FUnatZaTmqDvkbStyJ4FCqTyLUmCzEFkl0qTmdULBJohh3GoCGI3EVST0GqwCiR0iiSUXUTD6Fkbij+v6nO2i5cuV6OmTIkOOzZs3a06ZNm0vQ/Y6MRQiVxxE8VrGcXG+++PpPZ8KpNl4QuQIAMggoQDCGUHaw+kxHcfWuVKbVrFlTmw+g3FCJMxnH41f7BK3oUn0SocJ3iWPcotcC6I9EcI6UvhVWocQXXURT/5mm5vDLhP9GPL8eBD755JNHOXPm1DrwpHqfUHY4oekGQpO1rCCrv5BZ41o/677+Y4QO4EctCGiA4CfCuznU59vLrONKc1qxYsUs/343h5YrUXpVb6nrwWECIWPOhB13qnSa33KDC7++TgRnicBnXqdTSjI5BjXZe8cmgs1wtutBQNPzNSM0Xkfw3MYmskYrdKz/VCH7j5O+/noAkEBA6SV6at5jK7eeqxxqPvroI+3firTTciVW3QYwlOydsONutJzHI/0tA7gsWWKpDzHWeh5vfbbhFpAm3Av/vTReViCQMj2h5kxCm/3sJNNsI8FjJWvE6/7KCrIaUy2sv/L1twkABkCQ/0vNO21lBXaFS62mp81kzJVYdRvAkL9hwoz7/byEQa8JA1+yaTKjNv15fYAuJoKz9AqGOQbf6roDatGOL/HfTeBpBQL5GrATTLPNbA9v8Buh7lwm/prT7BC/PQDQ9Y8raN5pVBcgvkE1Vr1oJ2uOxKjbA4YcX5g/7mYbCANfEQa/4d5mHyGrtqxYaYB+TwRn6Qqssg0/cCnFJaKmluv6DP/91N1WIJCnJnvJfblEEP8vsSP+Sk6AQLZSmncaVQaKa1itVX8vj4PxxAIYspc2b9wfVyD0e0IY+IIw6A1hcBhhSBgDgs60mh+gJWAnr4Q8SztgVXfgrStDpinU+bYU7bACgZyV2THGkPjHxv3rb4cT0NcGVL6ozibWSJUqlfXf02cjlOoTt/HZAoiPK7p/3B8UJLTczuHJ/UMEFxBKGBLOfXAoezO+k0G950OAJgEUmsBnSc4ALfpgdxGj2a02pIm5snRTYuhWIPBReYn4J8Se+J3hBCT/ALnXrFmTRowYQWvXrqXz58/TpUuXaNGiRdShQwcqVKgQpUuXjtKkSWM/5Xf6bITPu8WT+G2N+0v3jfv9vAy+Xn9xWLIVFxBBGBrJQNB0vebeNACNSAQgYFCG7K0oTX4VYkJ18N+V+2MFAtnLCOIfZ4P47QCAs73EV4R3P7ZNEHHp7+Vx8OUfHf85uGPcHxZiU2vbgxye/NU/nKBkwDNWBioAoIDA0AirZ6QUBPgmAc/RFVgVJL3qamI0u42AmEw2vD1Veo26FQhkK60l/viw/pUkzkDPIZQZQMhXL34ElDYToWhHAwJ3VTeYkyvGnS4zP6fhUv6qt9pN6HiK0P0qZyrq/1QnBigAEGnzmT0BepGA52gDrEqT/2eDhupBmsioRECk7u7WIFAq/sTvrHhQaRSz7nnrErIUI2T4iJAqLY8jRSpOMJIiJf9/ug95bJ80JZQeYEy0ds1+seiOgCFW487M3NWnLQgVvmXnqjpz2OTqsYrzFbQ/xslJZDHAAQAUKlTosfzv7gA9T8BzpHc/B1DfbOJ1RQuEmEATJB7nC/NBoGT8ib+SA+KPVY8Nsdty/oltdxYY7IxZjpWoOk6ET09lhWu9+ez402wziwFdz3P+wr6PCAOesx7ADgBERESs8fT01IRuf42E8xq8J2hGGk9gQhBwfNpgiMF/DJBfIiDMxAECCUX8zhC9He8+K9dfB93oflUcsgMMdsFAAoGq3qxjqTGZuYC6v3LMRdMNbPPvfJZzFRrpAQwAgIjWRkdHr27duvUV+e8DkHAZqfxglVF6SEIQclxaOUgD/79EQJCJAwRKuOgLHg/Cd4bgjfz7rQKAnOj6+20ChA1AMAQCZQ4KFzCJLS51ZrMY0GQtpyvrdJrQ4xqh9302BxopArUAsIGI1kVHR69u0aKFygmkEvuYUIrB/9OfIaB8AtBzrNspiAHXBVe5TWhiTJogYIv4dUSvJ3irCD9dCLAaBqzr8u/VJ2nvVZ5nBQ5GoKADBCsgGK3jAoQYUH8h6wFa7uTchFaKQLsAsFkGAVknkBbsJ5AQeQVuCRqSxno6Aeg5Vq0lpIXzTQREmNA94UBAT/g/GRC+EcHLcf5TrZOAKL3Wz9ou/6Zcr9xfY4oOKGRgMAAFKzD4SQsCChdQbTw/u/ZM1gN4rOTchB2Osz9Ar7u2LQFaAPATILCRiNbt3bt352effaaWZssE9hhMiPPjK2hJGm+iTiDyEGKgvRMB8SWWbj4IjNYBgPTV1xO+TPA2M/1IacCUVGD6rvxWZ464dhbfW/sXfk6tGRJQTNMCgwIKVoBg5EQlcwHjhB5gBjsBNVrB0Zjtj3H9gl53CP2COShIBoAhWj8AIvLXg8DOnTt35c2bVw33LgDQrgQ6P7215+cRgBQJQdyOWj+IQRYC6HgiILzE1M0FAT3x6whf/dILoq/1MxOpQuhWuf4WSYlAl4juo+vi7w1+E9cu4nvrL+Dn1JsnAYUABxkUDAFBDwQSCFT5if9efaJQBM5lS4CnH6H9UZ0p0CEA7DQCgQ0bNuzNnDmzmuKtJECXE+DsHBc0JY15QIJQuJ2WEtIAvRMBwSXGbh4I2CJ+5Ys/lYlOIfq6v0rELrL9NlrOLLXHKg6pbbKWnW2abuDebKO2K39vup6vbbyGg6M8fPnL3HAZP7fBbwIcFkigMFviFH6WOITJFs5ABYIxEsCN5d9qTufnNFxGaL6V6xR0uxgbANhlAAIbiGjd/PnzD6dLly5CubYuQHcT4Ox4688OkCoB6Nxm+x5iYDWQuHKwJbYeexAY7US3AwBVvbVpx1XCn8ME2GCRRPCrCE3WMUE338LstJLvv9VuLgbSei+b2trs1/V9/FvrPXxty99ZIddiO3+Vm28RQLGewcHDl9+pgEL9hTpAkMFgii62YoyFC6g2nsGizhz2CGy+hdDusACA29qYANsAsNcOCKydMmXKcfn6fjA/j8VtQVvSOP4vIQjdqGWGNLAFiYDIEnt3DAJ2iN0pu/loHfGLr36tGUxc9eYxm95wGRN90/VMOC22sxnNqOJPx1OETn8SOp9hO3vns4Qu5yy981n+rdOfbIbreIrv63Ccn9P2EANF6z0MDi38+WvdbCNzDB6rJEBYzByCDAY1pwsgULIqCRCo6s1/rzOb7222md/V9QLXK+z7WBcUFG4EAPsNQGCrDALDhw8/o1z/LkDzE+DcLNCfGyBrAtC7VfOGGFAz/Pcy/CQuELBD7IY2fD0YGGjJFVt57ZlMUA0WMeE3Xs3E57mNib7tASbUjieYiLucs9T88/pLKgh6zVIUVN97BIrfr7EZrvsVVsZ1u8jP6nKOn93xJCvq2h5isGm1i8Gn+RYWIxqvYfHjSx8eb735/IVXgWCySKwq5l59Iv/W4DdCs03CG1ABAMUb8LUEAOF6ADgoQGCPAIEdEghsUkAgf/78aj3HvDA/0egrQWPS2CcggRWCpaXB0OpEQFj/pW7TYzA2HnqyuUyvIFPt5EILX9mbUO47QvE+hM86EvI2IXxUg5CpDCFtXkLa3KLn4Z6xMCFzRULOeoRPOxJKDCRU+JFQex6hySZC2yOE7tdEefAgdrzpfZ/t773vsRnu63+ZFe95k6P0FHDwusxE2vkscwsdjjMgtN7LooOnHwNU49WCM1jCXIECBDWmMghUHs0cQc3pLEY03cCcRpcArlrc96HkDRhqAQEtABxxAgTW+/v778mWLdtr5b7qML+IzWr9mQHKJgDdq+0PZSDtTF6IGCRswIZbQcCI6G1l4NXYz8doRYISfQh5PQgZCxGQQn9wXNffL0Eo8hWh6lRCc39C90A2v/V7wix438f8Je7zQADFPQaGnjeZc+j+twCE8yxGdPiD5fjWeznPYvMtrJvwWCkBwWzmbKqN57nWmMyiTZO1fF/ns5awYCU5iCIGDA7TjJ+IjhHRYQEC+wQI/C5AYBsRbVFAYPHixYfke4eLs2jmmWmnXf+TSCAuILcyiNTgCjpmLsIGgMoCdD8BiddV3TiKUG+zH09W+ff1nndVxhI+70nIVpGQIrX2mWb3D8sSyv6P0HQrE/qAZ0yI/Z9K4CBAQQaEHoEscnS9YAGDtgdZsei5jb/wHisteRdrTrcAYJ1Z/FvL33XuwE+FHkDhAkI1YyWiP+yAwHYJBDYS0brvv//+tHJvRpgf5r4RTHPSHPK5h8Tttx+VAbQ3eQFuAlROvLsI3lYQKG3srKOY8GQvvGoTCJ+1J7yT1S5RVq1alXr27EkTJ06kFStW0J49e+js2bP01Vdfqdd4e3tHhYSEhIeEhIQ/fPgw4p9//ok4f/58xP79+yPXrVsX+euvv0Z+9913Ue3bt4+uWLFidObMmWPsvVPteRoTav1K6HqRiXHgC5bNVVBQACFIiA63LGDQJYDFhHZHWImopl5fzvqBmtNZ7KkxlTkEz20MHN2vsDNQ38f8roGvGAQGvdGMjYhOChA4KkDggACB3RIIaMyDsj6gnDiTZp6X9tr19YbJXEB2eQHNRMAocKHOFNL731oQyF7GhrPOHP761ZpB+LQtIWVaQ6KrUKECzZw5k65evWq3SKdcTmvJkiVRRBSh6+F2etj9+/fDd+/eHTF16tTIdu3aRefOnds+KHxUi/UIPa4zUQ58qQWEfsESGNxhWb77VeYKOp1mIGi1m60IHqtYJKgxlUWgunOZS1AsAT1vCjFAcAEKCEADAKdtgMBeAQJW5kE/P7+9yv0pxJmMMvGsbLBe1xwm0L3ahigvbmkykWwF6H2DQ/XWgsBH5YV33lw+6A0W81eu7DBC6iw2iezDDz+k4OBgm0Qvt2bNmqn3bd682QgAjLpNQCCisH///Td84cKFkW3bto1+//33bQPCZ10IzfyZQAe9tgCCCgZPWJHX+x4Tc/e/mbA7nmLRoMV2thrUmy+cgqax41GrXWxx6P634AIe8TsGPGcggAYAzggQOEFExwUIHJJAQG8e3ERE64sWLaoGDb0P88vbtdSu5XcwiQtIJy/eChMnHAKu86a8O23atOHyWN5aEMhRiZ1cPFby4S7QwoqQypYtG7Nr167IIkWKqMQ2fPhwpwCgcuXK6nOOHj0aRUSRBj0ugBCm9MOHD0d4eHhYl0xXevoChJqzCT3/ZRZdBYMXrD/oF6wDgqssGrQ/xjJ/4zXMGVX+kZWBzTYzp9D1AisDe99jEOgXzMACDQCcEyBwSgKBIwIE9JYBVR9w6NChXfny5VOLwtYSZ9Ssc7LCeh3fdS/pc+ugvLAeQC9NnPBE3YRLlChxu0qVKoHy395aEMhdg9B4LZvtpL8XK1YsZufOnSqB7tixI1L5LU2aNHT37l2HAFC4cGH1eVevXrUFALa602Bw7Ngx1aU2e/bslCKFgWUiRSpCmeGsKxgcymCgB4I+D/ir3iOQCbzDH2w69FgpPAcns36g5e/sc9DtEosRve7yvX0f6QHgPBGdJaI/JRA4RtbmQSt9wNatW/fJz5po4hl5CaZB6f1eMIELUCOkzMzvHwCOyFLenSdPnketWrU66+3tva9v374nkwQIpMum+fePP/4YbUB8keXLl1e5gC5dujgEgGzZLM999OhRFBHZ6vECg7/++ksFgMKFCxMR0ZIlS6hEiRLWQAAQivQkdDip5QgGPGdWvu8jJuivrjMItD/Gyr8Gi1gXUGc2mw7b7GO9QbdLfO3Xt/g+aADgAhEFSCBgTyloJQqMHDlS9RIsIM6qWWdEV0/gOdwcI1BdeVkJmJfsIxycrVV5d+rUqaMaNGhwafDgwUfWrFnj9/fff6+aPBgX2TgAACAASURBVHny4SQBAqL/9ttvsqyuIcT9+/errHaqVKno3LlzdgFALrIRFRVlDwBiAwpWQPDgwQNVZMuWLZtmDMeOHbNdEOTTjoROZ22AwB0293U5x96MjdewsrTqOAaDZpsYBDqeZKDofoU5B2gA4JIOBBSloC19gEYUIKJ1WbJkUaMGe4oza8b5uAWmRWk+9eBGLuC88qKRJhLBIYCySpMsXLjw3S5dupyaNWvW7ydPnlz39OnTFdHR0St+/vnno0kBBKpUqRJjRPiiRxFR1BdffKFyAQ0bNrRJ/MHBwepzM2fOTEQUbdDjAwYqCERFRakcQKpUqQzHc/36dRo2bJgxEBTpSeh6SSgJFXEgiHUCXpdZFPDcxorSauNZHPjSh0Gg9R7mEjqfYSCABgD+EiBwnqz1AU6JAgsWLDiiPC+rOLNmnY+R2nW6BI7OdXnLpbzkfYCOmDS5KIBaSRNMkyZNRNOmTQN++OGHAzt27Nh07969leHh4cuJaCURrZk5c6bqnfg2g0DHjh1j9EQv94CAgGj5+t27dxsSXGCg5Wv46aef2gKAuICCIRBkzpxZfZ89K0WdOnWMQQApCRVGE3reFlzAQ3Yi6n6Vtf6tdrEuoNYM9g2o/YuoG7CB9QRtDzAQQAMAV4joMhFdlEBA0QcYOQkZigK5c+d+rjyzFcwzCx6BlWWsANzABXylvMBMt9+tYG8r5d0lS5a81atXr+M+Pj7+Fy9eXP3ixYsV0dHRK4hoFRGtI6KNs2bNUj21kgAI2CLA6DFjxqhcQOnSpYm5e207fvy4+rzKlSvHBgCcBQMNEBQsWFAdU2BgoCHx7969WzPP7t27W1sPUmcn1F1M6HNfAMDf/HVvvZfdgevOteRAqDObTaeN17BbccsdegD4WwKBOIsC69atO6A8MyPMNQvq3IMHwg1cgKr88zFpUhHQ5kdPly5dWKtWrc6OHz9+7/79+zc8fPhwRXR09DIi8iWiNUS0npgl85s9e/bZJAgCGsJ89OhRdMaMGdVrfX19rYht69at6u9NmjSJiSMAOAMGkUQUKYsmx48ftxpPVFQUlS5tqSY8evToSCJ6c/78+bBKlSppuBoAHKjUeh9zACoArBPOQVPYLFh9EjtQ1V8oIiHX6AHgGhFdJYsocIEsooDsH+BIFFhfoEAB1SzYBOYlE/XRrssLAO+4kvgrKg8vYSIhbYLW469MmTI3BgwYcNTX19fv2rVrvm/evFlORCuIaDWJr79AY38i2lm1atVHSQgEDAly7ty5KsHlzZuXwsPDNQTn4+OjPsfLy4uIKMZBjxcYNGnSRB3P1q1brQDA19dXHU/GjBnpwYMH4UQUKvqbvXv3hpUqVUoHBCkI5UYya996jwCAhcJFWERLKrkD6/7Kv0EDANclEHBGFDhA1l6CW4hoo5+fn2oWTCHOsBln4j6slIE14UIxQM34841JE3oFUFNpQhkyZAht27btmcmTJ+8+duzYuqdPny6Pjo5eTpav/waBwn4ClX+vWrWqpuRTEgSBGCKKyZs3r3rdlClTNAQ3ffp09bdvvvnGGQCICyCoANC1a1cVAHx8fDRjCQ8PJ3mss2fPjiSLM5EKAkT0ZvXq1WFWHoaZyxHqLeQvfP0FIk5ivCVxiJwbARoA+IeIAsm2KKCYBmVRwKZCUPYQbArzcmR8oz0T4wGkdhUAqA/eYdJkdoDLNivvrVix4vUhQ4YcXr9+/ZYbN26sDA8PX0bar/8mYoWMv0Dl3bly5Xotjz0JgYCGSNevX68SSubMmTXKtx9++EG9f9y4cbEl/lgDwZAhQ9SxTJ8+XQMAU6ZMUceSO3fuGLL2KNSAwPnz50MrV66s1Q+kSMX5DurNYw6g2gRLwhQlR0L1SXoAuEHMBQSSY1HAoULw0KFDu5RnpzGZZnRnPR1cwAXUVh5YDebYN0MBaitNJH369KHt27f/c/r06b8fP35c//VfS9qv/w4i2hUZGWnx0EqRitBwRZIAgc6dO5MRgRYrVky9RnYR7tWrl/r3BQsWxAcAnAKDcePGqQDwww8/qOMIDg4m2UKwbt06xc/BLggQ0ev169eHWnED2SoTqgiCl3MIKlWFoAGAWxIIOCMKyFyArBBUuYDChQurdQXaijPt7rMQDqZRaW5N4QJl4BjlgWZV+D0JUHZpIhUqVLg+ZMiQwxs3btx8+/btFc58/W/fvq3aZfFBSc4D5+ErL06SAoGdO3eqBJImTRq6ffs2ERG1bt1avW/9+vUkNbcAwYIFC9Rx9OrVS33Z8OHDLftSpIhi4jRyLdaDwGsien3mzJk3X3zxhZYbeCc7oexQ62xJVcboAeA2Ed0kx6KAkULQkAvYs2fPHuX52cWZNuMs6CoL/wwXKAPVDdtnwgSiAfpWmkSaNGnCla//yZMn1z5//nyZo68/Ee09ffq0xT04dyNLNliPlUkWBCpWrKj+rrgIy/b2ffv2kZ3mEiCQxZHWrVsTEdHt27cpTZo06ji2b98umw+N3IqNQOAVEb2aOXNmmAYEUqQmFOmiS5w6Wg8A/5IxF6B3ENJzAbJC0IoLyJEjxwvlHd+Ks+3uc7BPew5iAGRAPMSAasrDqpo0gTsAFZMmUapUqZuDBg06sn79+i23bt0ykv03ku7rT0T7/P39z6kLUbi7BQCGhHNEHZIUCBAR0ZEjR9TfFBdh2eTmyGXYBYAQvW/fPhUA6tSpQ0REXbp0UcdQvnx5xaxpy63YljiggMDLXbt2vcmQIYNWJEiVUduh6pbCiegOWbgABQRkLuAiGfsG2OMCNq5ateqg8p5i4my7+wxEg2lVmntjxEMMGKE8aIRJh3getKa/Nm3anJk8efLuo0ePrnVC879LoPGB1atXX1QXocQgLQAMDmXvMCQZEFCbHPrbsGFDypUrl/pvZyIH4wsE586dU014pUuXpnPnzmliEY4cOSJbDYxAwEgnoOoDFBA4derU67Jly9oOPxbdx8cnhIjuEnMBRqJAbLkA1SIQExOzQXlPCnG2zTgDI7RznAQgTVwBQFVk+Jsw8AiAGkmDz5gx45u+ffseW7ly5dZr1675hoaGGn39Vbs/ia8/ER1cunTpX+oilBluDQADX7LPOJIWCAQEBGh+S58+vfr/b968iQsAxAoI7t69q36Zc+XKRQ0bNlTfLzwR7XkSOgKB1zIIENGLefPmvSlSpIgVEBQtWjRyyZIlz4goiIjuEXMBtkSBuHABW4hoo2wSbARzHIP8tXN9Bs4TEGsxoJjykGIwJ9HBYWjdfqtXr351zJgxew8cOLD+4cOHy4XX30rSef2RsPuT+PoT0WEfH58rFgD4zhgA+gWzyyiSFghMnTpV8xsAKleuXNxJX9vsAsCbN29UAJDBBwAFBATYciJyBAKG+gASIEBEz4ODg58/ffo05Cm3YCJ6REQPiegBEd0n5gJkUSCuXIDGL+DgwYO71Q+aOOPu3vsQaMVoAFUQBzGgh/KAHiYd2h+kQadPnz6se/fuJxYuXOh/6dKlVa9fv15GRMuJff7XkuXrv410X38iOrJs2bKrFgAYziWhNQDwigGg1x22FyNpgcCpU6eoXLlyKvGfOnUqjvRus9kEAeW9cp86daqR1SC2IGAlCoj+nIieEVEIET0lomAiekwMAg/IwgUoosAtij8XoMYIyO7BP5i09z206/st4mANOKU8YKEJA34ErStjuXLl/hk+fPhBf3//jffv318RERGhfP1XE3/9N5H267+H2C57iIiOrlixwgIApYdJABDBeeEHvuJosl53OUa8qneSAwEiii/b70yzAoBTp07F6MDHnu+AEQjEWhQgLQgEE9ETYhBwFRdgyztw07p16w4q619CnHV37/tC7b5fRCytAWmVm9PCnAwnOwHKIA26VatWZ2fMmPH76dOnVwvTnxz0oyj/tpFk+iPx9SeiY9u2bbPoAIp+bQMAQjhXXPerXBKr4sgkCQImNJvigO5vzsQTxEcUcAcXoM8ZoI8U3BwSErJZWfsM4qy7e88DBO1K+54jNgBQVbmxqkmHVLb9Z8iQIbRv375HV61atfUGu/0uJVb+qSG/pDX9ab7+RPSHv7+/BQCKfMUAoIDA4DDOLtM/hAtHdP+bs8y22kUoOzgZBNzX4upF6ApRwF1cgJw+TOYCNCbBggULqnUEvjVpz3XmQE/EIjZgkHLjIBMG+hCgMtJgK1WqdG306NH79u3bt+7x48fLo6Ojl5Jt9l81/RErY44R0YkTJ05cUiefz9MYAAY84ySRPQI5mYQSSVayTzIIuK+5EgTiIgrEhwvQ+wUYxQgcIGuT4CY5SrCMOPPu3u9B2v32BscGONXU1FpLTRjoEYAySYNt06bNmXnz5m2/cOGC7+vXr5cSK/9kzz9F+beDdMo/YqXMyZs3b6rpy/BhOS0ADAnnRJMDnnNGma/+4ZxybfZx5pgvfQjFv5IXLxkEXNviCwJxsQrElwsw8g7URwrqlYFqwpAHDx5sVdY8E8zJqLVUu9fnALwPJ8SAFMpNKWCO/O8tDTR9+vRhgwYNOrJhw4bNt2/fXhEREbGUbLP/Vso/YnbsVEREhCUhSIp3mPD1ADDwBZeN6nmTC1O2Pcj55BsuY/NgsW7JIODeFlsQMJMLUADgFlnHCMhJRJX8gbaUgaoYkC9fPjWpjrcJ+xwArVMduKKXQ3NgKeWGUiYM8jW0cf9lypS5MXbs2D0HDhxY9/Tp02US+29k+zdk/4nZsrOZM2dWc+Sj3xMDU+BL/vvXt7mGfbsjXJa60QquNFN7JqFop2QQcG9zFwi4gguIizLQpmfgokWLVM66qTj77t7nUtp9/hJOmAM7q4fChAHeBCivNMimTZsGzJkzZ/v58+dXOWD/rWz/JNh/YrbsXJEiRdRUzegRqNMDhGpNgV5/cY36FttFvbmFnFCyxlRCkQ7JIODelti5gJtk4QJsBQk59Am4fPnyDmWt88KcgqKdtXs8HEB6RwAwUbnBjCon66BlU/r37390zZo1W27cuBFn9p+YLTvXuHFjleVCm4POWwKarGU3YaUGffVJhCLtk0HAfS0huQAFAJ6QxTvQnjJQHyospxG3KwbExMRsVNY5hTj77t5fXTWtJXBCD6Cm1fYzYYDDpQF+8MEHr/7v//5v3969e9c/fPhwWVy0/yTYfyIK+Pbbbx+qk6/vYwAAQhHY5wFXjel8VqsIrPsrp5WqMZlTSxVulwwC7mvxVQjGlgvQewcqYoDCBchiwG1yjRiwqVixYk+UdR5uwt76aff2EoCs9gAgtXJxaoACTRhgfWmAlStXvjZt2rTfT58+vfrFixdLicie84899v8sEZ1ftmzZv+rky44wtgQoisCvb3HBiLaHOHV0o+WcVqr2TM4uW20CZ5Ip1DZJgEC+fPnol19+oT///JMiIyPjStSxbQnBBchigMIFOBID9D4BzloDNq9YsUKtYFXfhH0NFLQs7W1+2PEH+Fy58HMTBncHoA+lwbVv3/60j4+P39WrV1eGhoYuJWPffznyzyb7T0QXzp07ZykcmquRNQDIQUG97ojqMjo9QJ1ZrAeoPpEBoMpYQqE2SQIE5F6pUiUaNWoU/f777/T8+fM4U7gTLS4gEBsuQPEOdKQMdEYM0OcNNBIDNBGCQUFBfsqafghzcgR8rt3LRmBPX8PmqVzoacLAtkkDS58+fdiQIUMObd26deP9+/eXRUdH+5BW/pfTfiny/wGyZv/PELNlF6Ojoy+rE0+Rih1/HOkBOp0WeoB1hAa/ccnpmtNZD1BtPMcMVBlDKNRaXtQkAQJyL1myJPXr149Wr15NQUFBcaZ2g+YuLsCWd6CRMtDIGuBIDLDlFKQ3B27Kly+fWkFomwl76qndu0GwU0b8W+VCM9wVJ0sDy5cv38Offvpp7/79+9cGBwcvJaKl5Lz8f5y08v95sTF/lStXzmIJaH/cvkNQzxtcc77tAYs/QL15nE9eFgOUXPNJBQRSpNL+26AXLlyYevfuTWvXrqWQkJC4kb6lmcEFOFIGKgDgyBqgJA7V5wy0qQfo3LmzGqg22YT9/Fa7VzMBZIINPcBc5cK5JgzMSxpYqVKlbs6cOXPn2bNnV71+/dqHWP5X7P9GwT82zX/EbNklIroyZswYS3GQmrPtiAFPuMRUt0tcYKKFv1YMqDlNKwZUGcMJJpMKCORvSKi3mPB5X0LavNrfDHrZsmVp7NixdPr06bhBgOu4AHvKQL0YoCgD9dYAOVmILacge+ZATXDQ+PHj1dJ1Xibs5Vzt3mwGkM0WAOxULnR3xFIoQKWlgXl4eFxYunTp1qtXr64MDw/3Icf2f7vyPzF7duXIkSO31ckXbGsBAFkMUCMDZTFgN6Hpeq4pp7EGTBBiwFiRYTYJgUDhdswtDXhO6HaZ0Hg951p473O7YJAzZ07q27evzQKlsQSAuHIB9pSBRtYABQBsOQXFxhyo8QfYv3//XmVtSsP9KcN3avfjTwC5YUMRqGbRueLmQQUClEMamJeX14nNmzfL8r+iAHRk/1fkfwUAAojZsstEdDUmJuaaZfIp2eRnUwx4pHULbr6FvQLrL7A4BRlxAZVHJx0QKNSGnaf6h/CaDXzBHJTXVYLHOs6/+E52m2Dw7rvvUteuXcnf3z8+IOAsFxBXMcDIHKiIAY70AHJZcUN/gOvXr29X1iMH3G9tu6Ldg7sACsJAEZhFuSgLQG/cPKi90AYADRky5NC+ffvWPXr0aCkR+ZBx3n+r1F9kbf9X5X+xQdcqVKgQqi5A4/UOrAGKV+AfXE668RqtMlDxCdBzAZVHEwq1SiIg0Ip1Jv2eGINB/2eEdn8Qqs8kfFTTJhh88MEH1LNnT9q/f39sAUAPAnERAxy5BjsyB8rBQUZ6AL0/gJIkZGtQUNA2ZQ0yCVpw5/69ETQtrX0lcIIQTTM1BmAZtPbJsWPH7j527Njq58+f+5C1AtAq779YWEP7P7Fc9hcxmxa4atWqB+rkP+tsLAbI4cGqU9B+VgY2Wm6JDbDHBSQlEPjUk02nve8zGPR9zGAw4JkWDAa+Yu6g3hJC/pY2wSBPnjw0btw4evDggbMgEFcxwMgaYAsAjPQACgA46w+gAIBaNyAsLGyLMu/UghbcvX+6mIA2AN7TA0BD5YKGJgxogjSgTJkyvZw9e/b2c+fO+YaGhsoAEC8FoAIAMTExNzRiQO8g55SBHY5zLXmZCzDUBSRREPikKaHHNbaefP2vBQwUzmDAMy0QDHpN6HmL0GAFIU9Tm2DwxRdf0M6dO+MKAPbEAGedgpzRA8RLEVi0aFE14/YEE/auoXaNB4ItAZrmpVzgZcKAekoDKl++/D9Lly7dGhgYuDw8PHwJWXsA2goAsqsAJGbTrhPRjfLly1sqxtRdaJsL6B9C6BPEwUOGXICkC5D9AmQAqPxj0gGBAh6sM/G6LMDgJnMGfYJYp9IvWBIRJCAY9IbQ4x9C3UWEbFUNgeCzzz6jpUuXOgsCrhID7OkB7CUJsaUIVABAowj09vY+o8yzpwn75qVd2/FgkV9jCfifcsH/TBiQhzSg+vXrX1q/fv3GW7duLY+OjpYBILYegBoFoAQAN/fu3WsRAzIWJQx+Y9s12IoL2MkBQqpFwIZfQFIFgXwNeJ06/SnA4C8G0K9vsU6lzwNJRDAAgsFvCO1PcPr2lBmsgCBr1qz0888/x4SGhsZHDIgvAOj1AI4UgXY9ApcsWXJMmZ+H+Xu2CMDH0OUGmKZcMM2EAVWXBuTp6XnW399//f3795cKANC7ADuyAKgBQKRVAAYSy2s3iej2Z599FqEuQovfDcQAA11Al3PCIrCV6wrWXyiiBPXegUkcBPLW4ZRqbQ+xArXzGY6t6H6FMy6pIsIjnXggA0Eooc9DQoNlhA9KWQFB5syZadGiRXHhAhzpAewpAvV6AHsOQUaBQYaWgI0bNx5S5lXdhP2apl3LjTAwBfooF/iYMKCS0oC6du16Yt++fWuDg4N9iC0AsglQbwGw5QJsZAHQAMDcuXPVxIzI05gwNMIGFyB0Ab3u8Nes40nhF7CBS4rVmyeJApOsRYGkCgK5azBQttxJaL2XE6x0PMkg6nXZwhX0vmcRDwY8kzgCAQJKrobm/oRcDbXvAChv3ry0bt26+ACAI3+AuAKAPUuAnC5866FDh9QcgSVN2Csf7RruA1AAupJhas6yrSYMqIA0oIEDBx45evTompCQEAUA9CZAey7Adi0AYqNuEctvdz/44AO1Nh1a7dMBgM4ioLgHd73Ah7nFdotCUBYFFKtAMggQclblNWq2keC5jeMq2h5gEUHlCv5mXUHve0JpKAGBzA0MDuP/tjlEyO1hBQRlypShw4cPu1IMiI1DkLOWAEOX4ICAgN+VeRQwYZ+2atfuTwCfQZckVGVJDpkwoOzSgEaOHLnv5MmTq168eOFDbAFQAMBWDMBBMrYAGAHADRkAZsyYYUkSkr0GHzBbFoH+T/mQ9rjGh7ftASEK+BIaLJKsAjb0AUkVBHJUYk7JYyUHVTXbzNaUNvsI7Y+yp2XXC1yPQQWCR1odwaDXEgiEEQaFstiWtYoVEIwdOzbm+fPnrtIDGAGALUWgo3ThsiVAAwA3b95UnYGym7BHh7RrdhVAUeh8AdRy2udMGJBcA3D8+PG/nz171jc0NHQJaU2ARj4AsTEBXtcDABHd//jjjy3FIhv62uAC5FwB/1pEgdZ7CM02sVVA1geopkF7IDA66YDAxxV5fb5cwmvVeDVzBS38eQ3bHeYMTFZA8JitBqp+QOIGFBGt0WpCmhya9+XPn5927doV4wAA9HoAR/kBnMkTGBdToN/Tp09VZ6CMJuzPOe3+3AZQHLqowOvKBddNGFBKaUAzZ87ccf78+bgAgGIBiBUA+Pr6qrXakDobodc9+wrBvg+Fi/AFYRX4neMEGi5j02CdWckgYAQCH5VnLqnefE6x1nAZB1g13SDEg90MBApH0OMaJ2jtE8Q6GFkskEFgSDj7cpT5Tvs+gMaNG6fnAmILALE1BdoCAMUSYAgAkZGRqjNQShP25rp2nR6BHf80zkD3lQvMOIzyps2bN2/bxYsXV0o+ALacgOz5AASQDR8AYsXNHWJFzn0ielC6dGlLxuBivYwVgrIo0CeIrQJdz7M+oOUOZm8bLrUNAqpOQG8dSEogUI49KOvMZuVpg0VCPPC1AEHrPbymnf5k0+tX11kB2/chr72GG5BAYEg4h3h/qC02WqZMmZhTp05Fk2NLgBIZGBdToC1fACNToAIAmuxA8pjdvS/3tfvyHEBZAB/IAKB+Fc0oBS5PftGiRX5Xr15dERERYeQEZAQAtnwAjADgpg4AgojoweHDh0M0B9UqRkAnCvQLlvQBZ9nc1cJf+Af4OAABG9xAUgkgyl6W16XWDF6junNZPJCBoIU/6wg6HGerQfcrQiy4L3EDNkCgXzCh1Dead6ZJk4b8/PyMuIC4mAJtxQQ4CwCHEhoAQrR78gZABei8AdXEGe4OBNIDwJIlS7YGBgYuj46O/s0AAIy8AGPlBGQEAET0aNq0aa/UcaR6j33WbYoCzy2mwe5XhVLwoB0QmKLzFkzqIFCG16TmNC0QKBxB49WsW2m5k9e140khFgQKbuCR0A0YiQQCsJttY5FOeu+iRYuibQCAXgyIDwA44wxk5Q1oJgC80e5HBIAvAHwoA4DKEkeaDADCDXiFDgBimwfACABUHwAdADwUG/ukXLlyFlEga2VdARFJFFBAQFEKdr/KLKsMAg2XcuhwndkW64DqJ2CHG0gyIFCa10MDBIposJiVhU3WsqWl9R62GHQ+y9zA17eEbiCYOTJbIOD1NyFbNc17J06cGOUEAMQmKMgoKjA23oCmA0Ckdi+iAVQBkFkGgBjlghiTAWD58uVbAgMDVxCRLQCIqxuwQwA4efLk83Tp0qlzxycd+HAZgcDAV0Ip+EiAwBWJE9gudALLhHVgjvATUJyFjEQCCQiSEghUmyABwXShIxDKwi+XsFjQbCPrWdoeZGtBt0vsUdj7nhAJnvN+GIFA3ye8j9J7R44cGU2OTYFmAYC/2QAQo92HGHAF8CyJBgBu3LixnIgcxQHoC4FYJQIlG16AtgCAiIK3bdv2SnNIiw8QhyrCCRAQ4kC7w3xgm27gJCINFrGzUO1fDEQCG0CQVEAgW2leBysg+IXXrMEiBtIma7lUW+u97F6sigR3mRNT9AJGIDDwFaHkEM17vb29o9wAAEbuwHKCUFtlwxMaAKrrASDBRIA4AkCs4gDsAMBTIgqZP3/+G80hLT2MnU9kEFA806xA4G9WXLU/yibCZpv4K/blEmZv68wSIoHEDdgCgiQDAqV4/tXGMzDWmMzro4oFCjewih2JWu3i9e1yjtf76395/e2BwKBQQoUfNe+dNm1apB0AMPIGdHU8QIIAgIEIUANcJERtCaYETGgOQGz4s4kTJ4ZqDmmpoXy4NFyAHgQe8xepxzU2EXY4zvJr863sEttwKYsEdX9lVlflBmQgUEBAyTacROoOZCvFc686TnADE3XcwFyhG1jBnFXLncxpdT7DnJcRCMgAMCSCMDicUPpbzXt9fX0jbADAW8sBGCgBa4KTg6otwcyAEgCYrgOQAYCIno8ZMyZcc0g/60Lo99QOCAjrQO97LKN2u8ga7LYHWC/QdAO7xDb4TVgJZvNXruY0/upVn6jVDyhgkJRAoMpYnrciFtSYLCkJ5wiT4TLWsbTYznqBTn8K5eBt+yAwNJL36/O+mvcePHgw3EUA8J/QAejMgKFGAJBgjkBOAIDbrAB6ACCil97e3loQ+Kgm4asbxiAw6LXFT6BPENuuvf4SeoEjzLo23yK4gWVCNzDXIhbogUAWDZJIGTINCKjcwCQhEvzMoFl/AXNTTday1UUDAg44gaGRvEd5mqjvzJs3b8z58+fDEggATLcC6ByBXhgBQIK5Ai9dunTr72A/aAAAIABJREFUjRs3lukAwO1+ADYA4AURvZo/f74WBNLmJbQ+YB8E+j9l77Wv/xUiwQVCxxOcVajFdtZse/iyz4AqFvyiAwKdjiCJFCRlEBij5QZkkaDOLKEX8GEw9dwmgYAiDjxmjmzQa60+QPHt6H2fkLGw+s5KlSpFUwL5AURGRqrRtwngChxsBAAJFgw0d+5cfzsA4BZPQEcAQESvN2/erAUBgFB1qqQXCJf8BEQeAUUv0PsehxJ7XWZuoP1R1g14buM4Ao+VrOSqv4CBQMMRCB2BYjVIMiBQUgsCCjdQY7JFL1BvngUEFE6g8xlWDPa6y+LYwBeSx2CEFgQ6nCAgpfrOTZs2hbkAAGLtCZjAwUBBMFACJlg48PTp03fqAMDtsQBiYx+LjX6qA4CXJPzEjxw5Ela0aNEYzUHNUY/Q9ZLWHVV1G1b0AsGcVUjDDZxiJVarXawkbLJOAoKFkmgwQygLp1rEgyJau3YyCPgIcWA7r2mXc2wi7H1fxA+85P3QiwJDIwnVZ6jvy5kzZ8yzZ8/0AOD2WICbN2/uUMaQAOHAN2FgBkywhCDjx4/fHRgYuJyIFpMJ0YBOAsArAQJvoqKiQvv27RulOagpUhFqzGRil0FAFQlkbuA+6wa6X2VLQceT/OVq+bsOCHwkIJjNVgOZKyjSMYmBgAIEOhBQxIGGS3ntWu5kDqvrBea6+jwQbsM6fYACAINecS4Iy/kLdxIAXBYNeOHChV3K+xMgIchfMHAE8lEu8DFhQHJKsJEjR+4LDAxcFh0dHVsAiFM+ALGhD3UAEGILAIhNRmEbN26MzJgxo/awZi5PaLXXAAQkbqD/U1ZS9brLB7T7FS5C2vEEA0GrXezw0nQ96wgaLmXzV735kngguIKinZMQCPxkHwTqL2D34aYbeA07/MEeg6plQNYH6LiA9n9o3hcQEPCKTMwHkMApwU7DwBU4wZKC9u/f/4gOANyWEcgAAFRnIEcAQERh586di6hUqZJWJAAIn3YkdDojgYABN9AvmJWEve6wydDrLwEEJzm6sNVu1hE028jBMY2WW8SDevPYJFb7F0KxbskgUHO6sA4sZO6p2WaOJux0mjmtXndF3MBLYy5gaCSheD/1XZUrV44iEzMCJXBS0IMwCAZKsLTg3bt3P3H16tXlERERi8nNOQHFRiqmQD0APHMEAMT+5BGbN2+Oyp8/vzUQFO3F+gENCAhuYOALAQRPmE1VgKD7FSEanGLTYZt97FbcfIsQD3yFCfE3i4hQvEfSBQHFOlDrZ+E6vJgB03MbA2mXAF7XPg94vW1ZBXpcJ1kheP369Rc2AMDlOQGXLl16XHlvAqQF3waDcGAv5QIvEwYkFwZp1qxZwOXLl5eHhYUpAOCWrMDknC+ALQBQQEBJLBFBRJFz5syJfuedd7SHFinZD73TWQsIqNyAAIL+IRIQKKLBVZZjO59hj8K2B5kraOHP7sVN1mrBoGSvpAcCGhPhVNaTqErBdaxX6fAHW18U06BiFTDiAqSsQkOHDg0jk7ICjx079qzy3gQoDLICBglBEqw02Mcff/w0ICBgRWho6GJid2C31AVwEgA0pkCyJI4wBAAiinzw4EHUqFGjrLkBgFCgDaHlHkv46qA3BkAgRIPe9zjstUcgH+AuAcwVtD/KvgQtfxciggQGpftp3vd2g4DeT2ASK0hVfcAKIQrsZxDtcU1YBewoBLtdVt+RNm3amHgCgNN1ARK4NNgsGKQES9DioCdPnlwpAYDLKwNR3EyBdsUAGQSIKOrChQvRVasal7lC1kqE+ks5/+CgN9ZAoOoIHvGh/fpfC1fQ7SKbuTqeFCLCflZ6tfDnA19uaBIEAUkfUOtn1o80+I1FgRbbGTS7XWRAdcQFFLR4XPr4+LwiN1cGCgsLUy1uCVQcdDQMkoImaHnwnTt3rnvx4sVict4b8KABANisDUjxNAU6AwBKv3fvXvT3338fkz59emsgSJGKULw/1yQY8MIYCPo/5UPb54HgCm5znjw9GLQ/yjEHrXYTKo5ImiCgFwUaLmMlauu97CVoxQUY6AKa+6vPL1++fKQNAHBZbcCgoCA1JXgClQfvC4O04ABwRbnoipsHFQhQDmlQq1at2hQSEvKbAICl5MLqwDYAwJYi0B4A2BQDSFuVRi1UMXfu3Jh8+fJZAwFAeLcQodJ4Nkkpqa4GvhJWg+eSePCI4wx63eUvmgYMAljz3eE4y8lJBgT0ooCwCjRYxCHELfwlLuC2fS6g/1NCynfV5z9//lw2Abq8OnBgYOBO5V05BC24c/2uaNcvGEB7GBQGAQB1YDvdPKhQgEpLA5syZcrOx48fLyatM5BiCtT7AiiWAD0A2LME3BQb6HRQEDmnBzACAX21mphdu3bFVKliXdRCCwbjCG2PWoJaBr6UuAKhNNSAwW1hRfibdQZdLzAxJAkQKGVtFTDiAjqfYZ1KnyCdRUAnBpQYqD57zpw5r8hY/v+XtPK/IwvAEdJaAHYQkd+BAwf2K+8qLWjBnWu3U7t2NwC0gEFpMACYq1w414RN9ZIG1qVLl5NBQUFLoqOjF5GxKVC2BMimQEeWAHtRgY5iAuIsBugBQOmvXr2KmTVrVkyxYsVsg0HqrIQSgwiNNxB63paA4LlFRFA5A0VM+Je9Db+6zk5DSQUEDLkAYRZsuYM5I6/LbHK15xfQco/6XE9Pz3CyHwMgRwE6YwHYS5IFYOLEiX8q7/IyYd3matftDAAPGBQHBYBvlQu/NWFgk6WBVa9e/erNmzd9JACQTYHOWAIcKQLlmABX6QGcEgP0IKD0q1evxnh7e5NdMAAIORsQqkxivUHvIB0YKGLCY7YkKNxBnV+TEAjodQHz2Ymq2WbWkXQJYIVq34fCO/CNNRfQ74n6zA8//DCarOV/oxgAWwpAuxaALl26/K28a7IJa/atds12AagLg/LgAOCpoqAJA9smDSxz5szPr1275hMWFraILKbAuOQF0CsC7bkEx8UhKM5igJ1OV69epYkTJ1K5ctoiF9Y9BSGfJ6HqFK6V99UNLRj0fypEhcfsNJRUQKDaeK1F4Msl7BfQahebUrv/baAM1IkBuRqpzwwICAgm2/K/7AJsTwFomAcgX758z5X3bDNhvTy167UMljiAFHoA+Fy58HMTBnYHoA+lwe3Zs2dNaGjoInIcFRgXRaDsEWg3PyAZ+wPEVwywBwKa9uzZM1q1ahV16tSJsmbN6gAQQMhUhnMYNlzJabSVarv9Q9g0liRAoLSFC6gzS7gI+7LfRPujIkbgXxEubEMMqDZNfd706dNfkLX8f4u08n+sFYBBQUH+KqchaMDda/W5dq0mACgPnReg0lIrF6aG+7WTBFB9aXCjRo3a9+LFi0VkrAh05BIcF49AWQxQ9ABxFQPizQXYahcvXqQZM2aQTR8DfU/1HuGTdoTqPxNa7ibUnpM0QCB7aeEiPENSBm6yLQboAaD1AfVZrVq1CiVj+78zHoA2XYBXrlx5VHlHfRPWKBBafxsAvQGUhM4JSG5/KBf7mTDA4dLg8uTJ8+jRo0e/EZGsCNS7BMt6AAUAZEWgM3oAZyIDbYkBsbEGuAwElBYTE0Pnzp2jOXPmUIcOHSh//vzOgcK7BZMICJQRykDhGNRkHftJdDrNPgF9gpgzMrIG9LylPqdw4cKRpGX/nZH/7bkA+xPR1mLFij1R3jHchPXx065PEIDOAIrAwAdAaROVGyaaMMB1AKWQBvnvv/8uiY6OXkjGLsHOegQ6GxosiwGKHsCWW3CCcgH22v3792njxo00bNgwqlixonOA8DaDwEflJDFgFXsGdjjO0ZdqlKDkGqyWgwvT+AOEhYXFJgTYoQdgTEyMmgcwhTj77l6bidq1OQGgJYCCANLaAoDOyg2dTRjgTYDySoPctm3beqEIdDY92EGKvT+AI3NgXJ2CTOECHLXw8HA6ceIEzZgxg9q2bUt58uRJgiBQXlgDVnDSlXaH2U9Cdgoy0gPk81SfcebMmUdkzP47Y/8/SLosQJcuXfpdeXZecfbdvS6dteuyBUAj2DABKs3UmIDXADWVBvn999/vf/36dVz0ALYCg5wVAxRzoJEyUAYAV3ABbgcBfbt37x6tW7eOBg8eTHnz5k0aIPBxRU6u0mwjx090OedYD1D+B/X+ZcuWBZNz7L89+78q/y9evFgNAW4qzr6710QXA/ALOBVYNhhYAJSWQmZTAkwYpLc0yOzZsz8LDg5eTMZ6AHv+AHE1B9ryCnRGGeguLsAtICC3JUuWJA0QyFFZ0gP86dgrsJbFf2LChAnPKH7mP438nz9/ftX8523CWgRAK14DGASLBcAmAACAqqlcasJAj0AbGHTu3LkVOj2APX8Ae+ZAWQxwFB5s5BRkSxkYFy7AdFHAUVuzZk3SAIFc1ThvYMeTHEPR+55tfwCPtep9gwYNekG2tf+OMgDZDQA6YsI6LNWuQxCA7mBTvyYK0KgNUhfBhIE+BKiMNNhff/3VX/IHWErGOQLjKwbcIvtpwpx1Df7PcgFESQgE8tS2owiU8gW23q/e07Jly9dkHf0XJ/bf399fTQFWRpx5d6/BIO0a7AfQBsCnsKMAVFpV5caqJm2Y7K6YK1euYMkfwIfiLgYoqcJtOQUldi4gGQRcCQL5GojoQDsOQZ3OqtfXqFEjlOw7/9iL/9ew/5988olaes8MN3sStCvN3wdOKACVlla5MS3M0QPsBCiDNOBr164tdUIMiK01wFZwkLu5gPgoBE0BgiQDAgWbaJOE6AGg+zX12hIlSoSTcfBPrLT/z58/V4uAZID7I21J0Gxa7dy/B1ANXAzErvyvtFPKzQtNGPAjgEpIA541a9aOiIiIhaQVA2JrDdA7BdlLEpKQXEAyCJgJAp96ciSlUX6AHtfV64oVKxZOxsk/HDn/aNj/9evXH1ZBRZx1d895oXbOjwD0AVAGwPvOAkAP5QE9TNqoH6RB58yZM/j169cLybEYYFQ2/A9ynC7clVyAM96BySCQmECgUGtjU2Cvu+o1efPmjSTbtn9Z+WfE/itVgLcWLFjwmfLMH0yabw/tfPcA6AigMID0zhA/ABRTkRDmlAw/DG3NwM2bN2+UxAB7TkH6egFxVQbGlguIj0IwPiDgViBIMiBQuJ11+bDeQervOXPmjCTnlX/6/P87iGibXAAkozjj7p5niKBZaa4LADQBkBfAO84CAMDpgwgA+Zsw8AiAGkkDL1iw4AMnxQB7ykAzuABXigLJIGAmCBRpr60cJAFAjhw5Isn+19+e8m87EfnJvv+NxBl39xz9tXMMB/AdLA5AVjkA7LURyoNGmLRB86B1Xnj58uUCsjgFGcUG2PQJmDdv3vUyZcq8lDc8TZo0MVWrVn29YsWK+xR3LkDxDnSXKBAbEHAbECQdEOhgAYBe99W/Cw7A3tffru1f7/s/z6T5jdDO7yQ4AjBW8r/SqikPqgpQtAmDvwMt+zJnzpztQgzQ5wjQ+wRoUoV17979rmaTDXr//v2fkmMuwBnvwPhYBVwFAm4BgqQDAh0FANxT/5YnT54Icu7rb5T6y2/NmjWqQ10xmBP7Hw0r898aAO1gIwmoM00teLHPpAnIPgFZs2Z9FhERsYC0ykAlV6BRhOC+gICAk46IX+lly5YNPXHixF0yThbiKEYgPqKAszqBBAeCJAUC3QMt8yxSJIzi9vX3J6ItOXPmVLnPb2HOB3Sf9RkfDaABgFxwwv5v1MYoDxtl0sacBNdMV967cePGTQY+AbIyUGMSnDZtmpreHDlrEyqPJlT+UfRRhBy1NIuUKVOmqO3btweRdZCQrRgBWSHoyCrgKhBIUCBIMiBQsIn6/xUqVHhDsfv6q6a/PXv2HFCek12caTPmM0o7n3MABoMLgWZGLNl/pdVWHlgNoHATJhEKUFtpIvnz538klIFKhKCeC5BNgrunT5/+lwYAqvxkAYEqP3Em2cKduEiH9J5JkyYFk3HGIGcUgvYchPTpw8wEAZcBQZIBAdG//PLLFxS3r//WIkWKPFWe0xbuT/1NgjaraeewCUAXsEUvQ1wBAPKi7DBpU3YAlEZ+744d64mVgUaegZq6AVOnTr1sAYC6TPBVxggQGM3/rj6JUP47QpqPNZtetmzZsFOnTgWRbYWgI1HAWX2AIxBwBxDEBxBiiChmzZo1mhqIbzMIdOzYMYRi9/XfQUR+sukvjck0o5uDN4DGiIP5T9++Vx76jUmTeQVtnoBPP/30QXR0tKILWErGdQP8iWjntGnTLqmLkLsBJ4usOk6AwI9cUKL6JELtXwi1ZxFy1tMsXMaMGaNXrVr1mJwXBRzpA/QgYEscMBsI7AGCzeuTCggULlw4lCw+//qcfza//rLpr6k4y2aM/xvt+M8AGAqgCjgDcKzMf/pWUXlwCRM3exO0JsE1a9ZsJie4gKlTp15UFyKvB6eKrjGFU0dX+Yl79UmcNupLH04YUf57K5GgQoUK4WfPnn1EtkUBRyAg6wPs6QScAQJ7IOAqIHC6JxUQaN68+VOyb/fXfP3lqL8U4gybMe770LrSA1gLoCss4b9xZv+Vproz+pg0qQiAmkiTyp079xNnuIDJkydfUBeigCenhqozi0tJVxvPXEC1Cfy3hks5ZVTbQ4SmmwnZtOW7Pvzww+hVq1YpOeL1ooBeH+BuEHAGCEwDg6QCAp6ensFk7fN/kAy+/rLbbxOY4/hDgialMUcAGAsL+29VAiwu7SvlBe1M3Iyt0LoH+/j4+JE1F6CxCEyZMuW8uhiftid4rORCEXXncsbYqt7ca89kAPD047LbXS8Qul/hGn1IoTkEpUuXjjh69OgTAxAw4gJiCwL/WSBIKiDQvHnzJ8Ssv02vv3Xr1h1Rrs8ozq5Z422nHe9RAEMAVIYL2H+l5VJe8D7MyWhCAEUB1Eqa3EcffRRihwvYSERbJk2aFKAuRhEvLg7RdD0niKw3nzmByqP5v18uYQ6g/VEGgK/+4YwxbY8QPq6tOQQAaNSoUS8eP378iOx7CRpZBuxZB4xAwJVA4EpAsHpuUgGBJk2aPCKt4k9j98+VK9cL5dpW4uyaMc4jgialsS4C0AmWEuDxZv+Vpn5ZR5q4EYcAyipN8JdfftlJFi5ADhJaT0SbJ0+efE5djM/7MHvfajcTuscqBoHqk1gcqL+Ai0coWWO/+odLSPV9zL3uIkLqzJqD8N5770UvXrz4uRMgYEsx6A4giC0YuLQnIRB4QAZf/0WLFqn1NLKKM2vWGEdqxxgCYBQszj/x0v7rW3XlRSUAumXSBMMB6ilNMlOmTK8MuAA1VHjixIln1QUpOYizwXY8QWh7kOvGe6wi1P2VrQK1fyE0XmPJGtsjkENC+z4WeeNeEHrcIHzeT3MQAFC+fPmifH19n5N9paAtE6EjEIgPEJgNBlFEFPXNN98kCRDw8PAIIinij4i2ZMmS5Y3ye0+Y4y9DggZ1yr+tAPrCkvzTJey/3FQlxywTNyEAoALSRAcPHnyUiORQYTVGQC6/jDLfcmHIbpe4Vny7I1wowmMll5CqOo4ryLTYzkkjvf7i3PF9Hogae885d9yg14T2fxDyWDzFdEDwwgYI2PITMAsI3AUGVu8pUqSI1dq8rSDQsGHDeyQUfz/88IMqchaAORm0lD5LO64IAJMAtALn/ksHF7L/SuugvLAeQC9NnKyuyoliFtQnDFk7fvz40+p1ZUdwDrieN1jB1+Ucg4DnNpb/q41nZWCTtaKG3DkuIdXrDmeN6f+UuYCBrzh2fNBrQrNthA/LWh32vHnzRs+ePfuVAxBwViSICxA4AwZxAQWHzxs8eLDl659W61z1FoPAna1btx6S/2ZGNS2lvxQ0KL3/EIBhYE49O+Lo+++opZMnvMLECYcAVEt6d65cuZ7s2bNnA2kjBVdPmDBBTWeG8j/w17z3Pc4F1/1vJvK2BwlNN3ANuSpjCA0WiQoyRwhdzwtR4A4Xkej/VMsJDA7lhJIe6w2BIEOGDDE//PBDaFBQ0DMBAraUg+4EgtiAQXx6pLe3d7RmDeotZjMr3n4QKFCggMoR14I5iXOUvkI3FgCzwa6/nwPICDd8/ZU2RHlpS5M3YCu0Gs/ChQsHkc4sOG7cOEs0YIUfmYD7PuaCEF/fZk6g02muHd9oOdeVrzmN/7/FdrYIdAlgsPj6Nt/X74lFJ6BwA4ND+d8e6wmZK1gBAQCqUKFClJ+f3ytyrBcwAoHYAoE9MHAFKFg9b/To0VriL96fQbT1XkKF75IECECcSTPNfgSmPWkMZwD8H1j5lxsuVv7pW3Z58htMnHQUQEOg9RDcsGGDIgosJaIV48ePP6GOr+JP/PXuH8JE3CeIxYGuF/igNtvE/gGVfyTUmc015VtsZ6tA5zMEr8tsGeh1R9ILPJOA4LUQDV4RWvxOyN/CEAg++uij6GHDhoWdP3/+pQ4EXAEEcQWDOPeAgICoypUra5R++KQdofVuVrQ228jK1tJ933oQSCHOpFlmPxI0pztjPgC+Bif+cIvyT99+VF7e3uTFvwlQOWnyefLkeUKsEPyNiJaNHTtWrcGGL8YyoQ58wYTb9zFr+bv/Teh4iivGNFwmXIUncF15D192Dmqzj9DhD8ENXGHg6HVXAIHgCAY8Z3FABoOOpwllviOkzGAIBoUKFYr29vYO++uvv17ZAQFngCA2YBBfYFDv37JlS1SOHDm08/qkDaHZZva38FjFa9pgMa9n8e5vNQiUgzmFPuXeXnumLoI9/5oCyA9O6+829l9puZUBpAZoo8kLsAFaD8Hhw4cfJpE6zNvb+5gGABTl3cAXLA70ecDE3CWAzX9N1vLXv8pPDAT15rHTULNNDBBtD7KFoOt5BoKv/mHFYp8gYS58KnEFEhj0fkBosJzwUU1DIABAn3zySfSwYcPCDx069CY6Ojo+QGALDJwBBKf6rl27IkuWLKn96iMFoXgfQuPVvGZf+rA+pd48XtPaM9n7smintxIERsFcDpgEraXWniNfAP3AMTuZYcLXX2mq84OZ7sEEUAxAw3XENHfu3J1EtPinn35SXTLxhTfL6oPeMGEOeMba/a9vc5WYdkf4y1V/IesCqoxhfUDduewm3HgNKwdb7WKHoo4nGDi8LrOi8OtbrGDs80ALBjJnMPAlV5ypMpmQ0dpUJvdKlSpFTZs2LezMmTNvoqKibAGBM2BgDxCcBoV79+5Fzpo1K6pQoUIxVuPNUJBQaQybUesvZAerur9yjEWtGUz4NaYIp6sJnIATbx8IxJj8Pp3bbzCACQBaAvgEnPbb7V9/pZWWN3S1yQvxL0DVpfdnyZLl5aZNm7aMGTNGLcTAABAmQEBwAf2esEzv9RfXi/PcxsReawaHClcdx4e3zhxmYxut4AqzzbcSWv7O5sIOx1lH0PUCF5z86h8GFRkM+gVLYoLgDgY8J7Q9yuN6v4RdMABAFStWjB46dGiEj49P+KlTp0Jfv35tDwjiAwjh4eHh4RcuXIhYs+b/2zvvMKuqq43/LkJQEEVAbHyjElEEEQuJ9DLACAxdWigiGsWuSQzCJzoKUgVFICBNsSCiWICIRsFeMBZQx4/YEBMhakyIQAxN9/fHu8+9+5577hSYmXtmOOt51vPAnVv2WXuvd6+99iqP7L3uuuv2NWnSJFXpwXDI4YYGgw3t75aMsmfZ1OoZyrxsNy2h+G0m6aq11e3Kvzh1QIUEgbLipanz8QRwDYm4/0PKQO+TaLw3mJ6UXe6zx2+CyXIEkpWV9Y+8vLzE3Wzz21X3/bpd1grYoV165BYp7uC3DH1XS8mzZ2nBtrhFi7bdNO1mneZql+v6oI4LvZ7SZ/qvlQUx+C1dLQ7/MBkMLvvKHhO+tT6Df1lA8CyE7w1D3lVL6hN7p6Qjp+OTTjrpp/bt2+8bNmzY3rFjx+6ZN2/enuXLl+9+6aWXduXn5+/6/PPPd3399de7tm3bFudNmzbtzs/P371u3brdq1ev3jNnzpy9Y8aM2Td06NB9HTp0+LF+/frByu5y5VqGn19gaDXBKvp0y9MMbe+Q0redYpV+YrLitxwn66rlbWrKQQQCxeWdSMcc2W0EJqHAnwaUcNx/UamWO5nzMiCYe8BUd8bQrl27T+Nj8gDg+t322m6nlHDkVgX8DHlbu3q3h6Xobe+wi/VWLeC2U2UZZM+WiZuzSNeFuUvl6e69SseD/i/o+nDwnx0w2Khjwq+/kM8gbh1861gIFhSu2ibA6PucocVEQ1YPQ6xKkQChVLlSNcMxrQyNRkgurSdKwdtMdnhSgNK7iu8p/60JjkCg2DwvdX4eQLt/S9Tzr8x3f4/iFYPagvmyjAWzE8yV6RZw89ttzXcfAFz+dynnkHeUKJT7iBKD2t+phdwiT4u29YREnECHGQ4QLNSxodsSWQU9n9D1lwcGA1+Vv8A7Jlz0kbUOPrOAYC2EkVutlfBNAhiu+IcshpFbDQNfN3S+TwFNJ/YyVD66ZBQ7iCtVMRx5huGEHMPpww3n3pBcSq3lbTaV+vY0PD5A6X2K731XizzDqRck/X4EAun5S6Rbjrw+JHH2z9ju71ElZ2BmfAYE9BWYjkGLOgkAdskPcPW/tRNf8pkUtN/zUuLO86XkbSZrAbe4xS7627XDtZ0qk7fDDB0XOs4RaOQs0rVXtyXyFfR8QpZB32cVEDPgZcOg12UdDH1PtwnD82UhjPjYgsImORQv/VL+icu+ksUwcouAwOPLthiGfWDot9bQ7RFD27sFDo2vMNQfYDguW0FJ1U81VP0fy/UMNc821G0t5a7fT1mS54wyNB9naDPN0GGWofMCOfE6zJAl1HqiVehbbUXlPKvItzlKPi5A4QtR/BZ5iSrNEQgUicenru0FwFVAczJ09vfTldjBnQrmjQwI6SMwZ/oF1fjSRNeXtACwRoqbs0DOrLZTbA3BW5N3vtYTBQ5tp8oiaH+X3p89W8eHzvMdMHgeo7IjAAAXaklEQVRIVkWP5fIZ9HnaWgdrLSC8JgthyNsChWEbZCkMz5dzcsRGWQwXf2L5U/ElnyX+ffGn+tuIj/XeERtlaQz/UN81bL0snMFvCYAGvKxn7fuM4hx6LLd39os1dlf543UUxzkA4IJAEThF6R3FdzkCgQL5DatTjozeRb633mTA818QfYMd5MgMCetPJGcNUu0YKVocAH6QA+6Kb+SsG/qelKLHYzLrs2c69QNvcxa9Y/7GgWCKlKXd9GQwiFsGC3Uv3vUBKVr3ZQlA6L1KinjBcxYUXlT04aDXdMMweJ0shiFvS4mHvquxpvC7+vuQt6Xov3pTyj7wVcUv9F+r3+i7Wkrf8wmNo9tDUvycBRpv9kxbO/GORK2EpGrKtySDQLE5QPEjECgSj0xW/l3AHNTu6xfIB5fx3d+jvtiBVgWzJEMCuxdMTVdoxzSTkly/OxUAhq2XkvR4TLt39qyE+Zu0++UlTN9W46UgrkOs7dQAMJilXTVuHbiA8JAcid0fFSj0fFLXjL1XyVro+4wshgue0xGl3xqNs/9a+Ri8f/dbo79f8Jze3/cZfb73KgFNz8f1G7lLHaVfJIDqOEdjbH+X9eRPca7txifM+LQKfIBKH4FAobzE6pIjl1dQwY9cFPVXKim/B0LxTLyOlF3REJf3gJnsF9xxzX0A8K2NBlwvheqxXOnB2bOlDG0mBeyAecln4LhF4AcDzzKYpl01EBDmaffNWaTf7bI4AQzdHrbgsMwCxGMaX4/lUmiPvdd6PKb3dV9mFf1hfU/XBxIKn7PAUfrZGk9c8Z1gnSTv/a2FAEApcAQCcd5Mil9rG3A3MALF4JRJzH9x6VycQY/NkPB+QLHah7gCPOsqGwuw3QLAFzp7D3hRpvH590lB202XQni9BALPwI4jzPN+pwWDqQGAMENmd/asxLGh01zdMHSeb8FhoWULEnG+z7L9f84iywutotuovE5zbWTebP1WhxlOhN4ddsefnHx95/fe7+9uHoHAAfPYZOU3wCrU6rsjCsUvk5j//aHrsIM+FszKDAlwF5ir/UI851oLAP+Q1/3CD+Qc6/mknHcd59iz8BTrBxgXsAvmOc6u2woBg3SA4IBCu+nJwNDhbgsODkB43PEPCXZfz55leaYTlXeXE7AzLVnpCwvWSXHilbCSN49AoCBeaXXHkcEGVO1nEGr1VYMQ7v4uxYNxuoPZkiFB/gfMpX4QaHql7tndfIDeKxNVgzvMSGQHpj0L5/mAIAAMCgIEf0CNHxji4DDNibgrjKf5ovKmOgofpPRpFL+0lb9InHfQBgttIbkfBrATuAdd+7WkFKv9lCR1wnmIsuosHMTfgxnhB4Fjf6ncdS8foM/TusfvPD/RRCTpKizIG+4AQVowKAAQkkDBDwyTTGrEnQsWU4L/5n7W+z7v+9NG6BWk/EUEgMJ29OIqfzxY6OADAV+HXwOsQY6/7kB9Mhz0UxwajX2Ioyn7tEmXt5NcWRgw1D1LZ//Bbylop/syexMw2zkGTEx2ihWoFOnAoABASAKFgCi7JIAoAqeLzitM6Ytzb1+qYOCX4W0HVQLRcqsrzvPmA9NRm6+myPEXmmu/otBfsA+TDWZjBoX7A/IJVHIFfFQDKX3/tfKsd1ks55kbEBN4LVaYcuQFLOZ0gJAGGAIBogBO9/mCIvRKUvEPGAAClN97/gqaSuzyRqsjznPuBOajEnztgONQm69ysft71AHnoa7OsJD/C2Y0ya3HqXaMzOfeK3UMyFlg78ddK8D1kPsVp5iLOy0oFAQO+8Npvr+k7u1LlIPk4kVgThAQnz60QoNAisNapn8e0AuV+S6RJp+ZoGtxHqws+wmkA4HJYI5yhV35MEOzUbpT77LYOgPvTgTIpNyRH+CZuaAAmqKG2u53OG4pKX1JmP5JIDguOQ+j/V2GMy6pkCDgq+9vkNffM/3PBo6iHDj+CqJ7sA/XAMzqDAt8L4oYPMkv+CaXKJAmZ5GuBDvMSAaB+HGgCNluxVawwpS1JLiEd+4gpS82EBSg/K0nSvbt75RVlrPAcPbVFQoEVludcJ5ps9WXa1CN/+MI8Z1/cehr7EOeT2b9AR4/C+YsPwgcWV+LMGdhIkGm3XRfqGw6b3phO3AJmsqhMuFL4HnSKX+76VL+zvMU3dhjueGXYyoECGy0uuA8y26U538T5dDrXxj1wXnYyyj7CkJB/CGYzn4QqFZXde1zFqYmy6QAQRGu1krD2VYhOEj5x/uUf6aOZF3uV8hzn6cVvFXOm4/stDpAMr9GIuCnCeXQ618Y3YDzwONCMBEGBV9cAaaaf0IaD1e4bed5NoZ+hi+UtiiVcIrjfT+YQMFV/lsd5Z8gp2y7afLDdLpHoc/dlynJqf8LieKszW4otyAwLlX5P0Sx/pcC56GAnypUkN3fpZnYh64JZkEIJsOgqMF5YOr5J+bIk7RQcxZqMcaTaZwCmH4wcI8JRQWEQp12mVbYUt79A5V/rgA4d6myJfutUbrz0HcMrSYbYpX9SlQuQGABvoxV2ISu/H4DZKNY/9Bl+pUkfYh9+NMo+7ZKBfGbJPcgBFQuq+nltuHFouQS2P5quAXF26fc1x/ItV0YwOJAfrcg5Z+ho1fOIjllez6pdOeBr6ga0snJEYKHHnroHvf/YQaBFXbNO+PdDtyPzv09UImvwwl5rP+BUmvgW6wQWoN5PQST4/GXqO+AW2wUMNTIMrS41dcEIx0YpEm+KTIgFAIM+w0OZc0F7f7+6747rPL/QRZXtyUK0Oq7WqZ/+9mGQ09MmpNGjRr9c9KkSe+ceOKJ37uvn43CwDO9llx+3a51Z5y7geeBCcBA4Ax07i/XV35FpX44wugBJj8Ek+Txj6gLSzM/CIChyaWJNlhdH7BpuS4YzHLAYLpJLpudDhDSgcJ+AEMmuUhAkOec+313/dmzJcuuD0rGvVcZejxuOGVQyjyMHj36/TFjxqz3v97Mzt2PIVhHHufbNe4b6xvANOAioBmq7lshz/3p6AocgQxFDT8yPVkuf4GaP/rObIbDauvOu9dTWqi5Sy0Y3OcrwDErUYAjyToIAgS/QzFdPH9h4LCfUYKlDgouANyW7PH37vo7z9NRK/cR5Wo0G2OoXDtJ9llZWduvvPLK/Fq1av3gvl7TztUXIVg3Lv/Vrm2SeT3yh10OtKIC3fcXl+JlxQFzOZjvQjBpLu8F8xSYDqmTqGNBu2m6nur1lO6pvV558RJc850CHUUBhABQCEz4KW5eQFlwAYATBwEPAOzu73f6dVtiaDXRUPOsFHnn5uZ+ccIJJ2z3v97BztHeEKwXl7+za9o33o+Auah2RkcgixAV98wETcER0PVgdoRg8vy8DcwkMPWDgKB2I5XW7ve8U4TzcVuEc4ljHSzULucHBPfI4AcFPzAkgYMPIAKzAgvIEixt9jcHiQPAuETfhfZ3yvTvPN/QcoLh6JYp8j3++ON31KtX73v/6/XtnGwLwfrw8w67ln1j/hSV9R4FdEWVfSu8068oNAdHUKNQVZ9MT2IQv4eCOOoEAcHRZ2r3H/iKrcr7JzUNiVsHj9gCnfc7gOA115zjlPAqqLKPr+hHSn2ASamcBBiFsa9GwX6zz+np1lXwOg15jr9mNxrqpip+tWrVdh9//PEpO34dOwfvhWA9BPEuu4Z9494M3Ic8/r2AhsCRHCROv8IoBtyLI7AxYHaHYDKDeA+Yl8D0w5dd6HGthlLyeF3+l5y6/Kt0tRUHhCWJIp6eQ9EFhXgJMM9a8IGDv1dfElC4YDE1FTj2i4O+L81vuMcZr85ii1sSPoDGlxqOaJQiv1gs9pP/jI+VdT8r+z0hWAdBvNuuXd/Y/4rCfPOQA7wxiSSfg9b091MMeAgfCITVEjCozsAK1LgxqdaAx0dkSaGHbbCNOtap/n8cEJ61FsIKp4y3BwoPOpbCooS10HmeU/jTBxBJtQEtUHjc/q4AvrOIHPBZ97v9nGK5TE1UWTr3d4asroZDjkyVF5jq1avv9r9Wycp4hZV5puc9He8KVv6vgAeBcSjMtynq6HNQefyLSjFgKY4ARxFOn4DLe1FFlx5gDg8CgqpHShGG/Fm1COOA4HTu6f+C9SE8I1DovTJhKcSBwSv7bcGhy+JElWB/deDO8xywsIDhccc5xWf3814V4xSe6wMma7W0nmhoOFz9BwPkU6VKlX1VqlTZ53/9cCvT5YTPwefnHQSa/VuBJeiufzBK761DOSzuUZaUAgLXE77bgSDeA2YVmAGkVHZNcO1GhtyH1ZdgxEa1BLvwfXX7GfK2tRJelx9hwItOh59n5WD0wKHXU7oqc/sD5D7i9AdYYnsNWMDo+oA9atzv48UFsO+93ncEsfceD5Da3Wk4Y6ShznmGWKVAWVSuXDlF6bGyG2BlGVZT3+XvCHT4bQUeRo08h6Ky+XWJlL9IFEPIGRfo5YQvTqAgIFgH5gYwjdMBgQcGPZ8wXLhB/f5GfKxipcPzbY+/DbYFmNf+6w0dIQa+omOEBxD+DkF9V+tqss8f5XPovdKCxgoBh8c9n/TxEwFc0HseTwBQ14cMLcYbTh1mOKJx2meOxWJp/9bYymxdOVF8Y9dkwFXfFqT8k4BhKNCnLgfpXf/+Ugx5TeOCHUq4IgaLwn8DMxdMN9IcDzyu1VA756/eVN+CX2+yDUE/UQNQDxjiDUA3OD0C31Y/Qa9H4K/ekBUx6DWVPh/4igWNly1wWPAY8KJtN/ZCctuxeOuxNYkWZC7I9HnG0OVBXdudfrGhVrO0u3xhfLiVzVwrq0zPV3E4n8Agn7+hzWsikfIfMMVQ0ERcwD0IV+5AUXkPmFfA3ASmCZgaBSnG4ScYmo+VOT/8I8OvN6uXQRwYPnfAwd8h2AGJCz/Q8eLC9wUYw9YHNBd9xwEQCyKD1yUclr1WGDotMLS43dB4pOHY9oZDqheq2LFY7Kd0f6thZXCTlUl52e1dfp3A8N7NyOE3AZn9kfKXAMWAO3AE3ZpwZREWl78D8zQyd5sREGocxLUayoN+/r2GXisNA14xDF0vALjkcwsOX/gA4tNEm/ERfxEIDH5Ln73geSl3l4cM2XMNraYazv1fQ8NLDPW6GmqcbogdUvi4isg17bPeYJ+9PPh00vEKUhJ7DPAZuuobhxx+3pk/Uv4SoBhqkBAX+GmEp57AgfDf0S44Hl11ZR2AkoWNs+wzjbfP+PcQyPtAeQEpKb0G2IiOq3noqu9sIuUvcYoBV+MIviaqrhKG8mIlwTtQZ9hHUUpyZ1TBODDGIGRcyY61sx37o/ZZwn6FW1TeidZagLW2AYX33oSCfJoSXfWVGsVQ7vR3OJNwGeEoNFrSvA95mVeBmQLmIlTItJ5diFVSF2OpcxX72/XsWC6yY1tlx7ovBHIrad5IYA2/3cA65KMahcJ7G6Mgn0j5S5FiQHvg/3Am5HwyX3K8LHgvmE/ArAVzP5gJqPVZLjqXngnmZDB1kYc9qU16IXyI/Uxd+x1n2u/Mtb8xwf7mWjuGsAfnlASvJqV6rwF2AC+ilN7rUGJPQxTeG0X4lQHFUBx1vOcAqMZ6ppuPRFxxeCYpdfsN8vQ/jIp5XI5Sen9OIrEnUv4yIg8EkmoKgFotVcQjQcRlwxsJbNdlUC7//eia7yJUzCMLpfRGyp8hqoT8AvE6g6Bmi5nsShxx+eTlpDTqNCTO+/ORs28guuM/DhXzOOjz+TNNMXTlshhn4o5GPde3hGBhRRxu3oLWiq9Ft0GpvMtQ3f7foOq9ZyBPf3TNFyKKIQfMjfgmsTuYlSFYZBGHk1eiNeJfN0A+Cu6ZjJp2ZKPS3TWJnH2hJM8v0A1FZsUn81gwY9HddKYXXMTh4M1oTQRkbu4EXkZO5ptQcM95qGlHdN4vB1QJdVe5Hd/kdgSzJASLL+LM8hK0FvzrA0X1LUEtuq9BjTqboMi+Q4nO++WGvCNBb3R1E5/kqmBGgnkjBAsx4rLlN+zcVyVF8f8DvIocfXnAhahFd30ik7/cUgx1WK2GL5cAMKeiOPUvQ7AwIy5d/tLO9amkPes/hHb961FU39nIy1/NrqFI+csxebcEHYD38S2Atqg5aEXJKYg4wTvt3LYlUPH/DaxBZ/2b0a7fDjgFRfVFXv4KRJ6DsDpwCfBPfAuiJ5ilIVi0EZcML7Vz6p9ndK//Fro2ngxchc76TdGuX53I0VdhKYaSNWoCtxCwQAai/nKZXsAR7x8/bucwaG6BD5CT726UxDMIaEnirB8l8hwE5PoGjgVm4FsolcEMIoomLE+83M5Z5WDF/wvwKGpCczMwAsXxN0Ie/uisfxCSdyyogaK75hOwePqCeZCKk9tekXiHnZu+wUpvUDuuFXZuxwMjgVzgLHSvX4PI3D/oqRJy+NREQUQfErCYOqEMsc0hWPgHO2+2c9EpveJvQw6+BahA51XoSvgXwEl2rqsS3etHZClGIoCoFsr0CrQImqAOMK+GQBEONn7Vyr5JesX/BHgaKf4kFMzTF2iO0nZrkQjoiXb9iFLI8w8chqq7NEcOo5TFdgRyNt0HZmsIlKOi8lYr44FW5kFzgVJ1n0KgPREp/gXIwdfAzuVhROf8iIpIrqOwDvIR3IIixlIWYBMwv0UVZMLa1LQ88W4ry99S4G6/F3gHZevNQRV5r0Q7fguk+HWIHHwRHQC5QFAbmZGXAV+QZmG2Rqmla8H8GAJlKi/8o5XZzQSW3XZ5O0rWWYxucMaibL0ewC/tHNUmUvyISpDco0Et5Eg6H7iTNFYBYFqBGQ3mj2C2hUDJwsbbrGxGW1mlkyPa7dcjM38eCuD5Heq+k4NCd0+ycxOZ+hGVGnnOQu/WoB6qBnsZvn6Gfm4E5mIw88FsCIHyZYo3WBlcbGVSkMxQdt4a4F7gLnSHfwU637exsq9Hslc/UvyISp08IKiCcsTrohjyZsDvgSeAtO2xqtod71owiys4IGywz3itfeaATDw/fwy8hEz8mehsfz0wBO32zays61rZVyFS/IgySF5A0aFoJzoBOB05on6PItDSHhMAEwPTFDWbnISq1HwaAuUtLn9qxz7JPktT+2wFPTuwB3nxvZ1+Jgra+Q1K0Mm1sjzdyramlXUUwBNRqMi1CjynYRYyU1si03UB8CWFK4WpjFpm90Y99eaAeQZVrf0hg0r+gx3DM3ZMN9gxNiZtGG4Qb0Me/JXoTD8d5eFfh871uVZmja0MPadetNtHVC7IA4OfoewyDwwaofJSuehacRkF3Cik49p2d+2CuvPcCGYaui9fAeZlMOvBfIbu0bdZxd0L5ifLe+1r2+x7PrOfedl+x332O2+0v9HF/mbtYo7V8j+RE+9ZYBGKrZiAEnJGokq7OVY2jUgofXUrw0jpIyq35LcMaiFTtgHyXrdBV1ijkQn8IvAV+6doYeB/Iefd68CT6I5+OjrLj0INNQajFNw2VgYNrExqEe30EVVgipHsMzgCOBrteKchZWiN2k0NQnfcC1B46zvAJqRgmVby7cDXqPjqu+j8vgz4A2rnPh4B2jUo866/fabW9hlPs898tJWBe6aPlD6ig4Zc6+AwpAx10NXWKegM3AztlF1RlNtQ5BWfjMzpJ4EXgLeRM20TsBU1Ud0O/ICKYOwj+WbiJ/vaHuC/qOfdv4BvgL8h5c633/sS8EdgKWqIeQcy4fPQrn4NCsYZasfY1Y65mX2GU+wz1bHPeBjRLh9RRCnkWghV0Rm4Jtop66HCFQ2BM5FytUJ57d2APshqGAZcjM7WVyOw+B1S1DGo1PXNyAeRZ/kW+9pN9j2j7Geut98x0n7nMPsbfexvdrRjaGbH1NCOsZ4dc037DFWJdviIItov8oNCNZTHXhM5yo5FCncyOkufjnIXmgLnoBTY85BXvRXamdui+ncut7V/a2Xfe5797Dn2u86w393A/lY9+9u17Vhq2LFFyh5RRGVE3hGiMvKWH4qUsDpSyCORch6FHGy1LddBO7TLdZy/17KfqWm/o4b9zmr2N35mfzMy4SOKKKKIyhv9P62TYpfXPzkGAAAAAElFTkSuQmCC"; + + return PlaceHolder; +})(); diff --git a/src/content/content.css b/src/content/content.css new file mode 100644 index 0000000..015fb2d --- /dev/null +++ b/src/content/content.css @@ -0,0 +1,71 @@ +a.__NoScript_PlaceHolder__ { + outline: 2px solid #048; + color: #048; + text-decoration: none; + text-align: center; + background: rgba(255,250,200, .7) no-repeat center; + background-size: 256px; + visibility: visible !important; + cursor: pointer; + opacity: 0.8; + transition: 1s all; +} + +a.__NoScript_PlaceHolder__:hover { + opacity: 1; + text-decoration: underline; + background-size: 128px; + background-position: top left; +} + +a.__NoScript_PlaceHolder__.closing { + transition: .4s all; + opacity: 0; + transform: scale(0, 0); +} + +a.__NoScript_PlaceHolder__ > span { + display: flex !important; + flex-direction: row; + justify-content: space-around; + align-items: center; + position: relative; + padding: 0; + margin: 0; + width: 100%; + height: 100%; +} + +.__NoScript_PlaceHolder__ button { + appearance: none; + -moz-appearance: none; + border: none; + position: absolute; + top: 0; + right: 0; + display: block; + color: #800; + font-size: 16px; + font-family: sans-serif; + padding: 0 4px; + margin: 0; + background: none; + transition: .2s all; +} +.__NoScript_PlaceHolder__ button:hover { + + color: white; + text-shadow: -2px 0 2px red, 2px 0 2px red; +} + +.__NoScript_PlaceHolder__ > span > span { + display: block; + font-size: 18px; + background: rgba(255, 250, 200, .5); + border-radius: 8px; + padding: 8px; + margin: 0; + font-family: sans-serif; + overflow-wrap: break-word; + word-break: break-all; +} diff --git a/src/content/content.js b/src/content/content.js new file mode 100644 index 0000000..5ba5076 --- /dev/null +++ b/src/content/content.js @@ -0,0 +1,107 @@ +'use strict'; + + // debug = () => {}; // XPI_ONLY + +var _ = browser.i18n.getMessage; + +var canScript = true; + +var embeddingDocument = false; + +var seen = { + _map: new Map(), + _list: null, + record(event) { + let key = event.request.key; + if (this._map.has(key)) return; + this._map.set(key, event); + this._list = null; + }, + get list() { + return this._list || (this._list = [...this._map.values()]); + } +} + +var handlers = { + + seen(event) { + let {allowed, policyType, request, ownFrame} = event; + if (window.top === window) { + seen.record(event); + } + if (ownFrame) { + init(); + if (!allowed && PlaceHolder.canReplace(policyType)) { + request.embeddingDocument = embeddingDocument; + PlaceHolder.create(policyType, request); + } + } + }, + + collect(event) { + let list = seen.list; + debug("COLLECT", list); + return list; + } +}; + +browser.runtime.onMessage.addListener(async event => { + if (event.type in handlers) { + debug("Received message", event); + return handlers[event.type](event); + } +}); + +if (document.readyState !== "complete") { + let pageshown = e => { + removeEventListener("pageshow", pageshown); + init(); + }; + addEventListener("pageshow", pageshown); +} else init(); + +let notifyPage = () => { + if (document.readyState === "complete") { + browser.runtime.sendMessage({type: "pageshow", seen, canScript}); + return true; + } + return false; +} + + +async function init() { + try { + canScript = await browser.runtime.sendMessage({type: "canScript"}); + init = () => {}; + debug("canScript:", canScript); + } catch (e) { + // background script not initialized yet? + setTimeout(() => init(), 100); + return; + } + + if (!canScript) onScriptDisabled(); + seen.record({ + request: { + key: "noscript-probe", + url: document.URL, + documentUrl: document.URL, + type: window === window.top ? "main_frame" : "script", + }, + allowed: canScript + } + ); + + debug(`Loading NoScript in document %s, scripting=%s, content type %s readyState %s`, + document.URL, canScript, document.contentType, document.readyState); + + if (/application|video|audio/.test(document.contentType)) { + debug("Embedding document detected"); + embeddingDocument = true; + window.addEventListener("pageshow", e => { + debug("Active content still in document %s: %o", document.url, document.querySelectorAll("embed,object,video,audio")); + }, true); + // document.write("<plaintext>"); + } + notifyPage() || addEventListener("pageshow", notifyPage); +}; diff --git a/src/content/media.js b/src/content/media.js new file mode 100644 index 0000000..22bf014 --- /dev/null +++ b/src/content/media.js @@ -0,0 +1,59 @@ +console.log("Media Hook", document.documentElement.innerHTML); +try { + (() => { + let unpatched = new Map(); + function patch(obj, methodName, replacement) { + let methods = unpatched.get(obj) || {}; + methods[methodName] = obj[methodName]; + exportFunction(replacement, obj, {defineAs: methodName}); + unpatched.set(obj, methods); + } + patch(window.console, "log", function(s, ...args) { + unpatched.get(window.console).log.call(`PATCHED ${s}`, ...args); + }); + let urlMap = new WeakMap(); + patch(window.URL, "createObjectURL", function(o, ...args) { + let url = unpatched.get(window.URL).createObjectURL.call(this, o, ...args); + if (o instanceof MediaSource) { + let urls = urlMap.get(o); + if (!urls) urlMap.set(o, urls = new Set()); + urls.add(url); + } + return url; + }); + + patch(window.MediaSource.prototype, "addSourceBuffer", function(mime, ...args) { + let ms = this; + let urls = urlMap.get(ms); + let me = Array.from(document.querySelectorAll("video,audio")) + .find(e => e.srcObject === ms || urls && urls.has(e.src)); + let exposedMime = `${mime} (MSE)`; + + let request = { + id: "noscript-media", + type: "media", + url: document.URL, + documentUrl: document.URL, + embeddingDocument: true, + }; + seen.record({policyType: "media", request, allowed: false}); + notifyPage(); + + if (window.mediaBlocker) { + try { + let ph = PlaceHolder.create("media", request); + ph.replace(me); + PlaceHolder.listen(); + } catch (e) { + error(e); + } + throw new Error(`${exposedMime} blocked by NoScript`); + } + + return unpatched.get(window.MediaSource.prototype).addSourceBuffer.call(ms, mime, ...args); + }); + + })(); +} catch (e) { + error(e, "Cannot patch MediaSource"); +} diff --git a/src/content/onScriptDisabled.js b/src/content/onScriptDisabled.js new file mode 100644 index 0000000..e6c754a --- /dev/null +++ b/src/content/onScriptDisabled.js @@ -0,0 +1,74 @@ +function onScriptDisabled() { + for (let noscript of document.querySelectorAll("noscript")) { + // force show NOSCRIPT elements content + let replacement = document.createElement("div"); + replacement.innerHTML = noscript.innerHTML; + noscript.parentNode.replaceChild(replacement, noscript); + // emulate meta-refresh + let meta = replacement.querySelector('meta[http-equiv="refresh"]'); + if (meta) { + let content = meta.getAttribute("content"); + if (content) { + let [secs, url] = content.split(/\s*;\s*url\s*=\s*/i); + if (url) { + try { + let urlObj = new URL(url); + if (!/^https?:/.test(urlObj.protocol)) { + continue; + } + } catch (e) { + } + window.setTimeout(() => location.href = url, (parseInt(secs) || 0) * 1000); + } + } + } + } + + { + let eraser = { + tapped: null, + delKey: false, + }; + + addEventListener("pagehide", ev => { + eraser.tapped = null; + eraser.delKey = false; + }, false); + + addEventListener("keyup", ev => { + let el = eraser.tapped; + if (el && ev.keyCode === 46) { + eraser.tapped = null; + eraser.delKey = true; + let doc = el.ownerDocument; + let w = doc.defaultView; + if (w.getSelection().isCollapsed) { + let root = doc.body || doc.documentElement; + let posRx = /^(?:absolute|fixed)$/; + do { + if (posRx.test(w.getComputedStyle(el, '').position)) { + (eraser.tapped = el.parentNode).removeChild(el); + break; + } + } while ((el = el.parentNode) && el != root); + } + } + }, true); + + addEventListener("mousedown", ev => { + if (ev.button === 0) { + eraser.tapped = ev.target; + eraser.delKey = false; + } + }, true); + + addEventListener("mouseup", ev => { + if (eraser.delKey) { + eraser.delKey = false; + ev.preventDefault(); + ev.stopPropagation(); + } + eraser.tapped = null; + }, true); + } +} diff --git a/src/content/webglHook.js b/src/content/webglHook.js new file mode 100644 index 0000000..ba0d769 --- /dev/null +++ b/src/content/webglHook.js @@ -0,0 +1,31 @@ +console.log("WebGL Hook", document.documentElement.innerHTML); +try { + let proto = HTMLCanvasElement.prototype; + let getContext = proto.getContext; + exportFunction(function(type, ...rest) { + if (type && type.toLowerCase().includes("webgl")) { + let request = { + id: "noscript-webgl", + type: "webgl", + url: document.URL, + documentUrl: document.URL, + embeddingDocument: true, + }; + seen.record({policyType: "webgl", request, allowed: false}); + try { + let ph = PlaceHolder.create("webgl", request); + ph.replace(this); + PlaceHolder.listen(); + } catch (e) { + error(e); + } + notifyPage(); + return {}; + } + return getContext.call(this, type, ...rest); + }, proto, {defineAs: "getContext"}); +} catch (e) { + console.error(e); +} + +null; diff --git a/src/img/error64.png b/src/img/error64.png Binary files differnew file mode 100644 index 0000000..0400d35 --- /dev/null +++ b/src/img/error64.png diff --git a/src/img/icon256.png b/src/img/icon256.png Binary files differnew file mode 100644 index 0000000..a4e2684 --- /dev/null +++ b/src/img/icon256.png diff --git a/src/img/icon48.png b/src/img/icon48.png Binary files differnew file mode 100644 index 0000000..310fbdd --- /dev/null +++ b/src/img/icon48.png diff --git a/src/img/icon96.png b/src/img/icon96.png Binary files differnew file mode 100644 index 0000000..de0b65c --- /dev/null +++ b/src/img/icon96.png diff --git a/src/img/noscript-options.png b/src/img/noscript-options.png Binary files differnew file mode 100644 index 0000000..5fa1020 --- /dev/null +++ b/src/img/noscript-options.png diff --git a/src/img/ui-black64.png b/src/img/ui-black64.png Binary files differnew file mode 100644 index 0000000..5164774 --- /dev/null +++ b/src/img/ui-black64.png diff --git a/src/img/ui-clock64.png b/src/img/ui-clock64.png Binary files differnew file mode 100644 index 0000000..16a3374 --- /dev/null +++ b/src/img/ui-clock64.png diff --git a/src/img/ui-close64.png b/src/img/ui-close64.png Binary files differnew file mode 100644 index 0000000..2e15a2f --- /dev/null +++ b/src/img/ui-close64.png diff --git a/src/img/ui-custom64.png b/src/img/ui-custom64.png Binary files differnew file mode 100644 index 0000000..71335ee --- /dev/null +++ b/src/img/ui-custom64.png diff --git a/src/img/ui-global-no64.png b/src/img/ui-global-no64.png Binary files differnew file mode 100644 index 0000000..40d7e69 --- /dev/null +++ b/src/img/ui-global-no64.png diff --git a/src/img/ui-global64.png b/src/img/ui-global64.png Binary files differnew file mode 100644 index 0000000..cbf6c5b --- /dev/null +++ b/src/img/ui-global64.png diff --git a/src/img/ui-http64.png b/src/img/ui-http64.png Binary files differnew file mode 100644 index 0000000..dec85f0 --- /dev/null +++ b/src/img/ui-http64.png diff --git a/src/img/ui-https64.png b/src/img/ui-https64.png Binary files differnew file mode 100644 index 0000000..11e5b2f --- /dev/null +++ b/src/img/ui-https64.png diff --git a/src/img/ui-maybe64.png b/src/img/ui-maybe64.png Binary files differnew file mode 100644 index 0000000..d3f0625 --- /dev/null +++ b/src/img/ui-maybe64.png diff --git a/src/img/ui-no64.png b/src/img/ui-no64.png Binary files differnew file mode 100644 index 0000000..9f12a64 --- /dev/null +++ b/src/img/ui-no64.png diff --git a/src/img/ui-part64.png b/src/img/ui-part64.png Binary files differnew file mode 100644 index 0000000..806ef15 --- /dev/null +++ b/src/img/ui-part64.png diff --git a/src/img/ui-reload64.png b/src/img/ui-reload64.png Binary files differnew file mode 100644 index 0000000..dd5e0cf --- /dev/null +++ b/src/img/ui-reload64.png diff --git a/src/img/ui-revoke-temp64.png b/src/img/ui-revoke-temp64.png Binary files differnew file mode 100644 index 0000000..215d0a7 --- /dev/null +++ b/src/img/ui-revoke-temp64.png diff --git a/src/img/ui-sub64.png b/src/img/ui-sub64.png Binary files differnew file mode 100644 index 0000000..9c2aaab --- /dev/null +++ b/src/img/ui-sub64.png diff --git a/src/img/ui-tab-no64.png b/src/img/ui-tab-no64.png Binary files differnew file mode 100644 index 0000000..3384b2b --- /dev/null +++ b/src/img/ui-tab-no64.png diff --git a/src/img/ui-tab64.png b/src/img/ui-tab64.png Binary files differnew file mode 100644 index 0000000..acbdace --- /dev/null +++ b/src/img/ui-tab64.png diff --git a/src/img/ui-temp-all64.png b/src/img/ui-temp-all64.png Binary files differnew file mode 100644 index 0000000..a6aef86 --- /dev/null +++ b/src/img/ui-temp-all64.png diff --git a/src/img/ui-temp64.png b/src/img/ui-temp64.png Binary files differnew file mode 100644 index 0000000..461936c --- /dev/null +++ b/src/img/ui-temp64.png diff --git a/src/img/ui-yes64.png b/src/img/ui-yes64.png Binary files differnew file mode 100644 index 0000000..69ad53d --- /dev/null +++ b/src/img/ui-yes64.png diff --git a/src/img/warning64.png b/src/img/warning64.png Binary files differnew file mode 100644 index 0000000..34122e5 --- /dev/null +++ b/src/img/warning64.png diff --git a/src/legacy/Legacy.js b/src/legacy/Legacy.js new file mode 100644 index 0000000..aeb0762 --- /dev/null +++ b/src/legacy/Legacy.js @@ -0,0 +1,147 @@ +'use strict'; + +var Legacy = { + + async init() { + let migrated = (await browser.storage.local.get("legacyBackup")).legacyBackup; + let real = await this.import(migrated); + this.init = async () => real; + return real; + }, + + async import(migrated) { + if (this.migrated) this.undo = this.migrated; + this.migrated = (migrated && migrated.prefs) ? migrated : {prefs: {}}; + await include("/legacy/defaults.js"); + return 'whitelist' in this.migrated; // "real" migration with custom policy + }, + + async persist() { + await browser.storage.local.set({legacyBackup: this.migrated}); + }, + + getPref(name, def) { + return name in this.migrated.prefs ? this.migrated.prefs[name] : def; + }, + + getRxPref(name, parseRx = Legacy.RX.multi, flags, def) { + let source = this.getPref(name, def); + if (source instanceof RegExp) return source; + try { + return parseRx(source, flags); + } catch (e) { + error(e, "Parsing RegExp preference %s, falling back to %s", name, def); + if (def) { + if (def instanceof RegExp) { + return def; + } + try { + return parseRx(def, flags); + } catch(e) { + error(e); + } + } + } + return null; + }, + + async createOrMigratePolicy() { + try { + if (await this.init()) { + return this.migratePolicy(); + } + } catch (e) { + error(e); + } + return new Policy(); + }, + + extractLists(lists) { + return lists.map(listString => listString.split(/\s+/)) + .map(sites => sites.filter(s => !(s.includes(":") && + sites.includes(s.replace(/.*:\/*(?=\w)/g, "")) + ))); + }, + + migratePolicy() { + // here we normalize both NS whitelist and blacklist, getting finally rid of + // the legacy of CAPS mandating protocols for top-level domains + let [trusted, untrusted] = this.extractLists( + [this.migrated.whitelist, this.getPref("untrusted", "")]); + + // securify default whitelist domain items + if (this.getPref("httpsDefWhitelist")) { + this.getPref("default", ""). + split(/\s+/). + filter(s => !s.includes(":")). + forEach(s => { + let idx = trusted.indexOf(s); + if (idx !== -1) { + trusted[idx] = Sites.secureDomainKey(s); + } + }); + } + + let DEFAULT = new Permissions(["other"]); + let {capabilities} = DEFAULT; + // let's semplify object permissions now that almost everything is + // either blacklisted or C2P by the browser + if (!["Java", "Flash", "Silverlight", "Plugins"] + .find(type => this.getPref(`forbid${type}`))) { + capabilities.add("object"); + } + + let prefMap = { + "Fonts": "font", + "Frames": "frame", + "IFrames": "frame", + "Media": "media", + "WebGL": "webgl", + }; + for (let [legacy, current] of Object.entries(prefMap)) { + if (!this.getPref(`forbid${legacy}`, true)) capabilities.add(current); + } + + let TRUSTED = new Permissions(new Set(this.getPref("contentBlocker") ? capabilities : Permissions.ALL)); + TRUSTED.capabilities.add("script").add("fetch"); + + let UNTRUSTED = new Permissions(); + if (this.getPref("global")) { + if (!this.getPref("alwaysBlockUntrustedContent")) { + UNTRUSTED.capabilities = new Set(capabilities); + } + DEFAULT = new Permissions(TRUSTED.capabilities); + } + + return new Policy({ + sites: {untrusted, trusted, custom: {}}, + DEFAULT, + TRUSTED, + UNTRUSTED, + enforced: true, + // TODO: enforce these before ESR 59 gets released + cascadePermissions: this.getPref("cascadePermissions"), + restrictSubDocScripting: this.getPref("restrictSubDocScripting"), + onlySecure: this.getPref("allowHttpsOnly") + }); + + }, + + RX: { + simple: function(s, flags) { + var anchor = /\^/.test(flags); + return new RegExp(anchor ? rxParsers.anchor(s) : s, + anchor ? flags.replace(/\^/g, '') : flags); + }, + anchor: function(s) { + return /^\^|\$$/.test(s) ? s : "^" + s + "$"; + }, + multi: function(s, flags) { + var anchor = /\^/.test(flags); + var lines = s.split(anchor ? /\s+/ : /[\n\r]+/).filter(l => /\S/.test(l)); + return new RegExp((anchor ? lines.map(rxParsers.anchor) : lines).join('|'), + anchor ? flags.replace(/\^/g, '') : flags); + } + } +} +Legacy.init(); diff --git a/src/legacy/defaults.js b/src/legacy/defaults.js new file mode 100644 index 0000000..5526353 --- /dev/null +++ b/src/legacy/defaults.js @@ -0,0 +1,365 @@ +'use strict'; + +Legacy.migrated.prefs = Object.assign( +{ + "autoReload": true, + "autoReload.global": true, + "autoReload.allTabs": true, + "autoReload.allTabsOnPageAction": true, + "autoReload.allTabsOnGlobal": false, + "autoReload.onMultiContent": false, + "autoReload.useHistory": false, + "autoReload.useHistory.exceptCurrent": true, + "autoReload.embedders": 1, + "ctxMenu": true, + "statusIcon": true, + "sound": false, + "sound.oncePerSite": true, + "notify": true, + "notify.bottom": true, + "showAddress": false, + "showDomain": false, + "showTemp": true, + "showPermanent": true, + "showDistrust": true, + "showUntrusted": true, + "showBaseDomain": true, + "showAbout": true, + "showGlobal": true, + "showTempToPerm": true, + "showRevokeTemp": true, + "showBlockedObjects": true, + "showExternalFilters": true, + "showTempAllowPage": true, + "showAllowPage": true, + "mandatory": "[System+Principal] about: about:addons about:blocked about:certerror about:config about:crashes about:feeds about:home about:memory about:neterror about:plugins about:preferences about:privatebrowsing about:sessionrestore about:srcdoc about:support about:tabcrashed blob: chrome: mediasource: moz-extension: moz-safe-about: resource:", + "default": "about:blank about:pocket-saved about:pocket-signup addons.mozilla.org afx.ms ajax.aspnetcdn.com ajax.googleapis.com bootstrapcdn.com code.jquery.com firstdata.com firstdata.lv gfx.ms google.com googlevideo.com gstatic.com hotmail.com live.com live.net maps.googleapis.com mozilla.net netflix.com nflxext.com nflximg.com nflxvideo.net noscript.net outlook.com passport.com passport.net passportimages.com paypal.com paypalobjects.com securecode.com securesuite.net sfx.ms tinymce.cachefly.net wlxrs.com yahoo.com yahooapis.com yimg.com youtube.com ytimg.com", + "allowWhitelistUpdates": true, + "volatilePrivatePermissions": false, + "showVolatilePrivatePermissionsToggle": true, + "eraseFloatingElements": true, + "bgThumbs.allowed": false, + "bgThumbs.disableJS": true, + "forbidJava": true, + "forbidFlash": true, + "forbidSilverlight": true, + "forbidPlugins": true, + "forbidMedia": true, + "forbidFonts": true, + "forbidWebGL": false, + "forbidActiveContentParentTrustCheck": true, + "forbidIFrames": false, + "forbidIFramesContext": 3, + "forbidIFramesParentTrustCheck": true, + "forbidFrames": false, + "forbidMixedFrames": true, + "sound.block": "chrome://noscript/skin/block.wav", + "allowClipboard": false, + "allowLocalLinks": false, + "allowLocalLinks.from": "", + "allowLocalLinks.to": "", + "allowCachingObjects": true, + "showPlaceholder": true, + "global": false, + "globalHttpsWhitelist": false, + "confirmUnblock": true, + "confirmUnsafeReload": true, + "statusLabel": false, + "forbidBookmarklets": false, + "allowBookmarkletImports": true, + "allowBookmarks": false, + "notify.hideDelay": 5, + "notify.hidePermanent": true, + "notify.hide": false, + "truncateTitleLen": 255, + "truncateTitle": true, + "fixLinks": true, + "noping": true, + "consoleDump": 0, + "excaps": true, + "nselForce": true, + "nselNever": false, + "nselNoMeta": true, + "autoAllow": 0, + "toolbarToggle": 3, + "allowPageLevel": 0, + "forbidImpliesUntrust": false, + "keys.toggle": "ctrl shift VK_BACK_SLASH.|", + "keys.ui": "ctrl shift S", + "keys.tempAllowPage": "", + "keys.revokeTemp": "", + "menuAccelerators": false, + "forbidMetaRefresh": false, + "forbidMetaRefresh.remember": false, + "forbidMetaRefresh.notify": true, + "forbidMetaRefresh.exceptions": "^https?://(?:www|encrypted)\\.google\\.(?:[a-z]{2,3}|[a-z]{2}\\.[a-z]{2,3})/ t.co", + "contentBlocker": false, + "toggle.temp": true, + "firstRunRedirection": true, + "xss.notify": true, + "xss.notify.subframes": true, + "xss.trustReloads": false, + "xss.trustData": true, + "xss.trustExternal": true, + "xss.trustTemp": true, + "xss.checkInclusions": true, + "xss.checkInclusions.exceptions": "intensedebate.com/idc/js/", + "xss.checkCharset.exceptions": "", + "filterXPost": true, + "filterXGet": true, + "filterXGetRx": "<+(?=[^<>=\\d. /(-])|[\\\\\"\\x00-\\x07\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F]", + "filterXGetUserRx": "", + "filterXExceptions": "^https?://([a-z]+)\\.google\\.(?:[a-z]{1,3}\\.)?[a-z]+/(?:search|custom|\\1)\\?\n^https?://([a-z]*)\\.?search\\.yahoo\\.com/search(?:\\?|/\\1\\b)\n^https?://[a-z]+\\.wikipedia\\.org/wiki/[^\"<>?%]+$\n^https?://translate\\.google\\.com/translate_t[^\"'<>?%]+$\n^https://secure\\.wikimedia\\.org/wikipedia/[a-z]+/wiki/[^\"<>\\?%]+$", + "filterXExceptions.blogspot": true, + "filterXExceptions.darla_name": true, + "filterXExceptions.deviantart": true, + "filterXExceptions.fbconnect": true, + "filterXExceptions.ebay": true, + "filterXExceptions.ggadgets": true, + "filterXExceptions.letitbit": true, + "filterXExceptions.livejournal": true, + "filterXExceptions.lycosmail": true, + "filterXExceptions.medicare": true, + "filterXException.photobucket": true, + "filterXExceptions.printfriendly": true, + "filterXExceptions.readability": true, + "filterXExceptions.yahoo": true, + "filterXExceptions.visa": true, + "filterXExceptions.verizon": true, + "filterXExceptions.zendesk": true, + "filterXExceptions.yt_comments": true, + "protectWindowNameXAssignment": true, + "injectionCheck": 2, + "injectionCheckPost": true, + "injectionCheckHTML": true, + "globalwarning": true, + "jsredirectIgnore": false, + "jsredirectFollow": false, + "jsredirectForceShow": false, + "removeSMILKeySniffer": true, + "utf7filter": true, + "safeJSRx": "(?:window\\.)?close\\s*\\(\\)", + "badInstall": false, + "fixURI": true, + "fixURI.exclude": "", + "urivalid.aim": "\\w[^\\\\?&\\x00-\\x1f#]*(?:\\?[^\\\\\\x00-\\x1f#]*(?:#[\\w.@+-]{2,32})?)?", + "urivalid.mailto": "[^\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]*", + "forbidExtProtSubdocs": true, + "forbidXBL": 1, + "forbidXHR": 1, + "whitelistRegExp": "", + "tempGlobal": false, + "lockPrivilegedUI": false, + "collapseObject": false, + "showUntrustedPlaceholder": true, + "jsHack": "", + "jsHackRegExp": "", + "canonicalFQDN": false, + "allowedMimeRegExp": "", + "alwaysBlockUntrustedContent": true, + "consoleLog": false, + "dropXssProtection": true, + "flashPatch": true, + "silverlightPatch": true, + "allowURLBarJS": false, + "allowURLBarImports": false, + "hideOnUnloadRegExp": "video/.*", + "untrusted": "", + "untrustedGranularity": 3, + "requireReloadRegExp": "application/x-vnd\\.moveplayer\\b.*", + "restrictSubdocScripting": false, + "cascadePermissions": false, + "secureCookies": false, + "secureCookiesExceptions": "", + "secureCookiesForced": "", + "secureCookies.recycle": false, + "secureCookies.perTab": false, + "httpsForced": "", + "httpsForcedBuiltIn": "www.youtube.com", + "httpsDefWhitelist": true, + "allowHttpsOnly": 0, + "https.showInConsole": true, + "clearClick": 3, + "clearClick.plugins": true, + "clearClick.prompt": true, + "clearClick.debug": false, + "clearClick.exceptions": ".mail.yahoo.com https://mail.google.com/ *.ebay.com *.photobucket.com .youtube.com", + "clearClick.subexceptions": "^http://bit(?:ly\\.com|\\.ly)/a/sidebar\\?u= http://*.uservoice.com/*/popin.html?* http://w.sharethis.com/share3x/lightbox.html?* http://disqus.com/embed/* *.disqus.com/*/reply.html* http://www.feedly.com/mini abine:*", + "clearClick.rapidFireCheck": true, + "clearClick.threshold": 18, + "emulateFrameBreak": true, + "stickyUI.liveReload": false, + "stickyUI": true, + "stickyUI.onKeyboard": true, + "hoverUI": true, + "hoverUI.delayEnter": 250, + "hoverUI.delayStop": 50, + "hoverUI.delayExit1": 250, + "hoverUI.delayExit2": 300, + "hoverUI.excludeToggling": true, + "ignorePorts": true, + "cp.last": true, + "sanitizePaste": true, + "surrogate.enabled": true, + "surrogate.debug": false, + "surrogate.sandbox": true, + "surrogate.2mdn.replacement": "if('Proxy' in window){let _f=function(){}; google=$S(); Object.defineProperty(google,'__noSuchMethod__',{configurable:true,enumerable:false,value:_f});let ima={};ima.AdsManagerLoadedEvent=ima.AdErrorEvent={Type:new Proxy({},{get:function(){return 0}}),};ima.settings=new Proxy({},{get:function(){return _f}});ima.AdsLoader=ima.AdsRequest=ima.AdDisplayContainer=function(){return new Proxy({},{get:function(){return _f}});};google.ima=ima;}", + "surrogate.2mdn.sources": ".2mdn.net", + "surrogate.360Haven.sources": "@www.360haven.com", + "surrogate.360Haven.replacement": "Object.defineProperty(window,'adblock',{get:function() false,set: function() false});Object.defineProperty(window,'google_ad_client',{get: function () { return $S({__noSuchMethod__: function() this})}});Object.defineProperty(window.HTMLBodyElement.prototype,'innerHTML',{get:function() ''});", + "surrogate.adagionet.sources": ".adagionet.com", + "surrogate.adagionet.replacement": "adagioWriteTag=adagioWriteBanner=function(){}", + "surrogate.addthis.sources": "^https?://(?:[^/:]+\\.)?addthis\\.com/.*addthis_widget\\.js", + "surrogate.addthis.replacement": "addthis=(function(){var f=$S(arguments.callee);return f.__noSuchMethod__=f.data=f.bar=f.dynamic=f.login=f.ad=f.util=f.user=f.session=f})();", + "surrogate.adfly.sources": "!@^https?://adf.ly/\\w+/?$", + "surrogate.adfly.replacement": "for(var a=/ysmm = '(.*?)';/gi.exec(document.documentElement.innerHTML)[1],b='',c='',d=0;d<a.length;d++)0==d%2?b+=a.charAt(d):c=a.charAt(d)+c;window.location=atob(b+c).substring(2)", + "surrogate.ampush.sources": ".ampush.io", + "surrogate.ampush.replacement": "window.ampt=$S({__noSuchMethod__:function(){}});", + "surrogate.digg.sources": "!@digg.com/newsbar/*", + "surrogate.digg.replacement": "window.location.href=document.querySelector('link[rel=canonical]').href", + "surrogate.dimtus.sources": "!@^http://(?:dimtus|imageteam)\\.(?:com|org)/img-", + "surrogate.dimtus.replacement": "document.querySelector('.overlay_ad').style.display='none'", + "surrogate.ga.sources": "*.google-analytics.com", + "surrogate.ga.replacement": "(function(){var _0=$S(function()_0),_u=function(){};_0.__noSuchMethod__=_0;('ga'in window)||(ga=_u);window.urchinTracker=window._u||_u;window._gaq=$S({__noSuchMethod__:_0,push:function(f){if(typeof f=='function')f();else if(f&&f.shift&&f[0]in this)this[f.shift()].apply(this,f)},_set:function(a,b){if(typeof b=='function')b()},_link:function(h){if(h)location.href=h},_linkByPost:function(f){if(f&&f.submit)f.submit();return true},_getLinkerUrl:function(u){return u},_trackEvent:_0});window._gat=$S({__noSuchMethod__:function(){return _gaq},_getTrackerByName:function(){return {_visitCode:function(){return 0}}}});window.cxApi=$S({__noSuchMethod__:_0,getChosenVariation:function(x){return typeof x == 'number' ? x : x[0]},chooseVariation:function(x){return 0}})})()", + "surrogate.glinks.replacement": "['focus','mouseover','mousedown','click'].forEach(function(et){addEventListener(et,function(e){var a=e.target,href=a.href&&a.getAttribute&&a.getAttribute('href');if(href&&/^(?:http|\\/url)/.test(href)&&!a._href){a._href=a.href=a.href.replace(/.*\\/url.*[?&](?:url|q)=(http[^&]+).*/,function(a,b)decodeURIComponent(b));do{if(/\\brwt\\(/.test(a.getAttribute('onmousedown')))a.removeAttribute('onmousedown')}while((a=a.parentElement))}},true)})", + "surrogate.glinks.sources": "!@^https?://[^/]+google\\..*/search", + "surrogate.googletag.replacement": "if(typeof googletag==='undefined'){googletag={slots:{},cmd:$S({__noSuchMethod__:function(){return $S(this)},push:function(f){return f()}})};}googletag.defineSlot=function(){return $S({__noSuchMethod__:function(){return $S(this)}})};let _gt=googletag;googletag=new Proxy(_gt,{get:function(s,w,e){return w in s?s[w]:function(){return $S({__noSuchMethod__:function(){return googletag;}})};}});let _renderedAds=new Proxy({},{get:function(a,b){return b in a?a[b]:{size:[729,90]};}});let _adsRenderedInfo=new Proxy({get:function(n){return _renderedAds[n];}},{get:function(x,c){return c in x?x[c]:function(){};},set:function(x,c,v){}});Object.defineProperty(googletag,'adsRenderedInfo',{configurable:true,enumerable:true,set:function(){},get:function(){return _adsRenderedInfo;}});", + "surrogate.googletag.sources": ".googletagservices.com", + "surrogate.gravatar.sources": ".gravatar.com", + "surrogate.gravatar.replacement": "Gravatar=$S({my_hash:'', profile_cb:function(){}, init:function(){}, __noSuchMethod__:function(){}})", + "surrogate.microsoftSupport.replacement": "let c=document.getElementById('contentArea');if(c)c.style.display=''", + "surrogate.microsoftSupport.sources": "!support.microsoft.com", + "surrogate.modpagespeed.replacement": "let s=document.querySelector('noscript>meta[http-equiv=refresh]+style');if(s)s.parentNode.removeChild(s)", + "surrogate.modpagespeed.sources": "!@^https?:", + "surrogate.qs.sources": "*.quantserve.com", + "surrogate.qs.replacement": "window.quantserve=function(){}", + "surrogate.uniblue.sources": "!@.uniblue.com .liutilities.com", + "surrogate.uniblue.replacement": "Array.forEach(document.links,function(l){if(/^https:\\/\\/store\\./.test(l.href)){l.setAttribute('href',l.href.replace(/.*?:/, ''));l.parentNode.replaceChild(l,l)}})", + "surrogate.yieldman.sources": "*.yieldmanager.com", + "surrogate.yieldman.replacement": "rmAddKey=rmAddCustomKey=rmShowAd=rmShowPop=rmShowInterstitial=rmGetQueryParameters=rmGetSize=rmGetWindowUrl=rmGetPubRedirect=rmGetClickUrl=rmReplace=rmTrim=rmUrlEncode=rmCanShowPop=rmCookieExists=rmWritePopFrequencyCookie=rmWritePopExpirationCookie=flashIntalledCookieExists=writeFlashInstalledCookie=flashDetection=rmGetCookie=function(){}", + "surrogate.popunder.sources": "@^http:\\/\\/[\\w\\-\\.]+\\.[a-z]+ wyciwyg:", + "surrogate.popunder.replacement": "(function(){var unloading=false;addEventListener('pagehide',function(){unloading=true;setTimeout(function(){unloading=false},100)},true);var cookie=document.__proto__.__lookupGetter__('cookie');document.__proto__.__defineGetter__('cookie',function() {if(unloading)return cookie.apply(this);var c='; popunder=yes; popundr=yes; setover18=1';return(cookie.apply(this).replace(c,'')+c).replace(/^; /, '')});var fid='_FID_'+(Date.now().toString(16));var open=window.__proto__.open;window.__proto__.open=function(url,target,features){try{if(!(/^_(?:top|parent|self)$/i.test(target)||target in frames)){var suspSrc,suspCall,ff=[],ss=new Error().stack.split('\\n').length;if(/popunde?r/i.test(target))return ko();for(var f,ev,aa=arguments;stackSize-->2&&aa.callee&&(f=aa.callee.caller)&&ff.indexOf(f)<0;ff.push(f)){aa=f.arguments;if(!aa)break;ev=aa[0];suspCall=f.name=='doPopUnder';if(!suspSrc)suspSrc=suspCall||/(?:\\bpopunde?r|\\bfocus\\b.*\\bblur|\\bblur\\b.*\\bfocus|[pP]uShown)\\b/.test(f.toSource());if(suspCall||ev&&typeof ev=='object'&&('type' in ev)&&ev.type=='click'&&ev.button===0&&(ev.currentTarget===document||('tagName' in ev.currentTarget)&&'body'==ev.currentTarget.tagName.toLowerCase())&&!(('href' in ev.target)&&ev.target.href&&(ev.target.href.indexOf(url)===0||url.indexOf(ev.target.href)===0))){if(suspSrc)return ko();}}}}catch(e){}return open.apply(null, arguments);function ko(){var fr=document.getElementById(fid)||document.body.appendChild(document.createElement('iframe'));fr.id=fid;fr.src='data:text/html,';fr.style.display='none';var w=fr.contentWindow;w.blur=function(){};return w;}}})()", + "surrogate.popunder.exceptions": ".meebo.com", + "surrogate.imdb.sources": "@*.imdb.com/video/*", + "surrogate.imdb.replacement": "addEventListener('DOMContentLoaded',function(ev){ad_utils.render_ad=function(w){w.location=w.location.href.replace(/.*\\bTRAILER=([^&]+).*/,'$1')}},true)", + "surrogate.nscookie.sources": "@*.facebook.com", + "surrogate.nscookie.replacement": "document.cookie='noscript=; domain=.facebook.com; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT;'", + "surrogate.imagebam.replacement": "(function(){if(\"over18\" in window){var _do=doOpen;doOpen=function(){};over18();doOpen=_do}else{var e=document.getElementById(Array.slice(document.getElementsByTagName(\"script\")).filter(function(s){return !!s.innerHTML})[0].innerHTML.match(/over18[\\s\\S]*?'([^']+)/)[1]);e.style.display='none'}})()", + "surrogate.imagebam.sources": "!@*.imagebam.com", + "surrogate.imagehaven.replacement": "['agreeCont','TransparentBlack'].forEach(function(id){var o=document.getElementById(id);if(o)o.style.display='none'})", + "surrogate.imagehaven.sources": "!@*.imagehaven.net", + "surrogate.imgreserve.sources": "!imgreserve.com", + "surrogate.imgreserve.replacement": "let b=document.querySelector('input[value=\"YES\"]');if(b)b.addEventListener('click',function(){document.cookie='AgeVerification=1';location.href=location},true)", + "surrogate.interstitialBox.replacement": "__defineSetter__('interstitialBox',function(){});__defineGetter__('interstitialBox',function(){return{}})", + "surrogate.interstitialBox.sources": "@*.imagevenue.com", + "surrogate.invodo.sources": ".invodo.com", + "surrogate.invodo.replacement": "Invodo=$S({__noSuchMethod__:function(){}})", + "surrogate.googleThumbs.replacement": "(function(){var ss=document.getElementsByTagName('script');var s,t,m,id,i;for(var j=ss.length;j-->0;)if(((s=ss[j])&&(t=s.firstChild&&s.firstChild.nodeValue)&&(id=t.match(/\\w+thumb\\d+/))&&(m=t.match(/['\"](data:[^'\"]+)/)))&&(i=document.getElementById(id)))i.src=m[1].replace(/\\\\(u[0-9a-f]{4}|x[0-9a-f]{2})/ig,function(a,b){return String.fromCharCode(parseInt(b.substring(1), 16))})})()", + "surrogate.googleThumbs.sources": "!^https?://www\\.google\\.[a-z]+/search", + "surrogate.amo.replacement": "addEventListener('click',function(e){if(e.button)return;var a=e.target.parentNode;var hash=a.getAttribute('data-hash');if(hash){var b=a.parentNode.parentNode;InstallTrigger.install({x:{URL:a.href,IconURL:b.getAttribute('data-icon'),Hash:hash,toString:function(){return a.href}}});e.preventDefault()}},false)", + "surrogate.amo.sources": "!https://addons.mozilla.org/", + "surrogate.ab_adsense.sources": "pagead2.googlesyndication.com", + "surrogate.ab_adsense.replacement": "gaGlobal={}", + "surrogate.ab_adscale.sources": "js.adscale.de", + "surrogate.ab_adscale.replacement": "adscale={}", + "surrogate.ab_adtiger.sources": "^http://ads\\.adtiger\\.", + "surrogate.ab_adtiger.replacement": "adspirit_pid={}", + "surrogate.ab_bidvertiser.sources": "^http://bdv\\.bidvert", + "surrogate.ab_bidvertiser.replacement": "report_error=function(){}", + "surrogate.ab_binlayer.sources": "^http://view\\.binlay(?:er)\\.", + "surrogate.ab_binlayer.replacement": "blLayer={}", + "surrogate.ab_mirago.sources": "^http://intext\\.mirago\\.", + "surrogate.ab_mirago.replacement": "HLSysBannerUrl=''", + "surrogate.ab_mirando.sources": "^http://get\\.mirando\\.", + "surrogate.ab_mirando.replacement": "Mirando={}", + "surrogate.facebook_connect.sources": "connect.facebook.net", + "surrogate.facebook_connect.replacement": "FB=(function(){var f=$S(arguments.callee);return f.__noSuchMethod__=f.Event=f.XFBML=f;})();", + "surrogate.revsci.sources": "js.revsci.net", + "surrogate.revsci.replacement": "rsinetsegs=[];DM_addEncToLoc=DM_tag=function(){};", + "surrogate.adriver.sources": "ad.adriver.ru/cgi-bin/erle.cgi", + "surrogate.adriver.replacement": "if(top!==self&&top.location.href===location.href)setTimeout('try{document.close();}catch(e){}',100)", + "surrogate.twitter.sources": "platform.twitter.com", + "surrogate.twitter.replacement": "twttr=(function(){var f=$S(arguments.callee); var ro = f.__noSuchMethod__=f.events=f.anywhere=f; ro.widgets=$S({__noSuchMethod__:function(){}}); return ro})();", + "surrogate.plusone.sources": "apis.google.com/js/plusone.js", + "surrogate.plusone.replacement": "gapi=(function(){var f=$S(arguments.callee);return f.__noSuchMethod__=f.plusone=f;})();", + "surrogate.disqus-theme.sources": ">.disqus.com/*/build/themes/t_c4ca4238a0b923820dcc509a6f75849b.js*", + "surrogate.disqus-theme.replacement": "DISQUS.dtpl.actions.register('comments.reply.new.onLoadingStart', function() { DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingStart'); DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingEnd');});", + "surrogate.skimlinks.sources": ".skimlinks.com/api/", + "surrogate.skimlinks.replacement": "window.skimlinks=function(){}", + "surrogate.picbucks.sources": "!*.picbucks.com http://www.imagebax.com/show.php/*", + "surrogate.picbucks.replacement": "Array.forEach(document.getElementsByTagName('script'), function(s){let m = s.textContent.match(/(?:Lbjs\\.TargetUrl\\s*=\\s*|Array\\s*\\().*(\\bhttp[^'\"]*)/); if (m) { location.href = m[1]; throw 'break'; }})", + "surrogate.imagebunk.sources": "!http://imagebunk.com/image/*", + "surrogate.imagebunk.replacement": "document.body.insertBefore(document.getElementById('img_obj'), document.body.firstChild)", + "surrogate.picsee.sources": "!^https?://picsee\\.net/2\\d.*\\.html", + "surrogate.picsee.replacement": "location.replace(location.href.replace(/(\\/2\\d{3}[^\\/]*)(.*)\\.html/, '/upload$1/$2'));", + "surrogate.owasp_antiClickjack.sources": "!^https?://", + "surrogate.owasp_antiClickjack.replacement": "if(window.top===window&&document.body.offsetWidth===0)['body','documentElement'].forEach(function(e){document[e].style.setProperty('display','unset','important')})", + "surrogate.gigya.replacement": "gigya=$S({__noSuchMethod__:function(){}, isGigya:true, __initialized:true});gigya.socialize=$S({__noSuchMethod__:function(){}, addEventHandlers:function(){}});gigya.accounts=$S({__noSuchMethod__:function(){}})", + "surrogate.gigya.sources": ".gigya.com", + "surrogate.stripe.replacement": "Stripe=$S({__noSuchMethod__:function(){}})", + "surrogate.stripe.sources": "js.stripe.com", + "surrogate.wp.sources": "!^.*\\/20\\d{2}\\/\\d{2}\\/\\d{2}\\/", + "surrogate.wp.replacement": "let s=document.createElement('style');s.textContent='.site{opacity: 1 !important}';document.documentElement.appendChild(s)", + "fakeScriptLoadEvents.enabled": true, + "fakeScriptLoadEvents.onlyRequireJS": true, + "fakeScriptLoadEvents.exceptions": "", + "fakeScriptLoadEvents.docExceptions": "", + "placeholderMinSize": 32, + "placeholderLongTip": true, + "placeholderCollapseOnClose": false, + "compat.evernote": true, + "compat.gnotes": true, + "forbidXSLT": true, + "oldStylePartial": false, + "proxiedDNS": 0, + "placesPrefs": false, + "ABE.enabled": true, + "ABE.siteEnabled": false, + "ABE.allowRulesetRedir": false, + "ABE.legacyPrompt": false, + "ABE.disabledRulesetNames": "", + "ABE.skipBrowserRequests": true, + "ABE.notify": true, + "ABE.notify.namedLoopback": false, + "ABE.wanIpAsLocal": true, + "ABE.wanIpCheckURL": "https://secure.informaction.com/ipecho/", + "ABE.localExtras": "", + "asyncNetworking": true, + "inclusionTypeChecking": true, + "inclusionTypeChecking.exceptions": "https://scache.vzw.com/ http://cache.vzw.com .sony-europe.com .amazonaws.com .hp-ww.com .yandex.st cdn.directvid.com/*.jsx", + "inclusionTypeChecking.checkDynamic": false, + "nosniff": true, + "recentlyBlockedCount": 10, + "showRecentlyBlocked": true, + "recentlyBlockedLevel": 0, + "frameOptions.enabled": true, + "frameOptions.parentWhitelist": "https://mail.google.com/*", + "logDNS": false, + "subscription.lastCheck": 0, + "subscription.checkInterval": 24, + "subscription.trustedURL": "", + "subscription.untrustedURL": "", + "siteInfoProvider": "https://noscript.net/about/%utf8%;%ace%", + "alwaysShowObjectSources": false, + "ef.enabled": false, + "showBlankSources": false, + "preset": "medium", + "forbidBGRefresh": 1, + "forbidBGRefresh.exceptions": ".mozilla.org", + "toStaticHTML": true, + "liveConnectInterception": true, + "audioApiInterception": true, + "doNotTrack.enabled": true, + "doNotTrack.exceptions": "", + "doNotTrack.forced": "", + "ajaxFallback.enabled": true, + "sync.enabled": false, + "ABE.rulesets.SYSTEM": "# Prevent Internet sites from requesting LAN resources.\r\nSite LOCAL\r\nAccept from LOCAL\r\nDeny", + "ABE.rulesets.USER": "# User-defined rules. Feel free to experiment here.\r\n", + "ABE.migration": 0, + "smartClickToPlay": true, + "removalWarning": true, + "middlemouse_temp_allow_main_site": true, + "webext.enabled": true +}, Legacy.migrated.prefs +); diff --git a/src/lib/Base64.js b/src/lib/Base64.js new file mode 100644 index 0000000..e83d2a5 --- /dev/null +++ b/src/lib/Base64.js @@ -0,0 +1,49 @@ + +'use strict'; +// we need this because of https://bugzilla.mozilla.org/show_bug.cgi?id=439276 + +var Base64 = { + + purify: function(input) { + return input.replace(/[^A-Za-z0-9\+\/=]+/g, ''); + }, + + alt: function(s) { + // URL base64 variant, see http://en.wikipedia.org/wiki/Base64#URL_applications + return s.replace(/-/g, '+').replace(/_/g, '/') + }, + + decode: function (input, strict) { + var output = ''; + var chr1, chr2, chr3; + var enc1, enc2, enc3, enc4; + var i = 0; + + // if (/[^A-Za-z0-9\+\/\=]/.test(input)) return ""; // we don't need this, caller checks for us + + const k = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; + while (i < input.length) { + + enc1 = k.indexOf(input.charAt(i++)); + enc2 = k.indexOf(input.charAt(i++)); + enc3 = k.indexOf(input.charAt(i++)); + enc4 = k.indexOf(input.charAt(i++)); + + chr1 = (enc1 << 2) | (enc2 >> 4); + chr2 = ((enc2 & 15) << 4) | (enc3 >> 2); + chr3 = ((enc3 & 3) << 6) | enc4; + + output += String.fromCharCode(chr1); + + if (enc3 != 64) { + output += String.fromCharCode(chr2); + } + if (enc4 != 64) { + output += String.fromCharCode(chr3); + } + + } + return output; + + } +}; diff --git a/src/lib/fastclick.js b/src/lib/fastclick.js new file mode 100644 index 0000000..86bf83e --- /dev/null +++ b/src/lib/fastclick.js @@ -0,0 +1,841 @@ +;(function () { + 'use strict'; + + /** + * @preserve FastClick: polyfill to remove click delays on browsers with touch UIs. + * + * @codingstandard ftlabs-jsv2 + * @copyright The Financial Times Limited [All Rights Reserved] + * @license MIT License (see LICENSE.txt) + */ + + /*jslint browser:true, node:true*/ + /*global define, Event, Node*/ + + + /** + * Instantiate fast-clicking listeners on the specified layer. + * + * @constructor + * @param {Element} layer The layer to listen on + * @param {Object} [options={}] The options to override the defaults + */ + function FastClick(layer, options) { + var oldOnClick; + + options = options || {}; + + /** + * Whether a click is currently being tracked. + * + * @type boolean + */ + this.trackingClick = false; + + + /** + * Timestamp for when click tracking started. + * + * @type number + */ + this.trackingClickStart = 0; + + + /** + * The element being tracked for a click. + * + * @type EventTarget + */ + this.targetElement = null; + + + /** + * X-coordinate of touch start event. + * + * @type number + */ + this.touchStartX = 0; + + + /** + * Y-coordinate of touch start event. + * + * @type number + */ + this.touchStartY = 0; + + + /** + * ID of the last touch, retrieved from Touch.identifier. + * + * @type number + */ + this.lastTouchIdentifier = 0; + + + /** + * Touchmove boundary, beyond which a click will be cancelled. + * + * @type number + */ + this.touchBoundary = options.touchBoundary || 10; + + + /** + * The FastClick layer. + * + * @type Element + */ + this.layer = layer; + + /** + * The minimum time between tap(touchstart and touchend) events + * + * @type number + */ + this.tapDelay = options.tapDelay || 200; + + /** + * The maximum time for a tap + * + * @type number + */ + this.tapTimeout = options.tapTimeout || 700; + + if (FastClick.notNeeded(layer)) { + return; + } + + // Some old versions of Android don't have Function.prototype.bind + function bind(method, context) { + return function() { return method.apply(context, arguments); }; + } + + + var methods = ['onMouse', 'onClick', 'onTouchStart', 'onTouchMove', 'onTouchEnd', 'onTouchCancel']; + var context = this; + for (var i = 0, l = methods.length; i < l; i++) { + context[methods[i]] = bind(context[methods[i]], context); + } + + // Set up event handlers as required + if (deviceIsAndroid) { + layer.addEventListener('mouseover', this.onMouse, true); + layer.addEventListener('mousedown', this.onMouse, true); + layer.addEventListener('mouseup', this.onMouse, true); + } + + layer.addEventListener('click', this.onClick, true); + layer.addEventListener('touchstart', this.onTouchStart, false); + layer.addEventListener('touchmove', this.onTouchMove, false); + layer.addEventListener('touchend', this.onTouchEnd, false); + layer.addEventListener('touchcancel', this.onTouchCancel, false); + + // Hack is required for browsers that don't support Event#stopImmediatePropagation (e.g. Android 2) + // which is how FastClick normally stops click events bubbling to callbacks registered on the FastClick + // layer when they are cancelled. + if (!Event.prototype.stopImmediatePropagation) { + layer.removeEventListener = function(type, callback, capture) { + var rmv = Node.prototype.removeEventListener; + if (type === 'click') { + rmv.call(layer, type, callback.hijacked || callback, capture); + } else { + rmv.call(layer, type, callback, capture); + } + }; + + layer.addEventListener = function(type, callback, capture) { + var adv = Node.prototype.addEventListener; + if (type === 'click') { + adv.call(layer, type, callback.hijacked || (callback.hijacked = function(event) { + if (!event.propagationStopped) { + callback(event); + } + }), capture); + } else { + adv.call(layer, type, callback, capture); + } + }; + } + + // If a handler is already declared in the element's onclick attribute, it will be fired before + // FastClick's onClick handler. Fix this by pulling out the user-defined handler function and + // adding it as listener. + if (typeof layer.onclick === 'function') { + + // Android browser on at least 3.2 requires a new reference to the function in layer.onclick + // - the old one won't work if passed to addEventListener directly. + oldOnClick = layer.onclick; + layer.addEventListener('click', function(event) { + oldOnClick(event); + }, false); + layer.onclick = null; + } + } + + /** + * Windows Phone 8.1 fakes user agent string to look like Android and iPhone. + * + * @type boolean + */ + var deviceIsWindowsPhone = navigator.userAgent.indexOf("Windows Phone") >= 0; + + /** + * Android requires exceptions. + * + * @type boolean + */ + var deviceIsAndroid = navigator.userAgent.indexOf('Android') > 0 && !deviceIsWindowsPhone; + + + /** + * iOS requires exceptions. + * + * @type boolean + */ + var deviceIsIOS = /iP(ad|hone|od)/.test(navigator.userAgent) && !deviceIsWindowsPhone; + + + /** + * iOS 4 requires an exception for select elements. + * + * @type boolean + */ + var deviceIsIOS4 = deviceIsIOS && (/OS 4_\d(_\d)?/).test(navigator.userAgent); + + + /** + * iOS 6.0-7.* requires the target element to be manually derived + * + * @type boolean + */ + var deviceIsIOSWithBadTarget = deviceIsIOS && (/OS [6-7]_\d/).test(navigator.userAgent); + + /** + * BlackBerry requires exceptions. + * + * @type boolean + */ + var deviceIsBlackBerry10 = navigator.userAgent.indexOf('BB10') > 0; + + /** + * Determine whether a given element requires a native click. + * + * @param {EventTarget|Element} target Target DOM element + * @returns {boolean} Returns true if the element needs a native click + */ + FastClick.prototype.needsClick = function(target) { + switch (target.nodeName.toLowerCase()) { + + // Don't send a synthetic click to disabled inputs (issue #62) + case 'button': + case 'select': + case 'textarea': + if (target.disabled) { + return true; + } + + break; + case 'input': + + // File inputs need real clicks on iOS 6 due to a browser bug (issue #68) + if ((deviceIsIOS && target.type === 'file') || target.disabled) { + return true; + } + + break; + case 'label': + case 'iframe': // iOS8 homescreen apps can prevent events bubbling into frames + case 'video': + return true; + } + + return (/\bneedsclick\b/).test(target.className); + }; + + + /** + * Determine whether a given element requires a call to focus to simulate click into element. + * + * @param {EventTarget|Element} target Target DOM element + * @returns {boolean} Returns true if the element requires a call to focus to simulate native click. + */ + FastClick.prototype.needsFocus = function(target) { + switch (target.nodeName.toLowerCase()) { + case 'textarea': + return true; + case 'select': + return !deviceIsAndroid; + case 'input': + switch (target.type) { + case 'button': + case 'checkbox': + case 'file': + case 'image': + case 'radio': + case 'submit': + return false; + } + + // No point in attempting to focus disabled inputs + return !target.disabled && !target.readOnly; + default: + return (/\bneedsfocus\b/).test(target.className); + } + }; + + + /** + * Send a click event to the specified element. + * + * @param {EventTarget|Element} targetElement + * @param {Event} event + */ + FastClick.prototype.sendClick = function(targetElement, event) { + var clickEvent, touch; + + // On some Android devices activeElement needs to be blurred otherwise the synthetic click will have no effect (#24) + if (document.activeElement && document.activeElement !== targetElement) { + document.activeElement.blur(); + } + + touch = event.changedTouches[0]; + + // Synthesise a click event, with an extra attribute so it can be tracked + clickEvent = document.createEvent('MouseEvents'); + clickEvent.initMouseEvent(this.determineEventType(targetElement), true, true, window, 1, touch.screenX, touch.screenY, touch.clientX, touch.clientY, false, false, false, false, 0, null); + clickEvent.forwardedTouchEvent = true; + targetElement.dispatchEvent(clickEvent); + }; + + FastClick.prototype.determineEventType = function(targetElement) { + + //Issue #159: Android Chrome Select Box does not open with a synthetic click event + if (deviceIsAndroid && targetElement.tagName.toLowerCase() === 'select') { + return 'mousedown'; + } + + return 'click'; + }; + + + /** + * @param {EventTarget|Element} targetElement + */ + FastClick.prototype.focus = function(targetElement) { + var length; + + // Issue #160: on iOS 7, some input elements (e.g. date datetime month) throw a vague TypeError on setSelectionRange. These elements don't have an integer value for the selectionStart and selectionEnd properties, but unfortunately that can't be used for detection because accessing the properties also throws a TypeError. Just check the type instead. Filed as Apple bug #15122724. + if (deviceIsIOS && targetElement.setSelectionRange && targetElement.type.indexOf('date') !== 0 && targetElement.type !== 'time' && targetElement.type !== 'month' && targetElement.type !== 'email') { + length = targetElement.value.length; + targetElement.setSelectionRange(length, length); + } else { + targetElement.focus(); + } + }; + + + /** + * Check whether the given target element is a child of a scrollable layer and if so, set a flag on it. + * + * @param {EventTarget|Element} targetElement + */ + FastClick.prototype.updateScrollParent = function(targetElement) { + var scrollParent, parentElement; + + scrollParent = targetElement.fastClickScrollParent; + + // Attempt to discover whether the target element is contained within a scrollable layer. Re-check if the + // target element was moved to another parent. + if (!scrollParent || !scrollParent.contains(targetElement)) { + parentElement = targetElement; + do { + if (parentElement.scrollHeight > parentElement.offsetHeight) { + scrollParent = parentElement; + targetElement.fastClickScrollParent = parentElement; + break; + } + + parentElement = parentElement.parentElement; + } while (parentElement); + } + + // Always update the scroll top tracker if possible. + if (scrollParent) { + scrollParent.fastClickLastScrollTop = scrollParent.scrollTop; + } + }; + + + /** + * @param {EventTarget} targetElement + * @returns {Element|EventTarget} + */ + FastClick.prototype.getTargetElementFromEventTarget = function(eventTarget) { + + // On some older browsers (notably Safari on iOS 4.1 - see issue #56) the event target may be a text node. + if (eventTarget.nodeType === Node.TEXT_NODE) { + return eventTarget.parentNode; + } + + return eventTarget; + }; + + + /** + * On touch start, record the position and scroll offset. + * + * @param {Event} event + * @returns {boolean} + */ + FastClick.prototype.onTouchStart = function(event) { + var targetElement, touch, selection; + + // Ignore multiple touches, otherwise pinch-to-zoom is prevented if both fingers are on the FastClick element (issue #111). + if (event.targetTouches.length > 1) { + return true; + } + + targetElement = this.getTargetElementFromEventTarget(event.target); + touch = event.targetTouches[0]; + + if (deviceIsIOS) { + + // Only trusted events will deselect text on iOS (issue #49) + selection = window.getSelection(); + if (selection.rangeCount && !selection.isCollapsed) { + return true; + } + + if (!deviceIsIOS4) { + + // Weird things happen on iOS when an alert or confirm dialog is opened from a click event callback (issue #23): + // when the user next taps anywhere else on the page, new touchstart and touchend events are dispatched + // with the same identifier as the touch event that previously triggered the click that triggered the alert. + // Sadly, there is an issue on iOS 4 that causes some normal touch events to have the same identifier as an + // immediately preceeding touch event (issue #52), so this fix is unavailable on that platform. + // Issue 120: touch.identifier is 0 when Chrome dev tools 'Emulate touch events' is set with an iOS device UA string, + // which causes all touch events to be ignored. As this block only applies to iOS, and iOS identifiers are always long, + // random integers, it's safe to to continue if the identifier is 0 here. + if (touch.identifier && touch.identifier === this.lastTouchIdentifier) { + event.preventDefault(); + return false; + } + + this.lastTouchIdentifier = touch.identifier; + + // If the target element is a child of a scrollable layer (using -webkit-overflow-scrolling: touch) and: + // 1) the user does a fling scroll on the scrollable layer + // 2) the user stops the fling scroll with another tap + // then the event.target of the last 'touchend' event will be the element that was under the user's finger + // when the fling scroll was started, causing FastClick to send a click event to that layer - unless a check + // is made to ensure that a parent layer was not scrolled before sending a synthetic click (issue #42). + this.updateScrollParent(targetElement); + } + } + + this.trackingClick = true; + this.trackingClickStart = event.timeStamp; + this.targetElement = targetElement; + + this.touchStartX = touch.pageX; + this.touchStartY = touch.pageY; + + // Prevent phantom clicks on fast double-tap (issue #36) + if ((event.timeStamp - this.lastClickTime) < this.tapDelay) { + event.preventDefault(); + } + + return true; + }; + + + /** + * Based on a touchmove event object, check whether the touch has moved past a boundary since it started. + * + * @param {Event} event + * @returns {boolean} + */ + FastClick.prototype.touchHasMoved = function(event) { + var touch = event.changedTouches[0], boundary = this.touchBoundary; + + if (Math.abs(touch.pageX - this.touchStartX) > boundary || Math.abs(touch.pageY - this.touchStartY) > boundary) { + return true; + } + + return false; + }; + + + /** + * Update the last position. + * + * @param {Event} event + * @returns {boolean} + */ + FastClick.prototype.onTouchMove = function(event) { + if (!this.trackingClick) { + return true; + } + + // If the touch has moved, cancel the click tracking + if (this.targetElement !== this.getTargetElementFromEventTarget(event.target) || this.touchHasMoved(event)) { + this.trackingClick = false; + this.targetElement = null; + } + + return true; + }; + + + /** + * Attempt to find the labelled control for the given label element. + * + * @param {EventTarget|HTMLLabelElement} labelElement + * @returns {Element|null} + */ + FastClick.prototype.findControl = function(labelElement) { + + // Fast path for newer browsers supporting the HTML5 control attribute + if (labelElement.control !== undefined) { + return labelElement.control; + } + + // All browsers under test that support touch events also support the HTML5 htmlFor attribute + if (labelElement.htmlFor) { + return document.getElementById(labelElement.htmlFor); + } + + // If no for attribute exists, attempt to retrieve the first labellable descendant element + // the list of which is defined here: http://www.w3.org/TR/html5/forms.html#category-label + return labelElement.querySelector('button, input:not([type=hidden]), keygen, meter, output, progress, select, textarea'); + }; + + + /** + * On touch end, determine whether to send a click event at once. + * + * @param {Event} event + * @returns {boolean} + */ + FastClick.prototype.onTouchEnd = function(event) { + var forElement, trackingClickStart, targetTagName, scrollParent, touch, targetElement = this.targetElement; + + if (!this.trackingClick) { + return true; + } + + // Prevent phantom clicks on fast double-tap (issue #36) + if ((event.timeStamp - this.lastClickTime) < this.tapDelay) { + this.cancelNextClick = true; + return true; + } + + if ((event.timeStamp - this.trackingClickStart) > this.tapTimeout) { + return true; + } + + // Reset to prevent wrong click cancel on input (issue #156). + this.cancelNextClick = false; + + this.lastClickTime = event.timeStamp; + + trackingClickStart = this.trackingClickStart; + this.trackingClick = false; + this.trackingClickStart = 0; + + // On some iOS devices, the targetElement supplied with the event is invalid if the layer + // is performing a transition or scroll, and has to be re-detected manually. Note that + // for this to function correctly, it must be called *after* the event target is checked! + // See issue #57; also filed as rdar://13048589 . + if (deviceIsIOSWithBadTarget) { + touch = event.changedTouches[0]; + + // In certain cases arguments of elementFromPoint can be negative, so prevent setting targetElement to null + targetElement = document.elementFromPoint(touch.pageX - window.pageXOffset, touch.pageY - window.pageYOffset) || targetElement; + targetElement.fastClickScrollParent = this.targetElement.fastClickScrollParent; + } + + targetTagName = targetElement.tagName.toLowerCase(); + if (targetTagName === 'label') { + forElement = this.findControl(targetElement); + if (forElement) { + this.focus(targetElement); + if (deviceIsAndroid) { + return false; + } + + targetElement = forElement; + } + } else if (this.needsFocus(targetElement)) { + + // Case 1: If the touch started a while ago (best guess is 100ms based on tests for issue #36) then focus will be triggered anyway. Return early and unset the target element reference so that the subsequent click will be allowed through. + // Case 2: Without this exception for input elements tapped when the document is contained in an iframe, then any inputted text won't be visible even though the value attribute is updated as the user types (issue #37). + if ((event.timeStamp - trackingClickStart) > 100 || (deviceIsIOS && window.top !== window && targetTagName === 'input')) { + this.targetElement = null; + return false; + } + + this.focus(targetElement); + this.sendClick(targetElement, event); + + // Select elements need the event to go through on iOS 4, otherwise the selector menu won't open. + // Also this breaks opening selects when VoiceOver is active on iOS6, iOS7 (and possibly others) + if (!deviceIsIOS || targetTagName !== 'select') { + this.targetElement = null; + event.preventDefault(); + } + + return false; + } + + if (deviceIsIOS && !deviceIsIOS4) { + + // Don't send a synthetic click event if the target element is contained within a parent layer that was scrolled + // and this tap is being used to stop the scrolling (usually initiated by a fling - issue #42). + scrollParent = targetElement.fastClickScrollParent; + if (scrollParent && scrollParent.fastClickLastScrollTop !== scrollParent.scrollTop) { + return true; + } + } + + // Prevent the actual click from going though - unless the target node is marked as requiring + // real clicks or if it is in the whitelist in which case only non-programmatic clicks are permitted. + if (!this.needsClick(targetElement)) { + event.preventDefault(); + this.sendClick(targetElement, event); + } + + return false; + }; + + + /** + * On touch cancel, stop tracking the click. + * + * @returns {void} + */ + FastClick.prototype.onTouchCancel = function() { + this.trackingClick = false; + this.targetElement = null; + }; + + + /** + * Determine mouse events which should be permitted. + * + * @param {Event} event + * @returns {boolean} + */ + FastClick.prototype.onMouse = function(event) { + + // If a target element was never set (because a touch event was never fired) allow the event + if (!this.targetElement) { + return true; + } + + if (event.forwardedTouchEvent) { + return true; + } + + // Programmatically generated events targeting a specific element should be permitted + if (!event.cancelable) { + return true; + } + + // Derive and check the target element to see whether the mouse event needs to be permitted; + // unless explicitly enabled, prevent non-touch click events from triggering actions, + // to prevent ghost/doubleclicks. + if (!this.needsClick(this.targetElement) || this.cancelNextClick) { + + // Prevent any user-added listeners declared on FastClick element from being fired. + if (event.stopImmediatePropagation) { + event.stopImmediatePropagation(); + } else { + + // Part of the hack for browsers that don't support Event#stopImmediatePropagation (e.g. Android 2) + event.propagationStopped = true; + } + + // Cancel the event + event.stopPropagation(); + event.preventDefault(); + + return false; + } + + // If the mouse event is permitted, return true for the action to go through. + return true; + }; + + + /** + * On actual clicks, determine whether this is a touch-generated click, a click action occurring + * naturally after a delay after a touch (which needs to be cancelled to avoid duplication), or + * an actual click which should be permitted. + * + * @param {Event} event + * @returns {boolean} + */ + FastClick.prototype.onClick = function(event) { + var permitted; + + // It's possible for another FastClick-like library delivered with third-party code to fire a click event before FastClick does (issue #44). In that case, set the click-tracking flag back to false and return early. This will cause onTouchEnd to return early. + if (this.trackingClick) { + this.targetElement = null; + this.trackingClick = false; + return true; + } + + // Very odd behaviour on iOS (issue #18): if a submit element is present inside a form and the user hits enter in the iOS simulator or clicks the Go button on the pop-up OS keyboard the a kind of 'fake' click event will be triggered with the submit-type input element as the target. + if (event.target.type === 'submit' && event.detail === 0) { + return true; + } + + permitted = this.onMouse(event); + + // Only unset targetElement if the click is not permitted. This will ensure that the check for !targetElement in onMouse fails and the browser's click doesn't go through. + if (!permitted) { + this.targetElement = null; + } + + // If clicks are permitted, return true for the action to go through. + return permitted; + }; + + + /** + * Remove all FastClick's event listeners. + * + * @returns {void} + */ + FastClick.prototype.destroy = function() { + var layer = this.layer; + + if (deviceIsAndroid) { + layer.removeEventListener('mouseover', this.onMouse, true); + layer.removeEventListener('mousedown', this.onMouse, true); + layer.removeEventListener('mouseup', this.onMouse, true); + } + + layer.removeEventListener('click', this.onClick, true); + layer.removeEventListener('touchstart', this.onTouchStart, false); + layer.removeEventListener('touchmove', this.onTouchMove, false); + layer.removeEventListener('touchend', this.onTouchEnd, false); + layer.removeEventListener('touchcancel', this.onTouchCancel, false); + }; + + + /** + * Check whether FastClick is needed. + * + * @param {Element} layer The layer to listen on + */ + FastClick.notNeeded = function(layer) { + var metaViewport; + var chromeVersion; + var blackberryVersion; + var firefoxVersion; + + // Devices that don't support touch don't need FastClick + if (typeof window.ontouchstart === 'undefined') { + return true; + } + + // Chrome version - zero for other browsers + chromeVersion = +(/Chrome\/([0-9]+)/.exec(navigator.userAgent) || [,0])[1]; + + if (chromeVersion) { + + if (deviceIsAndroid) { + metaViewport = document.querySelector('meta[name=viewport]'); + + if (metaViewport) { + // Chrome on Android with user-scalable="no" doesn't need FastClick (issue #89) + if (metaViewport.content.indexOf('user-scalable=no') !== -1) { + return true; + } + // Chrome 32 and above with width=device-width or less don't need FastClick + if (chromeVersion > 31 && document.documentElement.scrollWidth <= window.outerWidth) { + return true; + } + } + + // Chrome desktop doesn't need FastClick (issue #15) + } else { + return true; + } + } + + if (deviceIsBlackBerry10) { + blackberryVersion = navigator.userAgent.match(/Version\/([0-9]*)\.([0-9]*)/); + + // BlackBerry 10.3+ does not require Fastclick library. + // https://github.com/ftlabs/fastclick/issues/251 + if (blackberryVersion[1] >= 10 && blackberryVersion[2] >= 3) { + metaViewport = document.querySelector('meta[name=viewport]'); + + if (metaViewport) { + // user-scalable=no eliminates click delay. + if (metaViewport.content.indexOf('user-scalable=no') !== -1) { + return true; + } + // width=device-width (or less than device-width) eliminates click delay. + if (document.documentElement.scrollWidth <= window.outerWidth) { + return true; + } + } + } + } + + // IE10 with -ms-touch-action: none or manipulation, which disables double-tap-to-zoom (issue #97) + if (layer.style.msTouchAction === 'none' || layer.style.touchAction === 'manipulation') { + return true; + } + + // Firefox version - zero for other browsers + firefoxVersion = +(/Firefox\/([0-9]+)/.exec(navigator.userAgent) || [,0])[1]; + + if (firefoxVersion >= 27) { + // Firefox 27+ does not have tap delay if the content is not zoomable - https://bugzilla.mozilla.org/show_bug.cgi?id=922896 + + metaViewport = document.querySelector('meta[name=viewport]'); + if (metaViewport && (metaViewport.content.indexOf('user-scalable=no') !== -1 || document.documentElement.scrollWidth <= window.outerWidth)) { + return true; + } + } + + // IE11: prefixed -ms-touch-action is no longer supported and it's recomended to use non-prefixed version + // http://msdn.microsoft.com/en-us/library/windows/apps/Hh767313.aspx + if (layer.style.touchAction === 'none' || layer.style.touchAction === 'manipulation') { + return true; + } + + return false; + }; + + + /** + * Factory method for creating a FastClick object + * + * @param {Element} layer The layer to listen on + * @param {Object} [options={}] The options to override the defaults + */ + FastClick.attach = function(layer, options) { + return new FastClick(layer, options); + }; + + + if (typeof define === 'function' && typeof define.amd === 'object' && define.amd) { + + // AMD. Register as an anonymous module. + define(function() { + return FastClick; + }); + } else if (typeof module !== 'undefined' && module.exports) { + module.exports = FastClick.attach; + module.exports.FastClick = FastClick; + } else { + window.FastClick = FastClick; + } +}()); diff --git a/src/lib/fastclick.js.LICENSE.txt b/src/lib/fastclick.js.LICENSE.txt new file mode 100644 index 0000000..459a20d --- /dev/null +++ b/src/lib/fastclick.js.LICENSE.txt @@ -0,0 +1,22 @@ +Copyright (c) 2014 The Financial Times Ltd. + +Permission is hereby granted, free of charge, to any person +obtaining a copy of this software and associated documentation +files (the "Software"), to deal in the Software without +restriction, including without limitation the rights to use, +copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES +OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT +HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, +WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. diff --git a/src/lib/flextabs.LICENSE.txt b/src/lib/flextabs.LICENSE.txt new file mode 100644 index 0000000..ab5afe4 --- /dev/null +++ b/src/lib/flextabs.LICENSE.txt @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 mdmoreau + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/src/lib/flextabs.css b/src/lib/flextabs.css new file mode 100644 index 0000000..6227da3 --- /dev/null +++ b/src/lib/flextabs.css @@ -0,0 +1,17 @@ +.flextabs { + display: flex; + flex-wrap: wrap; +} + +.flextabs__tab { + width: 100%; +} + +.flextabs__content { + display: none; + width: 100%; +} + +.flextabs__content--active { + display: block; +} diff --git a/src/lib/flextabs.js b/src/lib/flextabs.js new file mode 100644 index 0000000..12842c5 --- /dev/null +++ b/src/lib/flextabs.js @@ -0,0 +1,68 @@ +(function(root, factory) { + if (typeof define === 'function' && define.amd) { + define([], factory); + } else if (typeof module === 'object' && module.exports) { + module.exports = factory(); + } else { + root.flextabs = factory(); + } +}(this, function() { + + var flextabs = function(target) { + + var _ = {}; + + _.flextabs = target; + + _.toggle = _.flextabs.querySelectorAll('.flextabs__toggle'); + + _.content = _.flextabs.querySelectorAll('.flextabs__content'); + + _.reset = function() { + for (var i = 0; i < _.toggle.length; i += 1) { + _.toggle[i].classList.remove('flextabs__toggle--active--last'); + _.content[i].classList.remove('flextabs__content--active--last'); + } + }; + + _.activate = function() { + var i = Array.prototype.indexOf.call(_.toggle, this); + _.toggle[i].classList.toggle('flextabs__toggle--active'); + _.toggle[i].classList.add('flextabs__toggle--active--last'); + _.content[i].classList.toggle('flextabs__content--active'); + _.content[i].classList.add('flextabs__content--active--last'); + }; + + _.aria = function() { + for (var i = 0; i < _.toggle.length; i += 1) { + var style = getComputedStyle(_.content[i]); + if (style.getPropertyValue('display') !== 'none') { + _.toggle[i].setAttribute('aria-expanded', true); + } else { + _.toggle[i].setAttribute('aria-expanded', false); + } + } + }; + + _.click = function(e) { + e.preventDefault(); + _.reset(); + _.activate.call(this); + _.aria(); + }; + + _.init = function() { + for (var i = 0; i < _.toggle.length; i += 1) { + window.addEventListener('load', _.aria); + window.addEventListener('resize', _.aria); + _.toggle[i].addEventListener('click', _.click); + } + }; + + return _; + + }; + + return flextabs; + +})); diff --git a/src/lib/include.js b/src/lib/include.js new file mode 100644 index 0000000..896c6d5 --- /dev/null +++ b/src/lib/include.js @@ -0,0 +1,35 @@ +var include = (() => +{ + let _inclusions = new Map(); + + function scriptLoader(src) { + let script = document.createElement("script"); + script.src = src; + return script; + } + + function styleLoader(src) { + let style = document.createElement("link"); + style.rel = "stylesheet"; + style.type = "text/css"; + style.href = src; + return style; + } + + return async function include(src) { + if (_inclusions.has(src)) return await _inclusions.get(src); + if (Array.isArray(src)) { + return await Promise.all(src.map(s => include(s))); + } + debug("Including", src); + + let loading = new Promise((resolve, reject) => { + let inc = src.endsWith(".css") ? styleLoader(src) : scriptLoader(src); + inc.onload = () => resolve(inc); + inc.onerror = () => reject(new Error(`Failed to load ${src}`)); + document.head.appendChild(inc); + }); + _inclusions.set(src, loading); + return await (loading); + } +})(); diff --git a/src/lib/log.js b/src/lib/log.js new file mode 100644 index 0000000..fe38b87 --- /dev/null +++ b/src/lib/log.js @@ -0,0 +1,14 @@ + +{ + let PREFIX = `[${browser.runtime.getManifest().name}]`; + + function log(msg, ...rest) { + console.log(`${PREFIX} ${msg}`, ...rest); + } + function debug(msg, ...rest) { + console.debug(`${PREFIX} ${msg}`, ...rest); + } + function error(e, msg, ...rest) { + console.error(`${PREFIX} ${msg}`, e, e.message, e.stack); + } +} diff --git a/src/lib/persistent-tabs.js b/src/lib/persistent-tabs.js new file mode 100644 index 0000000..8f7f711 --- /dev/null +++ b/src/lib/persistent-tabs.js @@ -0,0 +1,21 @@ +if (typeof flextabs === "function") { + + for (let tabs of document.querySelectorAll(".flextabs")) { + flextabs(tabs).init(); + let {id} = tabs; + if (!id) continue; + let rx = new RegExp(`(?:^|[#;])tab-${id}=(\\d+)(?:;|$)`); + let current = location.hash.match(rx); + console.log(`persisted %o`, current); + let toggles = tabs.querySelectorAll(".flextabs__toggle"); + let currentToggle = toggles[current && parseInt(current[1]) || 0]; + if (currentToggle) currentToggle.click(); + for (let toggle of toggles) { + toggle.addEventListener("click", e => { + let currentIdx = Array.indexOf(toggles, toggle); + location.hash = location.hash.split(";").filter(p => !rx.test(p)) + .concat(`tab-${id}=${currentIdx}`).join(";"); + }); + } + } +} diff --git a/src/lib/punycode.js b/src/lib/punycode.js new file mode 100644 index 0000000..2c87f6c --- /dev/null +++ b/src/lib/punycode.js @@ -0,0 +1,533 @@ +/*! https://mths.be/punycode v1.4.1 by @mathias */ +;(function(root) { + + /** Detect free variables */ + var freeExports = typeof exports == 'object' && exports && + !exports.nodeType && exports; + var freeModule = typeof module == 'object' && module && + !module.nodeType && module; + var freeGlobal = typeof global == 'object' && global; + if ( + freeGlobal.global === freeGlobal || + freeGlobal.window === freeGlobal || + freeGlobal.self === freeGlobal + ) { + root = freeGlobal; + } + + /** + * The `punycode` object. + * @name punycode + * @type Object + */ + var punycode, + + /** Highest positive signed 32-bit float value */ + maxInt = 2147483647, // aka. 0x7FFFFFFF or 2^31-1 + + /** Bootstring parameters */ + base = 36, + tMin = 1, + tMax = 26, + skew = 38, + damp = 700, + initialBias = 72, + initialN = 128, // 0x80 + delimiter = '-', // '\x2D' + + /** Regular expressions */ + regexPunycode = /^xn--/, + regexNonASCII = /[^\x20-\x7E]/, // unprintable ASCII chars + non-ASCII chars + regexSeparators = /[\x2E\u3002\uFF0E\uFF61]/g, // RFC 3490 separators + + /** Error messages */ + errors = { + 'overflow': 'Overflow: input needs wider integers to process', + 'not-basic': 'Illegal input >= 0x80 (not a basic code point)', + 'invalid-input': 'Invalid input' + }, + + /** Convenience shortcuts */ + baseMinusTMin = base - tMin, + floor = Math.floor, + stringFromCharCode = String.fromCharCode, + + /** Temporary variable */ + key; + + /*--------------------------------------------------------------------------*/ + + /** + * A generic error utility function. + * @private + * @param {String} type The error type. + * @returns {Error} Throws a `RangeError` with the applicable error message. + */ + function error(type) { + throw new RangeError(errors[type]); + } + + /** + * A generic `Array#map` utility function. + * @private + * @param {Array} array The array to iterate over. + * @param {Function} callback The function that gets called for every array + * item. + * @returns {Array} A new array of values returned by the callback function. + */ + function map(array, fn) { + var length = array.length; + var result = []; + while (length--) { + result[length] = fn(array[length]); + } + return result; + } + + /** + * A simple `Array#map`-like wrapper to work with domain name strings or email + * addresses. + * @private + * @param {String} domain The domain name or email address. + * @param {Function} callback The function that gets called for every + * character. + * @returns {Array} A new string of characters returned by the callback + * function. + */ + function mapDomain(string, fn) { + var parts = string.split('@'); + var result = ''; + if (parts.length > 1) { + // In email addresses, only the domain name should be punycoded. Leave + // the local part (i.e. everything up to `@`) intact. + result = parts[0] + '@'; + string = parts[1]; + } + // Avoid `split(regex)` for IE8 compatibility. See #17. + string = string.replace(regexSeparators, '\x2E'); + var labels = string.split('.'); + var encoded = map(labels, fn).join('.'); + return result + encoded; + } + + /** + * Creates an array containing the numeric code points of each Unicode + * character in the string. While JavaScript uses UCS-2 internally, + * this function will convert a pair of surrogate halves (each of which + * UCS-2 exposes as separate characters) into a single code point, + * matching UTF-16. + * @see `punycode.ucs2.encode` + * @see <https://mathiasbynens.be/notes/javascript-encoding> + * @memberOf punycode.ucs2 + * @name decode + * @param {String} string The Unicode input string (UCS-2). + * @returns {Array} The new array of code points. + */ + function ucs2decode(string) { + var output = [], + counter = 0, + length = string.length, + value, + extra; + while (counter < length) { + value = string.charCodeAt(counter++); + if (value >= 0xD800 && value <= 0xDBFF && counter < length) { + // high surrogate, and there is a next character + extra = string.charCodeAt(counter++); + if ((extra & 0xFC00) == 0xDC00) { // low surrogate + output.push(((value & 0x3FF) << 10) + (extra & 0x3FF) + 0x10000); + } else { + // unmatched surrogate; only append this code unit, in case the next + // code unit is the high surrogate of a surrogate pair + output.push(value); + counter--; + } + } else { + output.push(value); + } + } + return output; + } + + /** + * Creates a string based on an array of numeric code points. + * @see `punycode.ucs2.decode` + * @memberOf punycode.ucs2 + * @name encode + * @param {Array} codePoints The array of numeric code points. + * @returns {String} The new Unicode string (UCS-2). + */ + function ucs2encode(array) { + return map(array, function(value) { + var output = ''; + if (value > 0xFFFF) { + value -= 0x10000; + output += stringFromCharCode(value >>> 10 & 0x3FF | 0xD800); + value = 0xDC00 | value & 0x3FF; + } + output += stringFromCharCode(value); + return output; + }).join(''); + } + + /** + * Converts a basic code point into a digit/integer. + * @see `digitToBasic()` + * @private + * @param {Number} codePoint The basic numeric code point value. + * @returns {Number} The numeric value of a basic code point (for use in + * representing integers) in the range `0` to `base - 1`, or `base` if + * the code point does not represent a value. + */ + function basicToDigit(codePoint) { + if (codePoint - 48 < 10) { + return codePoint - 22; + } + if (codePoint - 65 < 26) { + return codePoint - 65; + } + if (codePoint - 97 < 26) { + return codePoint - 97; + } + return base; + } + + /** + * Converts a digit/integer into a basic code point. + * @see `basicToDigit()` + * @private + * @param {Number} digit The numeric value of a basic code point. + * @returns {Number} The basic code point whose value (when used for + * representing integers) is `digit`, which needs to be in the range + * `0` to `base - 1`. If `flag` is non-zero, the uppercase form is + * used; else, the lowercase form is used. The behavior is undefined + * if `flag` is non-zero and `digit` has no uppercase form. + */ + function digitToBasic(digit, flag) { + // 0..25 map to ASCII a..z or A..Z + // 26..35 map to ASCII 0..9 + return digit + 22 + 75 * (digit < 26) - ((flag != 0) << 5); + } + + /** + * Bias adaptation function as per section 3.4 of RFC 3492. + * https://tools.ietf.org/html/rfc3492#section-3.4 + * @private + */ + function adapt(delta, numPoints, firstTime) { + var k = 0; + delta = firstTime ? floor(delta / damp) : delta >> 1; + delta += floor(delta / numPoints); + for (/* no initialization */; delta > baseMinusTMin * tMax >> 1; k += base) { + delta = floor(delta / baseMinusTMin); + } + return floor(k + (baseMinusTMin + 1) * delta / (delta + skew)); + } + + /** + * Converts a Punycode string of ASCII-only symbols to a string of Unicode + * symbols. + * @memberOf punycode + * @param {String} input The Punycode string of ASCII-only symbols. + * @returns {String} The resulting string of Unicode symbols. + */ + function decode(input) { + // Don't use UCS-2 + var output = [], + inputLength = input.length, + out, + i = 0, + n = initialN, + bias = initialBias, + basic, + j, + index, + oldi, + w, + k, + digit, + t, + /** Cached calculation results */ + baseMinusT; + + // Handle the basic code points: let `basic` be the number of input code + // points before the last delimiter, or `0` if there is none, then copy + // the first basic code points to the output. + + basic = input.lastIndexOf(delimiter); + if (basic < 0) { + basic = 0; + } + + for (j = 0; j < basic; ++j) { + // if it's not a basic code point + if (input.charCodeAt(j) >= 0x80) { + error('not-basic'); + } + output.push(input.charCodeAt(j)); + } + + // Main decoding loop: start just after the last delimiter if any basic code + // points were copied; start at the beginning otherwise. + + for (index = basic > 0 ? basic + 1 : 0; index < inputLength; /* no final expression */) { + + // `index` is the index of the next character to be consumed. + // Decode a generalized variable-length integer into `delta`, + // which gets added to `i`. The overflow checking is easier + // if we increase `i` as we go, then subtract off its starting + // value at the end to obtain `delta`. + for (oldi = i, w = 1, k = base; /* no condition */; k += base) { + + if (index >= inputLength) { + error('invalid-input'); + } + + digit = basicToDigit(input.charCodeAt(index++)); + + if (digit >= base || digit > floor((maxInt - i) / w)) { + error('overflow'); + } + + i += digit * w; + t = k <= bias ? tMin : (k >= bias + tMax ? tMax : k - bias); + + if (digit < t) { + break; + } + + baseMinusT = base - t; + if (w > floor(maxInt / baseMinusT)) { + error('overflow'); + } + + w *= baseMinusT; + + } + + out = output.length + 1; + bias = adapt(i - oldi, out, oldi == 0); + + // `i` was supposed to wrap around from `out` to `0`, + // incrementing `n` each time, so we'll fix that now: + if (floor(i / out) > maxInt - n) { + error('overflow'); + } + + n += floor(i / out); + i %= out; + + // Insert `n` at position `i` of the output + output.splice(i++, 0, n); + + } + + return ucs2encode(output); + } + + /** + * Converts a string of Unicode symbols (e.g. a domain name label) to a + * Punycode string of ASCII-only symbols. + * @memberOf punycode + * @param {String} input The string of Unicode symbols. + * @returns {String} The resulting Punycode string of ASCII-only symbols. + */ + function encode(input) { + var n, + delta, + handledCPCount, + basicLength, + bias, + j, + m, + q, + k, + t, + currentValue, + output = [], + /** `inputLength` will hold the number of code points in `input`. */ + inputLength, + /** Cached calculation results */ + handledCPCountPlusOne, + baseMinusT, + qMinusT; + + // Convert the input in UCS-2 to Unicode + input = ucs2decode(input); + + // Cache the length + inputLength = input.length; + + // Initialize the state + n = initialN; + delta = 0; + bias = initialBias; + + // Handle the basic code points + for (j = 0; j < inputLength; ++j) { + currentValue = input[j]; + if (currentValue < 0x80) { + output.push(stringFromCharCode(currentValue)); + } + } + + handledCPCount = basicLength = output.length; + + // `handledCPCount` is the number of code points that have been handled; + // `basicLength` is the number of basic code points. + + // Finish the basic string - if it is not empty - with a delimiter + if (basicLength) { + output.push(delimiter); + } + + // Main encoding loop: + while (handledCPCount < inputLength) { + + // All non-basic code points < n have been handled already. Find the next + // larger one: + for (m = maxInt, j = 0; j < inputLength; ++j) { + currentValue = input[j]; + if (currentValue >= n && currentValue < m) { + m = currentValue; + } + } + + // Increase `delta` enough to advance the decoder's <n,i> state to <m,0>, + // but guard against overflow + handledCPCountPlusOne = handledCPCount + 1; + if (m - n > floor((maxInt - delta) / handledCPCountPlusOne)) { + error('overflow'); + } + + delta += (m - n) * handledCPCountPlusOne; + n = m; + + for (j = 0; j < inputLength; ++j) { + currentValue = input[j]; + + if (currentValue < n && ++delta > maxInt) { + error('overflow'); + } + + if (currentValue == n) { + // Represent delta as a generalized variable-length integer + for (q = delta, k = base; /* no condition */; k += base) { + t = k <= bias ? tMin : (k >= bias + tMax ? tMax : k - bias); + if (q < t) { + break; + } + qMinusT = q - t; + baseMinusT = base - t; + output.push( + stringFromCharCode(digitToBasic(t + qMinusT % baseMinusT, 0)) + ); + q = floor(qMinusT / baseMinusT); + } + + output.push(stringFromCharCode(digitToBasic(q, 0))); + bias = adapt(delta, handledCPCountPlusOne, handledCPCount == basicLength); + delta = 0; + ++handledCPCount; + } + } + + ++delta; + ++n; + + } + return output.join(''); + } + + /** + * Converts a Punycode string representing a domain name or an email address + * to Unicode. Only the Punycoded parts of the input will be converted, i.e. + * it doesn't matter if you call it on a string that has already been + * converted to Unicode. + * @memberOf punycode + * @param {String} input The Punycoded domain name or email address to + * convert to Unicode. + * @returns {String} The Unicode representation of the given Punycode + * string. + */ + function toUnicode(input) { + return mapDomain(input, function(string) { + return regexPunycode.test(string) + ? decode(string.slice(4).toLowerCase()) + : string; + }); + } + + /** + * Converts a Unicode string representing a domain name or an email address to + * Punycode. Only the non-ASCII parts of the domain name will be converted, + * i.e. it doesn't matter if you call it with a domain that's already in + * ASCII. + * @memberOf punycode + * @param {String} input The domain name or email address to convert, as a + * Unicode string. + * @returns {String} The Punycode representation of the given domain name or + * email address. + */ + function toASCII(input) { + return mapDomain(input, function(string) { + return regexNonASCII.test(string) + ? 'xn--' + encode(string) + : string; + }); + } + + /*--------------------------------------------------------------------------*/ + + /** Define the public API */ + punycode = { + /** + * A string representing the current Punycode.js version number. + * @memberOf punycode + * @type String + */ + 'version': '1.4.1', + /** + * An object of methods to convert from JavaScript's internal character + * representation (UCS-2) to Unicode code points, and back. + * @see <https://mathiasbynens.be/notes/javascript-encoding> + * @memberOf punycode + * @type Object + */ + 'ucs2': { + 'decode': ucs2decode, + 'encode': ucs2encode + }, + 'decode': decode, + 'encode': encode, + 'toASCII': toASCII, + 'toUnicode': toUnicode + }; + + /** Expose `punycode` */ + // Some AMD build optimizers, like r.js, check for specific condition patterns + // like the following: + if ( + typeof define == 'function' && + typeof define.amd == 'object' && + define.amd + ) { + define('punycode', function() { + return punycode; + }); + } else if (freeExports && freeModule) { + if (module.exports == freeExports) { + // in Node.js, io.js, or RingoJS v0.8.0+ + freeModule.exports = punycode; + } else { + // in Narwhal or RingoJS v0.7.0- + for (key in punycode) { + punycode.hasOwnProperty(key) && (freeExports[key] = punycode[key]); + } + } + } else { + // in Rhino or a web browser + root.punycode = punycode; + } + +}(this)); diff --git a/src/lib/punycode.js.LICENSE.txt b/src/lib/punycode.js.LICENSE.txt new file mode 100644 index 0000000..a41e0a7 --- /dev/null +++ b/src/lib/punycode.js.LICENSE.txt @@ -0,0 +1,20 @@ +Copyright Mathias Bynens <https://mathiasbynens.be/> + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/src/lib/tld.js b/src/lib/tld.js new file mode 100644 index 0000000..b127b2e --- /dev/null +++ b/src/lib/tld.js @@ -0,0 +1,46 @@ +var tld = { + normalize(d) { return d; }, + + isIp(d) { return this._ipRx.test(d); }, + + getDomain(domain) { + if (domain === "localhost" || this.isIp(domain)) return domain; + + domain = this.normalize(domain); + var pos = domain.search(this._tldEx); + if(pos === -1 ) { + pos = domain.search(this._tldRx); + if (pos === -1) { + // TLD not in the public suffix list, fall back to the "one-dot rule" + pos = domain.lastIndexOf("."); + if (pos === -1) { + return ""; + } + } + pos = domain.lastIndexOf(".", pos - 1) + 1; + } else if(domain[pos] == ".") { + ++pos; + } + return pos <= 0 ? domain : domain.substring(pos); + }, + + getPublicSuffix(domain) { + if (this.isIp(domain)) return ""; + + domain = this.normalize(domain); + var pos = domain.search(this._tldEx); + if(pos < 0) { + pos = domain.search(this._tldRx); + if(pos >= 0 && domain[pos] == ".") pos++; + } else { + pos = domain.indexOf(".", pos + 1) + 1; + } + return pos < 0 ? "" : domain.substring(pos); + }, + + _ipRx: /^(?:0\.|[1-9]\d{0,2}\.){3}(?:0|[1-9]\d{0,2})$|:.*:/i, + + _tldRx: /(?:\.|^)(?:s(?:h(?:i(?:(?:m(?:o(?:(?:go\.fukushim|fusa\.chib|ji\.okinaw|ichi\.nar)a|k(?:awa\.hokkaido|itayama\.nara)|n(?:oseki\.yamaguchi|ita\.gunma)|tsu(?:ke\.tochig|ma\.ibarak)i|da(?:te\.ibaraki|\.shizuoka)|suwa\.nagano)|a(?:m(?:aki\.hokkaido|oto\.osaka)|(?:(?:ne\.shima)?n|\.mi)e|bara\.nagasaki|da\.shizuoka)|izu\.(?:hokkaido|shizuoka))|n(?:(?:a(?:nomachi\.nagan|gawa\.toky)|onsen\.hyog)o|g(?:u\.(?:(?:wakayam|fukuok)a|hyogo)|o\.aomori)|j(?:o\.(?:yamagat|okayam|nar)a|uku\.tokyo)|to(?:ku\.hokkaido|mi\.miyazaki|\.gunma)|(?:yoshitomi\.fukuok|ichi\.hiroshim)a|shi(?:notsu\.hokkaido|ro\.aichi)|kamigoto\.nagasaki)|r(?:a(?:k(?:awa\.(?:fukushima|gifu)|o\.chiba)|(?:hama\.wakayam|taka\.yamagat)a|o(?:i\.hokkaido|ka\.saitama)|nuka\.hokkaido)|o(?:i(?:shi\.(?:miyagi|saga)|\.chiba)|sato\.ibaraki)|iuchi\.hokkaido)|b(?:u(?:kawa\.gunma|ya\.tokyo)|ata\.(?:niigata|miyagi)|e(?:cha|tsu)\.hokkaido)|(?:chi(?:kashuku\.miyag|nohe\.aomor)|iba\.miyazak|tara\.aich)i|o(?:(?:gama\.miya|ya\.tochi)gi|jiri\.nagano)|s(?:(?:hikui\.tokushim|ui\.chib)a|o\.hyogo)|zu(?:(?:oka\.shizu)?oka|kuishi\.iwate)|(?:jonawate\.osak|g)a|wa\.iwate)\.jp|k(?:(?:a(?:(?:ma\.miyag|tsu\.aich)i|(?:be|oi)\.hokkaido|\.ishikawa)|okuchuo\.ehime|i\.saitama)\.jp|sha)|ftedit\.io|a)|o(?:(?:(?:bara\.hiroshi|o\.okaya)m|nai\.(?:yamagat|fukuok))a\.jp|w(?:a\.(?:(?:fukushi|gun)ma|yamanashi)\.jp|\.aero|time)?|p(?:\.(?:h[tu]|pl|ro)|ping)?|uji|es)|a(?:(?:r(?:i\.hokkaido\.j)?|kotan\.hokkaido\.j)p|cknet\.nu|ngrila|w)|e(?:ll(?:\.museum)?|rbrooke\.museum)|unan\.yamaguchi\.jp|riram|\.cn)?|a(?:n(?:d(?:(?:(?:e(?:\.(?:m[oø]re-og-romsdal|vestfold)|fjord)|nes(?:sj[oø]en)?|[oø]y)\.n|cats\.i)o|vik(?:coromant)?|a\.hyogo\.jp|iego\.museum)|(?:(?:agochi\.tokushim|jo\.niigat|uki\.kagaw|go\.nar)a|n(?:ohe\.aomori|an\.hyogo))\.jp|t(?:a(?:(?:barbara|cruz|fe)\.museum|maria\.br)|oandre\.br)|o(?:\.tochigi\.jp|k\.pl|fi)|francisco\.museum)|k(?:(?:a(?:i(?:\.(?:(?:ibarak|fuku)i|osaka)|minato\.tottori)|(?:(?:\.hiroshi|do\.saita)m|ta\.yamagat)a|e\.(?:nagano|chiba)|hogi\.gifu|ki\.nagano|wa\.kochi)|egawa\.yamagata|yo\.kyoto)\.jp|u(?:ra(?:(?:\.(?:tochigi|chiba)|gawa\.ibaraki|i\.nara)\.jp)?|(?:ho)?\.nagano\.jp))|(?:ga(?:(?:mihara\.kanagaw|e\.yamagat)a|(?:\.saga)?)|y(?:ama\.(?:saitam|osak)a|o\.hyogo)|do\.niigata|bae\.fukui)\.jp|i(?:(?:t(?:(?:ama\.sait)?ama|o\.miyazaki)|k(?:ai\.nagasaki|i\.oita)|gawa\.fukuoka|jo\.ehime)\.jp|ntlouis\.museum)|l(?:(?:(?:a(?:ngen|t)|tdal)\.n|ud\.b)o|vador(?:dali\.museum|\.br)|e(?:m\.museum|rno\.it)?|zburg\.museum|on)|s(?:(?:a(?:guri\.fukuoka|yama\.hyogo)|ebo\.nagasaki)\.jp|katchewan\.museum|sari\.it)?|m(?:(?:egawa\.fukushim|ukawa\.kanagaw)a\.jp|s(?:club|ung)|nanger\.no|pa\.br)|r(?:(?:ufutsu|oma)\.hokkaido\.jp|(?:d(?:egn|ini)a)?\.it|psborg\.no|l)|t(?:(?:(?:osho\.okay|te\.sait)a|sumasendai\.kagoshi)ma\.jp|x\.museum)|v(?:e(?:s-the-whales\.com)?|annahga\.museum|ona\.it)|\.(?:gov\.(?:au|pl)|(?:edu\.)?au|c(?:om|r)|it)|o(?:(?:bernardo|gonca)\.br|tome\.st)|-east-1\.elasticbeanstalk\.com|(?:u(?:herad|da)\.n|x)o|fe(?:ty(?:\.aero)?)?|arland|po?)?|e(?:[sw]|r(?:v(?:e(?:(?:(?:(?:counterstri|qua)k|exchang)e|h(?:alflife|umour|ttp)|p(?:ics|2p)|sarcasm|irc)\.com|b(?:bs\.(?:com|net|org)|eer\.com|log\.net)|m(?:inecraft\.net|p3\.com)|ftp\.(?:com|net|org)|game\.(?:com|org))|ice(?:s(?:\.aero)?|\.gov\.uk))|a(?:nishi)?\.hiroshima\.jp)|(?:i(?:rou?\.niigata|hi\.nagasaki|ka\.kyoto|yo\.ehime)|ki(?:(?:gahara)?\.gifu|kawa\.niigata)|m(?:boku\.akita|ine\.miyagi))\.jp|l(?:ls(?:-(?:for-(?:less|u)\.com|it\.net)|yourhome\.org)|fip\.(?:info|biz|com|net|org)|(?:j(?:ord|e)|bu)?\.no|ect)|t(?:(?:o(?:uchi\.okayama|\.aichi)|agaya\.tokyo)\.jp|t(?:le(?:ment|rs)\.museum|su\.osaka\.jp))|c(?:ur(?:ity(?:tactics\.com)?|e)|\.ps)|\.(?:(?:gov|leg)\.br|eu\.org|net)|a(?:port\.museum|rch|t)|n(?:nan\.osaka\.jp|er)|v(?:astopol\.ua|en)|x(?:\.(?:hu|pl)|y)?|bastopol\.ua|jny\.pl|oul\.kr|ek)?|t(?:a(?:t(?:e(?:(?:(?:ofdelaware)?\.museu|far)m|bank)|i(?:c(?:-access\.net|\.land)|on\.museum)|(?:helle)?\.no|oil)|r(?:(?:ostwo\.gov|achowice|gard)\.pl|nberg\.museum|hub)?|(?:(?:v(?:anger|ern)|nge)\.n|ge\.nodeart\.i)o|l(?:bans\.museum|owa-wola\.pl)|d(?:t\.museum|a)|ckspace\.space|ples)|o(?:r(?:(?:d(?:al)?|-elvdal|fjord)\.no|e(?:\.(?:bb|dk|nf|ro|st|ve))?|j\.farm|age)|ckhol(?:m\.museu)?m|kke\.no)|u(?:ff(?:-4-sale\.(?:org|us)|toread\.com)|d(?:(?:ent\.aer|i)o|y)|ttgart\.museum)|j(?:o(?:rdal(?:shalsen)?\.no|hn\.museum)|ørdal(?:shalsen)?\.no)|e(?:i(?:(?:nkjer|gen)\.no|ermark\.museum)|am\.museum)|r(?:(?:anda?|yn)\.no|eam)|petersburg\.museum|c(?:group)?|\.no|yle)?|3(?:-(?:website(?:-(?:ap-(?:southeast-[12]|northeast-1)|us-(?:west-[12]|east-1)|(?:eu-we|sa-ea)st-1)|\.(?:ap-(?:northeast-2|south-1)|eu-(?:central-1|west-[23])|ca-central-1|us-east-2))|(?:(?:fips-us-gov-we|sa-ea)st|ca-central)-1|ap-(?:south(?:east-[12]|-1)|northeast-[12])|e(?:u-(?:west-[123]|central-1)|xternal-1)|us-(?:gov-west-1|west-[12]|east-2))\.amazonaws\.com|\.(?:(?:(?:dualstack\.(?:ap-(?:south(?:east-[12]|-1)|northeast-[12])|eu-(?:west-[123]|central-1)|(?:ca-central|sa-east)-1|us-east-[12])|eu-(?:central-1|west-[23])|us-east-2)\.|(?:ap-(?:northeast-2|south-1)\.)?)amazonaws\.com|c(?:n-north-1\.amazonaws\.com\.cn|a-central-1\.amazonaws\.com)))|o(?:(?:(?:(?:o\.kagoshi|ja\.okaya)m|degaura\.chib|eda\.fukuok)a|betsu\.hokkaido|wa\.ibaraki)\.jp|r(?:(?:-(?:(?:aur|o)dal|varanger|fron)|(?:tlan|fol)d|reisa|um)\.no|ocaba\.br)|u(?:nd(?:andvision\.museum|cast\.me)|th(?:carolina|west)\.museum)|n(?:dr(?:e-land\.no|io\.it)|g(?:dalen\.no)?|i\.nara\.jp|y)|l(?:u(?:nd\.no|tions)|ogne\.museum|a(?:\.no|r))|c(?:i(?:ety\.museum|al)|hi\.su|\.lk|cer)|s(?:(?:nowiec)?\.pl|a\.chiba\.jp)|k(?:a\.saitama\.jp|ndal\.no)|m(?:a\.fukushima\.jp|na\.no)|ft(?:ware(?:\.aero)?|bank)|\.(?:gov\.pl|it)|gn(?:dal|e)\.no|pot\.pl|hu|y)?|u(?:(?:k(?:agawa\.fukushima|umo\.kochi)|gi(?:nami\.tokyo|to\.saitama)|s(?:ono\.shizuoka|aki\.kochi))\.jp|m(?:(?:i(?:da\.tokyo|ta\.iwate)|oto\.(?:kumamot|hyog)o)\.jp|y\.ua)|z(?:u(?:k(?:a\.mie\.jp|i)|\.ishikawa\.jp)|aka\.nagano\.jp)|r(?:ge(?:onshall\.museum|ry)|rey\.museum|nadal\.no|f)|i(?:(?:fu\.ibaraki|ta\.osaka)\.jp|sse\.museum)|n(?:agawa\.hokkaido\.jp|(?:ndal|d)\.no)|e(?:\.fukuoka\.jp|dtirol\.it)|wa(?:\.nagano\.jp|lki\.pl)|l(?:(?:dal|a)\.no|i\.hu)|pp(?:l(?:ies|y)|ort)|̈dtirol\.it|cks)?|c(?:[ab]|h(?:o(?:ko(?:laden\.museum|keks\.net)|ol(?:\.(?:museum|n[az]|za))?|enbrunn\.museum|larships)|\.(?:[qs]a|i[dr]|l[ky]|ae|jo|ng|zm)|w(?:eiz\.museum|arz)|lesisches\.museum|aeffler|midt|ule)|i(?:en(?:ce(?:(?:(?:and(?:indust|histo)|histo)ry|(?:snaturelle)?s|-fiction|centers?)?\.museum)?|tist\.aero)|\.eg)|r(?:app(?:er-site\.net|ing\.cc)|ysec\.com)|\.(?:(?:gov|leg)\.br|k[er]|u[gs]|cn|tz)|o(?:t(?:land\.museum)?|r)|johnson)?|k(?:(?:a(?:n(?:land|it)|un)|j(?:erv[oø]y|[aå]k)|edsmo(?:korset)?|ånland|ánit)\.no|i(?:(?:e(?:rv[aá]|n)|ptvet)\.no|\.(?:museum|no)|n)?|o(?:(?:\.gov|czow)\.pl|le\.museum|dje\.no)|y(?:diving\.aero|pe)?|\.(?:eu\.org|ca)|lep\.pl)?|i(?:(?:benik\.museu|mple-url\.co)m|l(?:k(?:\.museum)?|jan\.no)|n(?:a(?:app\.com)?|gles)|r(?:acusa\.it|dal\.no)|te(?:s\.static\.land)?|c(?:il(?:ia|y))?\.it|e(?:llak\.no|na\.it)|\.(?:eu\.org|it)|gdal\.no)?|p(?:ace(?:(?:-to-rent\.co|\.museu)m|kit\.io)?|\.(?:(?:gov|leg)\.br|it)|y(?:deberg\.no|\.museum)|dns\.(?:org|de|eu)|o(?:rt(?:\.hu)?|t)|jelkavik\.no|readbetting|b\.[rs]u|iegel)|y(?:no(?:logy(?:-d(?:iskstation|s)\.d|\.m)|-ds\.d)e|dney(?:\.museum)?|kkylven\.no|tes\.net|mantec|stems)?|(?:ø(?:r(?:-(?:(?:aur|o)dal|varanger|fron)|reisa|fold|um)|ndre-land|gne|mna)|ál[aá]t)\.no|w(?:i(?:(?:noujscie|ebodzin|dnica)\.pl|ftcover|ss)|e(?:etpepper\.org|den\.museum)|atch)|v(?:(?:e(?:lvik|io)|albard)\.no|izzera\.museum|n-repos\.de|\.it)?|l(?:a(?:ttum\.no|sk\.pl)|d\.(?:do|pa)|[gz]\.br|upsk\.pl|ing)?|n(?:(?:[aå](?:ase|sa)|illfjord|oasa)\.no|\.cn|cf)?|z(?:(?:cz(?:ecin|ytno)|kola)\.pl|ex\.hu)?|s(?:l\.origin\.cdn77-secure\.org|\.it)|quare(?:7\.(?:net|ch|de)|\.museum)|r(?:[lt]|\.(?:gov\.pl|it)|v\.br)?|m(?:[oø]la\.no|\.ua|art|ile)?|d(?:\.(?:cn|us)|n\.gov\.pl)?|b(?:[is]|\.ua)?|\.(?:bg|se)|f(?:\.no|r)|j(?:c\.br)?|x(?:\.cn)?|g)|k(?:a(?:(?:m(?:i(?:(?:t(?:onda\.wakayam|sue\.oit)|i(?:zumi\.sait|chi\.toy)am|mine\.sag|oka\.akit)a|k(?:awa\.(?:h(?:okkaid|yog)o|saitama)|(?:itayama\.nar|oani\.akit)a)|s(?:u(?:nagawa\.hokkaido|\.ibaraki)|hihoro\.hokkaido|ato\.saitama)|(?:amakusa\.kumamot|furano\.hokkaid|gori\.hyog)o|no(?:yama\.yamagata|kawa\.tochigi)|\.(?:miyag|koch)i|jima\.ehime)|o(?:\.(?:niigata|kyoto)|enai\.hokkaido|gawa\.chiba)|a(?:(?:kura\.kanagaw|gaya\.chib)a|ishi\.iwate)|e(?:oka\.kyoto|yama\.mie))|wa(?:(?:(?:(?:zu\.shiz|ra\.fuk)uo|chinagano\.osa)k|(?:jima\.saita|ba\.gun)m)a|n(?:(?:abe\.kagoshim|ehon\.shizuok)a|ishi\.(?:(?:yamagat|nar)a|hyogo))|(?:tana\.nagasak|hara\.tottor|saki\.miyag)i|g(?:oe\.(?:saitama|mie)|uchi\.saitama)|k(?:ami\.na(?:gano|ra)|ita\.ishikawa)|m(?:inami\.miyazaki|ata\.fukushima)|i\.(?:iwate|nara)|ue\.gifu)|n(?:(?:a(?:(?:zawa\.ishik|g)aw|n\.osak)|o(?:ya\.kagoshim|nji\.kagaw)|na(?:mi\.shizuok|\.gunm)|maki\.nar|zaki\.sag|ra\.gunm)a|e(?:yama\.(?:fukushim|yamagat)a|gasaki\.iwate)|i(?:e\.aichi|\.gifu)|uma\.tochigi)|g(?:a(?:mi(?:(?:ishi\.fukushi|no\.okaya)ma|\.kochi)|(?:\.ishika)?wa)|(?:oshima\.kag)?oshima)|i(?:(?:(?:nan\.(?:tokushi|wakaya)|ta\.hiroshi)m|sei\.kanagaw|zuka\.osak)a|\.yamanashi)|k(?:amigahara\.gifu|egawa\.shizuoka|inoki\.shimane|ogawa\.hyogo|uda\.miyagi)|d(?:o(?:gawa\.miyazaki|ma\.osaka)|ena\.okinawa)|ho(?:ku\.(?:ishikaw|yamagat)|\.fukuok)a|yabe\.hokkaido)\.jp|s(?:(?:u(?:ga(?:\.(?:fukuoka|hyogo)|i\.aichi)|(?:kabe\.saitam|ya\.fukuok)a|migaura\.ibaraki)|hi(?:(?:wa(?:zaki\.niigat|ra\.osak|\.chib)|(?:har|b)a\.nar)a|ma\.(?:ibaraki|saga))|a(?:ma(?:\.ibaraki|tsu\.gifu)|oka\.okayama|hara\.gifu|i\.hyogo))\.jp|zuby\.pl)|r(?:a(?:s(?:uyama\.tochigi\.jp|jo(?:hka|k)\.no)|t(?:su\.saga\.jp|e\.museum)|(?:ganda|col)\.su)|i(?:(?:wa\.niigata|ya\.aichi)\.jp|katur\.museum)|u(?:izawa\.nagano|mai\.iwate)\.jp|(?:m[oø]|lso)y\.no|(?:pacz|tuzy)\.pl|elia\.su)|t(?:(?:su(?:(?:ragi\.(?:wakayam|nar)|ura\.chib)a|shika\.tokyo|yama\.fukui)|a(?:shina\.gunm|gami\.akit|no\.osak)a)\.jp|o(?:ri\.chiba\.jp|wice\.pl))|z(?:(?:o\.saitam|uno\.akit)a\.jp|imierz-dolny\.pl)|l(?:(?:mykia\.[rs]|uga\.s)u|isz\.pl)|u(?:tokeino\.no|fen)|fjord\.no)|o(?:(?:u(?:(?:(?:yama\.kagoshi|nosu\.saita)m|hoku\.sag)a|zushima\.tokyo)|(?:(?:ori\.fukushi|ya\.wakaya)m|r(?:iyama\.fukushim|yo\.nar))a|t(?:o(?:\.(?:shiga|tokyo)|hira\.kagawa|ura\.tottori)|a\.aichi)|g(?:a(?:\.(?:fukuoka|ibaraki)|nei\.tokyo)|e\.tottori)|k(?:(?:onoe\.oit|a\.shig)a|ubunji\.tokyo)|(?:(?:chi\.ko)?c|fu\.yamanas)hi|daira\.tokyo)\.jp|m(?:a(?:(?:(?:gane\.nagan|e\.toky)o|ki\.aichi)\.jp|tsu(?:(?:shima\.tokushim|\.ishikaw)a\.jp)?)|o(?:ro\.nagano|no\.mie)\.jp|mun(?:alforbund\.se|e\.no)|(?:forb|vux)\.se)|s(?:h(?:(?:i(?:mizu\.hokkaido|gaya\.saitama)|u\.yamanashi)\.jp|er)|(?:(?:a(?:i\.shizuok|ka\.akit)|ei\.shig)a|uge\.yamanashi)\.jp)|n(?:(?:s(?:ulat\.gov|kowola)|in)\.pl|an\.(?:aichi|shiga)\.jp|gs(?:vinger|berg)\.no|yvelo\.hu)|z(?:a(?:(?:gawa)?\.wakayam|ki\.chib)a\.jp|ow\.com)|b(?:ayashi\.miyazaki\.jp|ierzyce\.pl)|e(?:benhavn\.museum|ln(?:\.museum)?)|lobrzeg\.pl|pervik\.no)|i(?:t(?:a(?:(?:(?:shiobara\.fukushi|yama\.wakaya)m|(?:nakagusuku|daito)\.okinaw)a|ga(?:wa\.(?:miyazak|koch)i|ta\.(?:gifu|saga))|ka(?:ta\.(?:fukushima|miyazaki)|mi\.iwate)|h(?:iroshima\.hokkaido|ata\.saga)|m(?:oto\.saitama|i\.hokkaido)|a(?:iki\.nagano|kita\.akita)|\.(?:(?:kyot|toky)o|osaka)|ura\.miyazaki)\.jp|chen)|(?:y(?:o(?:s(?:(?:ato\.hokkaid|e\.toky)o|u\.aichi)|kawa\.kanagawa)|ama\.saga)|s(?:o(?:(?:fukushima)?\.nagano|saki\.mie)|(?:hiwada\.osak|arazu\.chib)a)|k(?:u(?:gawa\.shizuoka|chi\.kumamoto)|onai\.hokkaido)|ho(?:ku\.ehim|\.mi)e|bichuo\.okayama|jo\.miyazaki|zu\.kyoto)\.jp|n(?:(?:(?:okawa\.wakaya|ko\.kagoshi)m|\.okinaw)a\.jp|d(?:er|le))|m(?:(?:i(?:no\.wakayam|tsu\.chib)a|obetsu\.hokkaido)\.jp)?|r(?:(?:yu\.gunma|a\.aichi)\.jp|ovograd\.ua|kenes\.no)|w(?:a\.mie\.jp|i(?:\.nz)?)|cks-ass\.(?:net|org)|ds\.(?:museum|us)|(?:ev\.u)?a)?|u(?:(?:(?:m(?:a(?:(?:gaya\.saitam|tori\.osak)a|no\.(?:hiroshima|mie)|(?:moto\.kuma)?moto|kogen\.ehime)|e(?:jima\.okinaw|nan\.okayam)a|iyama\.kyoto)|d(?:amatsu\.yamaguchi|oyama\.wakayama)|j(?:u(?:kuri\.chib|\.oit)a|i\.iwate)|(?:i\.hiroshi|ki\.saita)ma|(?:zumaki\.iwat|wana\.mi)e|chinotsu\.nagasaki)\.j|okgrou)p|r(?:(?:o(?:(?:gi\.fukuok|be\.toyam|taki\.nar)a|is(?:hi\.aomor|o\.tochig)i|matsunai\.hokkaido)|(?:a(?:shiki\.okayam|te\.fukuok)|e\.hiroshim|ume\.fukuok)a|iyama\.hokkaido)\.jp|gan\.su)|n(?:(?:i(?:(?:gami\.okinaw|mi\.fukushim|saki\.oit)a|t(?:omi\.miyazaki|achi\.tokyo))|neppu\.hokkaido|ohe\.iwate)\.jp|st(?:unddesign|sammlung)?\.museum)|s(?:(?:hi(?:m(?:oto\.wakayama|a\.miyazaki)|ro\.hokkaido)|(?:atsu\.(?:gunm|shig)|u\.oit)a)\.jp|tanai\.[rs]u)|t(?:chan\.hokkaido\.jp|no\.pl))|12\.(?:(?:m[adeinost]|n[cehjmvy]|a[klrsz]|c[aot]|o[hkr]|w[aiy]|d[ce]|g[au]|k[sy]|p[ar]|fl|la|ri|sc|ut)\.us|i(?:l(?:\.us)?|[adn]\.us)|v(?:i(?:\.us)?|[at]\.us)|t(?:[nx]\.us|r)|ec)|r(?:(?:(?:istians[au]n|ødshera)d|o(?:kstadelva|dsherad)|åanghke)\.no|a(?:(?:ger[oø]|anghke)\.no|snodar\.su|kow\.pl)|\.(?:eu\.org|com|it|ua)|ym\.ua|e?d)?|y(?:o(?:t(?:a(?:n(?:abe|go)|mba)\.kyoto\.jp|o(?:\.jp)?)|(?:wa\.(?:hokkaido|akita)|nan\.chiba)\.jp)|uragi\.saga\.jp|iv\.ua|\.us)?|e(?:(?:mbuchi\.hokkaido|isen\.fukuoka)\.jp|rry(?:propertie|logistic|hotel)s|p(?:no\.pl|\.tr)|ymachine\.de|trzyn\.pl)?|v(?:(?:i(?:n(?:nherad|esdal)|t(?:s[oø]y|eseid))|a(?:(?:fjor|lsun)d|nangen|m)|æ(?:nangen|fjord))\.no|\.ua)|h(?:(?:meln(?:itskiy|ytskyi)|erson)?\.ua|a(?:rk[io]v\.ua|kassia\.su))|n(?:ightpoint\.systems|owsitall\.info|x-server\.net)?|l(?:(?:[aæ]bu|epp)\.no|odzko\.pl)|(?:árášjohka|åfjord)\.no|m(?:psp\.gov\.pl|\.ua)?|p(?:psp\.gov\.pl|mg|n)?|w(?:ps)?p\.gov\.pl|\.(?:bg|se)|g(?:\.kr)?|s\.u[as]|ddi|fh|z)|m(?:[hqv]|i(?:n(?:(?:a(?:m(?:i(?:(?:(?:yamashiro\.ky|oguni\.kumam)ot|m(?:inowa|aki)\.nagan|furano\.hokkaid)o|(?:tane\.kagoshim|uonuma\.niigat|daito\.okinaw|boso\.chib)a|(?:-alps\.yamanash|sanriku\.miyag|echizen\.fuku)i|a(?:(?:iki\.nagan|waji\.hyog)o|shigara\.kanagawa)|\.(?:(?:tokushim|fukuok)a|kyoto)|i(?:zu\.shizuoka|se\.mie))|ata\.kumamoto)|(?:kami\.gun|no\.saita)ma|to\.(?:osaka|tokyo))|o(?:(?:kamo)?\.gifu|bu\.yamanashi|wa\.nagano|h\.osaka))\.jp|i(?:(?:server\.co|ng\.museu)m)?|e(?:rs\.museum|\.nu)|nesota\.museum|com\.tn|t)|(?:y(?:a(?:k(?:o(?:\.(?:fukuoka|iwate)|nojo\.miyazaki)|e\.nara)|z(?:(?:aki\.miyaz)?aki|u\.kyoto)|(?:shiro\.saitam|waka\.fukuok)a|ma\.(?:fukuoka|mie)|da\.nagano|gi)|o(?:shi\.(?:(?:(?:hiro|toku)shi|saita)ma|aichi)|ta\.nagano))|h(?:a(?:ma\.(?:(?:wakayam|chib)a|(?:aich|fuku)i|mie)|r(?:a\.(?:hiroshima|kochi)|u\.fukushima))|o\.ibaraki)|zu(?:maki\.fukuoka|sawa\.iwate|nami\.gifu|ho\.tokyo)|k(?:a(?:sa\.hokkaido|wa\.yamagata)|i\.hyogo)|ma(?:ta\.miyazaki|\.tokushima)|fune\.kumamoto|ura\.kanagawa|bu\.tochigi)\.jp|s(?:(?:a(?:to\.(?:s(?:aitama|himane)|(?:wakayam|akit)a|miyagi)|(?:sa\.tott|wa\.aom)ori|ki\.o(?:kayam|sak)a)|hima\.(?:fukushim|shizuok)a|ugi\.mie)\.jp|s(?:oula|ile)\.museum|confused\.org)|l(?:\.(?:t[jmorwz]|a[celrz]|b[aory]|k[gmrz]|m[gvyz]|n[gioz]|p[ehly]|c[lno]|g[eht]|i[dnq]|s[hty]|z[amw]|[dj]o|e[cg]|r[uw]|v[ce]|hn|lv|qa|uy)|(?:itary|l)\.museum|ano?\.it)?|t(?:(?:o(?:(?:u\.yamaguch|\.ibarak)i|yo\.kagawa)|a(?:k(?:a\.tokyo|e\.gifu)|ne\.akita))\.jp|su(?:(?:ke\.niigat|e\.nar)a\.jp|bishi))?|d(?:(?:tre-gauldal|sund)\.no|ori\.(?:chib|gunm)a\.jp|atlantic\.museum)|c(?:ro(?:light\.aero|soft)|higan\.museum)|a(?:s(?:a\.nagano\.jp|ta\.pl)|mi)|e(?:l(?:ec|no)\.pl|\.jp)|\.(?:it|th|us))|a(?:t(?:su(?:(?:b(?:ushi\.saitam|ara\.osak)|d(?:a\.kanagaw|o\.chib)|zaki\.shizuok)a|s(?:hi(?:ge\.tokushima|ma\.miyagi)|aka\.mie)|m(?:oto\.(?:kagoshima|nagano)|ae\.hokkaido)|(?:(?:yama|no)\.ehim|e\.shiman)e|ura\.nagasaki|kawa\.nagano)\.jp|t(?:a-varjjat\.no|el)|era\.it|\.br)|r(?:i(?:n(?:ga\.br|e\.ru)|tim[eo]\.museum)|u(?:game\.kagawa|mori\.miyagi)\.jp|(?:yl(?:hurst|and)|burg)\.museum|ke(?:t(?:ing|s)?|r\.no)|(?:(?:che)?\.i|riot)t|nardal\.no|shalls)|s(?:(?:hik(?:(?:e\.hokkaid|i\.kumamot)o|o\.tochigi)|(?:uda\.shiman|aki\.ehim)e)\.jp|(?:fjorden|oy)\.no|sa-?carrara\.it|erati)|n(?:(?:iwa\.okayam|no\.kagaw)a\.jp|(?:chester|sions?|x)\.museum|a(?:gement|us\.br)|g(?:yshlak\.su|o)|tova\.it|dal\.no)?|(?:k(?:(?:urazaki\.kagoshim|inohara\.shizuok)a\.j|eu)|(?:murogawa\.yamagat|ebashi\.gunm)a\.j)p|l(?:(?:atvuopmi|selv|vik)\.no|(?:opolska|bork)\.pl|lorca\.museum)|i(?:(?:bara\.shiga|zuru\.kyoto)\.jp|ntenance\.aero|l\.pl|son|f)|c(?:e(?:rata\.it|io\.br)|hida\.tokyo\.jp|apa\.br|ys)|d(?:rid(?:\.museum)?|\.museum)|p(?:\.fastly(?:lb)?\.net)?|\.(?:(?:gov|leg)\.br|us)|yfirst\.(?:info|org)|z(?:owsze|ury)\.pl|gazine\.aero|ori\.nz)?|o(?:[ei]|r(?:(?:i(?:y(?:a(?:\.ibaraki|ma\.shiga)|oshi\.akita)|(?:machi\.shizuo|guchi\.osa)ka|oka\.iwate)|o(?:tsuka\.miyazaki|yama\.saitama))\.jp|dovia\.[rs]u|ena\.br|tgage|mon)|n(?:(?:za(?:(?:-e-della)?-|e(?:della)?)?brian)?za\.it|(?:t(?:icello|real)|mouth)\.museum|ey(?:\.museum)?|ster|ash)|t(?:o(?:(?:bu\.okinawa|yama\.kochi|su\.gifu)\.jp|rcycle(?:\.museum|s))?|egi\.tochigi\.jp)|s(?:(?:(?:kene)?s|j[oø]en|vik)\.no|eushi\.hokkaido\.jp|cow(?:\.museum)?)|d(?:e(?:lling\.aero|rn\.museum|na\.it)|a(?:len\.no)?|um\.no|\.gi)|b(?:i(?:\.(?:n[ag]|t[tz]|gp|ke)|l[ey])?|ara\.chiba\.jp)|(?:chizuki\.nagano|ka\.tochigi)\.jp|m(?:betsu\.hokkaido\.jp|a\.museum)?|v(?:i(?:miento\.bo|star|e))?|(?:[aå]reke|-i-rana)\.no|l(?:(?:ise)?\.it|de\.no)|\.(?:cn|it|us)|zilla-iot\.org|onscale\.net|par)?|y(?:(?:a(?:ctivedirectory|sustor)|qnapcloud|ravendb|iphost|vnc)\.com|d(?:atto\.(?:com|net)|issent\.net|dns\.rocks|robo\.com|s\.me)|-(?:(?:(?:route|vigo)r|gateway|wan)\.de|firewall\.org)|s(?:ecuritycamera\.(?:com|net|org)|hopblocks\.com)|p(?:e(?:p\.link|ts\.ws)|hotos\.cc|sx\.net|i\.co)|f(?:tp\.(?:biz|org)|irewall\.org|ritz\.net)|m(?:ailer\.com\.tw|ediapc\.net)|t(?:uleap\.com|is\.ru)|(?:jino\.r|cd\.e)u|\.(?:eu\.org|id)|oko\.niigata\.jp|home-server\.de|effect\.net|kolaiv\.ua|wire\.org)?|u(?:s(?:e(?:um(?:(?:vereniging|center)\.museum|\.(?:m[vw]|no|om|tt))?|et\.museum)|ashi(?:murayama|no)\.tokyo\.jp|ic(?:a\.(?:ar|bo)|\.museum)|\.(?:mi\.us|br))|r(?:(?:a(?:(?:yama\.yama|kami\.nii)gata|ta\.miyagi)|o(?:ran\.hokkaido|to\.kochi))\.jp|mansk\.su)|(?:(?:gi\.tokushim|ika\.niigat)a|k(?:awa\.hokkaid|o\.kyot)o)\.jp|n(?:akata\.fukuoka\.jp|cie\.museum|i\.il)|t(?:su(?:zawa\.chiba|\.aomori)\.jp|ual)|(?:en(?:chen|ster)|lhouse)\.museum|os[aá]t\.no|p\.gov\.pl)?|e(?:d(?:i(?:a(?:\.(?:museum|aero|hu|pl))?|c(?:al\.museum|ina\.bo)|zinhistorisches\.museum|o-?campidano\.it)|\.(?:p(?:[al]|ro)|e[ce]|s[ad]|br|ht|ly|om)|ecin\.(?:fr|km))?|i(?:n-(?:iserv|vigor)\.de|wa\.(?:gunma|mie)\.jp)|l(?:(?:[oø]y|and|dal|hus)\.no|bourne)|m(?:orial(?:\.museum)?|set\.net|e)|r(?:[aå]ker\.no|seine\.nu|ckmsd)|\.(?:eu\.org|u[ks]|it|ke|tz)|s(?:averde\.museum|sina\.it)|t(?:eorapp\.com|life)|e(?:res\.museum|t)|guro\.tokyo\.jp|x\.com|nu?|o)?|(?:á(?:tta-várjjat|latvuopmi)|å(?:lselv|søy)|j[oø]ndalen)\.no|s(?:\.(?:(?:(?:gov|leg)\.b|k)r|it|us)|k\.[rs]u|d)?|t(?:[nr]|\.(?:(?:gov|leg)\.br|eu\.org|it|us))?|c(?:\.(?:eu\.org|it)|kinsey)?|g(?:\.(?:gov|leg)\.br)?|k(?:\.(?:eu\.org|ua))?|l(?:b(?:fan\.org)?|s)?|r(?:agowo\.pl|\.no)?|b(?:\.(?:ca|it)|a)|d(?:\.(?:ci|us))?|n(?:\.(?:it|us))?|ma(?:fan\.biz)?|w(?:\.gov\.pl)?|(?:āori\.n)?z|\.(?:bg|se)|p(?:\.br)?|x(?:\.na)?)|t(?:[flz]|a(?:(?:k(?:a(?:ha(?:(?:(?:ru\.miyaz|gi\.ibar)ak|ma\.(?:aich|fuku))i|(?:shi\.okayam|ta\.yamagat)a)|(?:t(?:suki\.(?:osak|shig)|a\.fukuok|ori\.nar)|ishi\.osak|oka\.toyam)a|s(?:a(?:go\.hyogo|ki\.gunma)|hima\.shiga|u\.hokkaido)|(?:n(?:ezawa\.tochig|abe\.miyazak)|zaki\.miyazak)i|m(?:ori\.(?:kumamot|nagan)o|atsu\.kagawa)|(?:(?:razuka)?\.hyog|gi\.nagan)o|yama\.(?:g(?:unma|ifu)|nagano))|(?:e(?:t(?:omi\.okinaw|a\.oit)|hara\.hiroshim)|o\.chib|u\.sag)a|i(?:(?:no(?:ue\.hokkaid|\.hyog)|kawa\.hokkaid)o|\.mie)|ko\.aomori)|m(?:a(?:k(?:awa\.fukushima|i\.mie)|(?:mura\.gun|no\.okaya)ma|tsukuri\.ibaraki|yu\.shimane|\.tokyo)|ba\.hyogo)|ga(?:(?:mi\.niigat|wa\.fukuok)a|jo\.miyagi)|d(?:o(?:tsu\.kagawa|\.mie)|aoka\.osaka)|chi(?:arai\.fukuoka|kawa\.tokyo)|ji(?:ri\.osaka|mi\.gifu)|waramoto\.nara|hara\.aichi)\.jp|i(?:(?:(?:(?:ji\.waka|ra\.to)yam|nai\.niigat)a|shi(?:\.(?:hyogo|osaka)|n\.fukushima)|ki\.(?:hokkaido|mie)|wa\.miyagi|to\.tokyo)\.jp|fun-dns\.de|pei)|t(?:(?:e(?:(?:yama\.(?:toyam|chib)|bayashi\.gunm)a|shina\.nagano)|suno\.(?:nagan|hyog)o)\.jp|a(?:motors|r)|too)|r(?:a(?:(?:ma\.okinaw|\.sag)a\.jp|nto\.it)|u(?:mizu\.kagoshima|i\.gifu)\.jp|g(?:i\.pl|et)|nobrzeg\.pl)|n(?:a(?:(?:be\.(?:wakayama|kyoto)|gura\.fukushima)\.jp|(?:nger)?\.no)|ohata\.iwate\.jp|k\.museum)|b(?:(?:ayama\.yamanas|use\.yamaguc)hi\.jp)?|s(?:(?:\.(?:edu|gov))?\.a|hkent\.s)u|x(?:i(?:\.br)?)?|a?\.it|obao|lk)|o(?:(?:m(?:i(?:(?:gusuku\.okinaw|sato\.chib|oka\.gunm)a|ya\.miyagi|\.nagano|ka\.gifu)|(?:obe\.ibarak|e\.miyag)i|a(?:koma|r)i\.hokkaido)|b(?:e(?:tsu\.hokkaido|\.ehime)|ishima\.aichi|a\.mie)|h(?:(?:nosho\.chib|o\.fukuok)a|ma\.hokkaido)|chi(?:(?:gi\.tochi)?gi|o\.niigata)|ei\.aichi)\.jp|y(?:o(?:(?:(?:(?:hashi|kawa|ake)\.ai|\.ko)chi|n(?:(?:aka|o)\.osaka|e\.aichi)|(?:ura\.hokkaid|oka\.hyog)o|sato\.shiga)\.jp|t(?:(?:omi\.hokkaido|su\.fukuoka)\.jp|a(?:\.(?:yamagu|ai)chi\.jp)?))|a(?:(?:ko)?\.hokkaido|(?:ma\.toya)?ma)\.jp|s)|k(?:(?:a(?:(?:machi\.niigat|shiki\.okinaw)a|i\.(?:ibarak|aich)i)|u(?:(?:shima\.toku)?shima|yama\.yamaguchi)|o(?:rozawa\.saitama|name\.aichi)|i(?:gawa\.saitama|\.gifu))\.jp|yo(?:\.jp)?|ke\.no)|n(?:(?:(?:a(?:ki\.okinaw|mi\.toyam)|dabayashi\.osak)a|o(?:sho\.kagawa|\.iwate)|e\.ibaraki)\.jp|sberg\.no)|g(?:(?:a(?:(?:ne\.chib|\.toyam)a|kushi\.nagano)|(?:itsu\.nagasak|o\.aich)i|ura\.nagano)\.jp|liatti\.su)|s(?:(?:a(?:shimizu)?\.kochi|u\.saga)\.jp|hi(?:ma\.tokyo\.jp|ba)|(?:cana)?\.it)|r(?:i(?:no\.(?:museum|it)|de\.ibaraki\.jp)|a(?:hime\.shiga\.jp|y)|sken\.no)|w(?:n(?:(?:news-staging\.co|\.museu)m)?|ada\.aomori\.jp)|u(?:r(?:ism\.(?:pl|tn)|s)|ch\.museum)|t(?:(?:tori\.tot)?tori\.jp|al)|z(?:awa\.yamagata\.jp|sde\.hu)|\.(?:(?:gov|leg)\.br|it)|da(?:\.saitama\.jp|y)|o(?:n\.ehime\.jp|ls)|p(?:ology\.museum)?|lga\.no)?|r(?:a(?:n(?:i(?:-(?:andria-barlett|barletta-andri)|andriabarlett|barlettaandri)a\.it|sport(?:\.museum|e\.bo)|(?:[boø]y|a)\.no)|vel(?:ers(?:insurance)?|\.(?:pl|tt)|channel)?|d(?:ing(?:\.aero)?|e(?:r\.aero)?)|in(?:er\.aero|ing)|fficplex\.cloud|eumtgerade\.de|pani\.it|\.kp)|e(?:(?:nt(?:in(?:o(?:-(?:s(?:u[ë]?d)?-?tirol|a(?:lto)?-?adige)|s(?:u[ë]?d)?-?tirol|a(?:lto)?-?adige)?|-?su[ë]?d-?tirol)|o)|viso)\.it|e\.museum)|o(?:(?:ms[aoø]|ndheim|andin|gstad)\.no|lley\.museum|itsk\.su)|(?:øgstad|ysil|æna)\.no|ust(?:(?:ee)?\.museum)?|\.(?:eu\.org|it|no)|ieste\.it|d\.br|v)?|s(?:u(?:ru(?:g(?:a(?:shima\.saitama|\.fukui)|i\.ishikawa)|(?:\.yamanash|ta\.aomor)i|oka\.yamagata)|k(?:u(?:(?:i\.kanagaw|mi\.oit)a|ba\.ibaraki)|i(?:gata\.hokkaido|yono\.gunma))|(?:ga(?:ru\.aomor|\.tochig)|shima\.(?:nagasak|aich)|chiura\.ibarak)i|b(?:a(?:ta\.ishikaw|me\.niigat)a|etsu\.hokkaido)|(?:(?:yama\.okaya|magoi\.gun)m|iki\.fukuok)a|n(?:o\.(?:miyazak|koch)i|an\.niigata)|(?:wano\.shiman|\.mi)e)\.jp|elinograd\.su|\.it)|e(?:l(?:e(?:(?:kommunikat|vis)ion\.museum|\.amune\.org|fonica|city)|\.tr)?|n(?:(?:(?:kawa|ri)\.nar|ei\.fukushim|do\.yamagat)a\.jp|nis)|c(?:h(?:nology(?:\.museum)?)?|\.(?:mi\.us|ve)|nologia\.bo)|s(?:t(?:\.(?:ru|tj)|-iserv\.de)|hikaga\.hokkaido\.jp)|(?:a(?:ches-yoga\.co)?|x(?:tile|as)\.museu)m|r(?:n(?:opil\.ua|i\.it)|amo\.it|mez\.su)|m(?:p(?:io-?olbia\.it|-dns\.com)|asek)|\.(?:it|ua)|o\.br|va)|u(?:r(?:e(?:k\.pl|n\.tn)|ystyka\.pl|\.[ab]r|in\.it)|s(?:cany\.it|hu)|n(?:k\.org|es)|xfamily\.org|[lv]a\.su|be|i)|i(?:me(?:\.(?:museum|no)|keeping\.museum)|n(?:gvoll|n)\.no|(?:cket|p)s|(?:end|a)a|r(?:es|ol)|ffany)|h(?:e(?:at(?:er(?:\.museum)?|re)|workpc\.com|\.br)|ruhere\.net|d)?|m(?:\.(?:[nr]o|m[cg]|cy|fr|hu|km|pl|se|za)|p\.br|all)?|v(?:\.(?:b[bor]|i[mt]|t[rz]|na|sd)|edestrand\.no|s)?|y(?:(?:s(?:v[aæ]r|fjord|nes)|nset|dal)\.no|chy\.pl)|j(?:(?:eldsund|[oø]me)\.no|(?:max)?x|\.cn)?|w(?:mail\.(?:net|org|cc)|\.cn)?|c(?:m\.museum|p4\.me|i)?|(?:3l3p0rt\.ne|p\.i)t|k(?:sat\.bo|maxx)?|n(?:\.(?:it|us))?|g(?:ory\.pl)?|\.(?:bg|se)|ønsberg\.no|t(?:\.im)?|x\.us|dk?)|a(?:s(?:(?:a(?:hi(?:\.(?:(?:yamagat|toyam|chib)a|ibaraki|nagano|mie)|kawa\.hokkaido)|(?:k(?:a(?:wa\.fukushi|\.saita)|uchi\.okaya)|minami\.hiroshi)ma|go\.hyogo)|o\.kumamoto|uke\.aichi)\.jp|s(?:o(?:\.(?:eu\.org|[mn]c|bj|ci|dz|fr|gp|ht|km|re)|ciat(?:ion\.(?:museum|aero)|es))|a(?:ssination\.museum|bu\.hokkaido\.jp)|(?:isi\.museu|\.k)m|edic\.fr|n\.lk)|h(?:(?:i(?:ya\.(?:fukuoka|hyogo)|betsu\.hokkaido|kaga\.tochigi)|oro\.hokkaido)\.jp|gabad\.su)|(?:k(?:[oø]y|voll|er|im)|eral)\.no|t(?:ronomy\.museum|i\.it)|n(?:\.(?:au|lv)|es\.no)|coli-?piceno\.it|matart\.museum|[di]a|\.us)?|r(?:t(?:s(?:\.(?:museum|[cr]o|nf|ve)|andcrafts\.museum)|(?:anddesign|gallery|center|deco)\.museum|\.(?:museum|d[oz]|br|ht|pl|sn)|e(?:ducation\.museum|\.bo)?)?|a(?:(?:kawa\.(?:saitama|tokyo)|i\.shizuoka|o\.kumamoto)\.jp|mco|b)|ch(?:aeolog(?:ical|y)\.museum|i(?:tecture\.museum)?)|i(?:d(?:agaw)?a\.wakayam|(?:ake|ta)\.sag)a\.jp|e(?:(?:mark|ndal)\.no|zzo\.it)|\.(?:com|it|us)|boretum\.museum|m(?:enia\.su|y)|(?:dal|na)\.no|khangelsk\.su|q\.br|pa)?|n(?:d(?:r(?:ia(?:-(?:barletta-trani|trani-barletta)|barlettatrani|tranibarletta)\.it|oid)|(?:asuolo|ebu|øy)\.no|o(?:\.nara\.jp|y\.no)|\.museum)|a(?:n(?:\.(?:tokushima|nagano)\.jp|i\.br)|mizu\.ishikawa\.jp|lytics)|n(?:-arbor\.mi\.us|aka\.gunma\.jp|efrank\.museum)|t(?:hro(?:pology)?|iques)\.museum|(?:pachi\.gifu|jo\.aichi)\.jp|(?:cona)?\.it|quan|z)|c(?:\.(?:g(?:ov\.br|n)|l(?:eg\.br|k)|i[dlmnr]|m[aeuwz]|c[inry]|r[suw]|t[hjz]|z[amw]|a[et]|k[er]|n[iz]|p[ar]|s[ez]|u[gk]|be|jp|vn)|c(?:(?:ident-(?:investiga|preven)tion\.ae|t\.p)ro|e(?:sscam\.org|nture)|ountants?)|a(?:dem(?:y(?:\.museum)?|ia\.bo)|\.pro)|t(?:(?:\.edu)?\.au|ive|or)|hi\.nagano\.jp|o)?|i(?:(?:(?:zu(?:(?:wakamatsu|bange)\.fu|mi(?:sato\.fu|\.to))kushim|kawa\.kanagaw)a|(?:betsu\.hokkaid|oi\.hyog)o|s(?:ai\.aichi|ho\.shiga)|nan\.ehime|chi)\.jp|r(?:(?:-(?:traffic-control|surveillance)|(?:craf|por)t|line)\.aero|t(?:raffic\.aero|el)|(?:guard)?\.museum|force|bus)|d\.pl|p\.ee|go?)?|l(?:a(?:(?:bam|sk)a\.museum|headju\.no|nd\.fi)|\.(?:(?:gov|leg)\.br|eu\.org|it|no|us)|pha(?:\.bounty-full|-myqnapcloud)\.com|(?:(?:gard|vdal)\.n|farome)o|t(?:o-?adige\.it|a\.no|\.za)|s(?:t(?:ahaug\.no|om)|ace)|es(?:sandria\.it|und\.no)|l(?:finanz|state|y)|i(?:baba|pay)|waysdata\.net)?|m(?:a(?:(?:kusa\.kumamot|gasaki\.hyog)o|\.(?:shimane|aichi)|mi\.kagoshima)\.jp|e(?:rican(?:(?:a(?:ntiques|rt)?)?\.museum|express|family)|x)|b(?:ulance\.(?:museum|aero)|er\.museum)|(?:(?:li|ot)\.n|usement\.aer)o|(?:sterda(?:m\.museu)?|fa)m|(?:\.(?:gov|leg))?\.br|i(?:\.ibaraki\.jp|ca))?|p(?:p(?:\.(?:os(?:\.stg)?\.fedoraproject\.org|lmpm\.com)|s(?:\.(?:fbsbx\.com|lair\.io)|pot\.com)|l(?:inzi\.com|e)|chizi\.com)?|-(?:south(?:east-[12]|-1)|northeast-[123])\.elasticbeanstalk\.com|\.(?:gov\.(?:br|pl)|leg\.br|it)|ar(?:ecida\.br|tments))|u(?:s(?:t(?:r(?:alia\.museum|heim\.no)|in\.museum|evoll\.no)|post)|t(?:o(?:motive\.museum|\.pl|s)?|hor(?:\.aero)?)|(?:r(?:(?:skog-h[oø])?land|e)|kra)\.no|d(?:i(?:ble|o)?|nedaln\.no)|gustow\.pl|\.eu\.org|ction)?|k(?:(?:a(?:(?:bira\.hokkaid|shi\.hyog)o|iwa\.okayama|gi\.shimane)|i(?:(?:shima|runo)\.tokyo|(?:ta\.aki)?ta|\.kochi)|(?:keshi\.hokkaid|o\.hyog)o|une\.kagoshima)\.jp|(?:noluokta|rehamn)\.no|tyubinsk\.su|\.us|dn)|g(?:r(?:i(?:c(?:ulture\.museum|\.za)|gento\.it|net\.tn)|o\.(?:bo|pl)|ar\.hu|\.br)|e(?:matsu\.nagano\.jp|n(?:ts\.aero|cy))|a(?:(?:no)?\.niigata\.jp|khan)|uni\.okinawa\.jp|denes\.no|\.it)?|b(?:(?:i(?:ra\.hokkaido|ko\.chiba)|eno\.osaka)\.jp|a(?:shiri\.hokkaido\.jp|rth)|u(?:\.yamaguchi\.jp|dhabi)|o(?:\.pa|gado)|r(?:uzzo)?\.it|b(?:ott|vie)?|c(?:\.br)?|khazia\.su|\.ca|le)|t(?:(?:su(?:gi\.kanagawa|ma\.hokkaido)|ami\.shizuoka)\.jp|\.(?:eu\.org|it)|-band-camp\.net|h(?:\.cx|leta)|lanta\.museum|torney|m\.pl|o\.br)?|o(?:(?:(?:ga(?:shima\.toky|ki\.hyog)|ki\.nagan)o|(?:mori\.ao)?mori)\.jp|(?:st(?:a(?:-?valley)?|e))?\.it|l)?|v(?:o(?:cat\.(?:pro|fr)|ues\.fr)|e(?:r[oø]y\.no|llino\.it)|ia(?:tion\.museum|nca)|\.(?:it|tr))|z(?:u(?:re(?:(?:websites|-mobile)\.net|container\.io)?|mino\.nagano\.jp)|erbaijan\.su|\.us)?|e(?:ro(?:(?:batic|drome|club)\.aero|\.(?:mv|tt)|port\.fr)?|(?:\.or)?g|jrie\.no|tna)?|d(?:ac(?:hi\.tokyo\.jp)?|ul(?:t\.h)?t|v\.(?:br|mz)|ygeya\.[rs]u|m\.br|\.jp|s)?|ya(?:(?:gawa\.k|se\.kan)agawa|\.miyazaki|be\.kyoto)\.jp|\.(?:s(?:sl\.fastly\.net|e)|prod\.fastly\.net|bg)|q(?:u(?:ar(?:ium\.museum|elle)|ila\.it)|\.it)?|f(?:rica(?:\.com)?|amilycompany|jord\.no|l)?|a(?:r(?:borte\.no|p)|a(?:\.pro)?|\.no)|w(?:aji\.hyogo\.jp|s)?|x(?:is\.museum|a)?|h\.(?:cn|no)|éroport\.ci|ju\.br)|n(?:a(?:k(?:(?:a(?:g(?:awa\.(?:(?:tokushim|fukuok)a|(?:hokkaid|nagan)o)|usuku\.okinawa|yo\.kyoto)|n(?:o(?:(?:to\.ishikaw|jo\.gunm)a|\.(?:nagan|toky)o)|iikawa\.toyama)|t(?:ombetsu\.hokkaido|ane\.kagoshima|sugawa\.gifu)|m(?:(?:ichi\.yamanas|ura\.koc)hi|a\.fukuoka)|(?:yama\.yamagat|i\.kanagaw)a|\.(?:hiroshima|ibaraki)|satsunai\.hokkaido|domari\.aomori)|ijin\.okinawa)\.jp|lo\.pl)|g(?:(?:a(?:(?:r(?:eyam)?a\.chib|hama\.shig|i\.yamagat)a|s(?:(?:aki\.nagas)?aki|u\.kumamoto)|no(?:(?:\.nagano)?|hara\.gunma)|to(?:\.yamaguchi|ro\.saitama)|oka(?:kyo\.kyoto|\.niigata)|wa\.nagano)|i(?:so\.nagano|\.okayama))\.jp|o(?:\.okinawa\.jp|ya))|t(?:u(?:r(?:a(?:l(?:(?:history(?:museum)?|sciences)\.museum|\.bo))?|(?:historisches|e)\.museum|bruksgymn\.se)|urwetenschappen\.museum)|i(?:on(?:al(?:firearms|heritage)?\.museum|wide)|veamerican\.museum)|ori\.miyagi\.jp|al\.br|\.tn)|n(?:(?:(?:(?:go\.fukushi|moku\.gun)m|yo\.yamagat|jo\.okinaw)a|(?:bu\.(?:yamanash|tottor)|koku\.koch)i|a(?:e\.hokkaido|o\.ishikawa)|t(?:an\.kyoto|o\.toyama)|poro\.hokkaido)\.jp|nestad\.no)|m(?:e(?:(?:ga(?:ta\.ibaraki|wa\.saitama)|rikawa\.toyama)\.jp|\.(?:m[kvy]|t[jrt]|[hp]r|e[gt]|n[ag]|az|cy|jo|qa|vn))?|i(?:e\.fukushima|kata\.ehime)\.jp|(?:s(?:skogan|os)|dalseid)\.no)|(?:(?:chikatsuura\.wakayam|oshima\.kagaw)a|ha(?:\.okinawa|ri\.kochi)|su(?:shiobara)?\.tochigi|(?:yoro|ie)\.hokkaido)\.jp|r(?:(?:u(?:sawa\.yamanashi|to\.tokushima)|a(?:shino\.chiba|(?:\.nara)?)|ita\.chiba)\.jp|(?:vi(?:ika|k)|oy)\.no)|v(?:(?:igation\.aer|uotna\.n)o|al\.museum|oi\.su|y)|u(?:mburg\.museum|stdal\.no)|(?:p(?:les|oli))?\.it|b(?:ari\.mie\.jp)?|amesjevuemie\.no|lchik\.[rs]u|dex)?|o(?:(?:(?:s(?:e(?:gawa\.nar|\.osak)|hiro\.akit)|noichi\.ishikaw)a|b(?:oribetsu\.hokkaido|eoka\.miyazaki)|g(?:ata\.fukuoka|i\.tochigi)|zawaonsen\.nagano)\.jp|m(?:\.(?:a[defgil]|g[delt]|p[aelw]|n[ciu]|r[eos]|[qz]a|c[lo]|k[em]|m[gk]|s[it]|t[jm]|u[gy]|v[cg]|es|fr|hn|im|li)|i\.ishikawa\.jp|bre\.bo|e\.pt)|r(?:(?:d(?:-(?:(?:aur|o)dal|fron)|re(?:-land|isa)|kapp|dal)|e-og-uvdal)\.no|t(?:h(?:-kazakhstan\.su|westernmutual|\.museum)|on)|folk\.museum)|t(?:o(?:(?:gawa\.shig|\.ishikaw)a\.jp|dden\.no)|(?:icias\.b|teroy\.n)o|aires\.(?:fr|km)|\.br)|w(?:-dns\.(?:net|org|top)|aruda\.pl|\.sh|ruz|tv)?|-ip\.(?:c(?:o\.uk|a)|info|biz|net|org)|d(?:a\.(?:chiba|iwate)\.jp|um\.[ci]o)|h(?:o(?:st\.me|\.st)|eji\.aomori\.jp)|\.(?:eu\.org|com|it)|v(?:\.[rs]u|ara\.it)|ip\.(?:me|us)|kia)?|i(?:s(?:hi(?:(?:a(?:(?:wakura\.okaya|izu\.fukushi)m|(?:rita\.sa|zai\.shi)g)|(?:\.(?:fukuo|osa)|izu\.shizuo)k|go\.fukushim)a|ka(?:t(?:sura\.yamanash|a\.tochig)i|wa\.yamagata)|no(?:omote\.kagoshima|shima\.shimane|miya\.hyogo)|(?:mera\.miyazak|tosa\.koch)i|o(?:koppe\.hokkaido|\.aichi)|hara\.(?:kumamoto|okinawa)|waki\.hyogo)\.jp|s(?:hin\.aichi\.jp|edal\.no|a[ny])|\.za)|(?:i(?:(?:(?:mi\.okay|za\.sait)am|(?:gata\.nii)?gat)a|kappu\.hokkaido|hama\.ehime)|(?:rasaki\.yamanas|yodogawa\.koc)hi)\.jp|k(?:(?:i\.hokkaido|ko\.tochigi|aho\.akita)\.jp|o(?:laev\.ua|n)|e)|c(?:hinan\.(?:miyazak|tottor)i\.jp|\.(?:in|tj)|o)|n(?:o(?:miya\.kanagawa|he\.iwate)\.jp|ja)|e(?:ruchomosci\.pl|pce\.museum)|t(?:tedal\.no|eroi\.br)|d\.io)?|e(?:t(?:\.(?:e(?:[ct]|(?:u\.or)?g)|m[aeklostuvwxyz]|p[aehklnrsty]|s[abcdghloty]|a[cefgilruz]|b[abhmorstz]|g[eglnprtuy]|t[hjmnortw]|c[imnouwy]|i[dlmnqrs]|l[abckrvy]|k[ginyz]|n[fgirz]|v[ceinu]|u[akyz]|d[moz]|h[knt]|j[eo]|r[uw]|z[am]|om|qa|ws)|(?:-freaks|lify)\.com|(?:ban|wor)k|flix)?|w(?:(?:jersey|mexico|port|york)\.museum|h(?:ampshire\.museum|olland)|s(?:paper\.museum|\.hu)?)?|(?:s(?:\.(?:akershus|buskerud)|odd(?:tang)?en|se(?:by|t)|na)|dre-eiker)\.no|(?:muro\.hokkaido|yagawa\.osaka)\.jp|(?:braska\.museu|at-url\.co)m|r(?:ima\.tokyo\.jp|dpol\.ovh)|\.(?:k[er]|u[gs]|jp|pw|tz)|u(?:es\.museum|star)|x(?:(?:tdirec)?t|us)|c)?|y(?:m\.(?:l[acitu]|m[enx]|s[kux]|[kn]z|b[yz]|g[ry]|p[et]|ie|ro|tw)|c(?:\.m(?:useum|n))?|uzen\.toyama\.jp|ny\.museum|sa\.pl|\.us)|u(?:ma(?:ta\.(?:hokkaido|gunma)|zu\.shizuoka)\.jp|(?:ern|rem)berg\.museum|\.(?:ca|it)|oro\.it)?|(?:(?:(?:øtte|æ)røy|ååmesjevuemie|ávuotna)\.n|4t\.c)o|t(?:\.(?:(?:edu\.)?au|[nr]o|ca)|dll\.top|r\.br|t)|g(?:o(?:\.(?:lk|ph|za))?|\.eu\.org|rok\.io)?|h(?:(?:(?:-serv\.co|s)\.u)?k|lfan\.net|\.us)|s(?:w(?:\.edu)?\.au|update\.info|n\.us|\.ca)|f(?:l(?:fan\.org)?|shost\.com|\.ca)?|l(?:\.(?:eu\.org|ca|no))?|r(?:w(?:\.museum)?|a)?|c(?:\.(?:tr|us))?|z(?:\.eu\.org)?|m\.(?:cn|us)|\.(?:bg|se)|b(?:\.c)?a|[djv]\.us|x\.cn)|c(?:[gmwx]|o(?:m(?:\.(?:s[abcdeghlnotvy]|b[abhimorstyz]|m[gklostuvwxy]|g[ehilnprtuy]|p[aefhklrsty]|a[cfgilruwz]|c[imnouwy]|l[abckrvy]|t[jmnortw]|k[gimpyz]|e[cegst]|n[afgir]|v[ceinu]|d[emoz]|h[knrt]|i[moqs]|r[eouw]|u[agyz]|[oz]m|fr|jo|qa|ws)|m(?:uni(?:cations?\.museum|ty(?:\.museum)?)|bank)|p(?:uter(?:(?:history)?\.museum)?|a(?:ny|re))|unicações\.museum|(?:o\.i|cas)t|sec)?|n(?:t(?:emporary(?:art)?\.museum|r(?:ol\.aero|actors)|a(?:gem\.br|ct))|s(?:ul(?:t(?:ing(?:\.aero)?|ant\.aero)|ado\.st)|truction)|f(?:erence\.aero|\.(?:au|lv))|vent\.museum|dos)|\.(?:c(?:[ailrz]|o?m)|k(?:rd?|e)|i[dlmnrt]|m[aeguwz]|n[ailoz]|t[hjmtz]|u[agksz]|a[egot]|b[biw]|g[gly]|p[lnw]|z[amw]|j[ep]|l[cs]|r[sw]|s[tz]|v[ei]|dk|hu|om)|l(?:o(?:(?:nialwilliamsburg|radoplateau)\.museum|gne)|le(?:ge(?:fan\.org)?|ction\.museum)|(?:umb(?:ia|us)|dwar)\.museum)|u(?:n(?:t(?:ry(?:estate\.museum)?|y\.museum)|cil\.aero)|chpotatofries\.org|pons?|rses)|o(?:p(?:\.(?:[ht]t|m[vw]|br|km|py)|erativa\.bo)?|king(?:channel)?|l)|r(?:(?:reios-e-telecomunicações|poration|vette)\.museum|sica)|a(?:(?:staldefence|l)\.museum|ch)|d(?:es(?:pot\.com)?|y\.museum)|s(?:tume\.museum|enza\.it)|penhagen\.museum|g\.mi\.us|ffee)?|h(?:i(?:(?:ku(?:s(?:hino\.fukuoka|ei\.ibaraki)|ho(?:ku\.nagano|\.fukuoka)|(?:[gj]o|zen)\.fukuoka|ma\.nagano)|(?:hayaakasaka\.osak|gasaki\.kanagaw|b)a|(?:jiwa\.nagasak|zu\.tottor)i|t(?:ose\.hokkaido|a\.aichi)|yoda\.(?:gunma|tokyo)|ppubetsu\.hokkaido)\.jp|r(?:urgiens-dentistes(?:-en-france)?\.fr|opractic\.museum|yu\.aichi\.jp)|c(?:hibu\.saitama\.jp|ago\.museum)|ldren(?:s(?:garden)?)?\.museum|n(?:o\.nagano\.jp|tai)|mkent\.su|eti\.it)|a(?:m(?:pionship\.aero|bagri\.fr)|n(?:nel(?:sdvr\.net)?|el)|t(?:tanooga\.museum)?|r(?:ter\.aero|ity)|se)|e(?:r(?:n(?:i(?:(?:go|hi)v|vtsi)|ovtsy)|kas?sy)\.ua|(?:sapeakebay|ltenham)\.museum|ap)|u(?:o\.(?:(?:(?:fukuo|osa)k|chib)a|yamanashi|tokyo)\.jp|ng(?:buk|nam)\.kr|rch)|o(?:(?:(?:yo\.kumamot|fu\.toky)o|(?:s[eh]i|nan)\.chiba)\.jp|colate\.museum)|r(?:ist(?:iansburg\.museum|mas)|ysler|ome)|\.(?:eu\.org|it)|tr\.k12\.ma\.us)?|a(?:r(?:r(?:ara-?massa\.it|ier\.museum)|t(?:oonart\.museum|ier)|bonia-?iglesias\.it|e(?:ers?)?|go\.aero|avan|d?s)?|m(?:p(?:i(?:na(?:grande|s)\.br|dano-?medio\.it)|(?:obasso|ania)\.it)?|bridge\.museum|dvr\.org|\.it|era)?|s(?:a(?:delamoneda\.museum|cam\.net)?|t(?:res|le)\.museum|e(?:rta\.it|ih)?|ino(?:\.hu)?|h)|l(?:(?:(?:tanissett|abri)a)?\.it|ifornia\.museum|vinklein|l)?|(?:-central-1\.elasticbeanstalk\.co|daques\.museu)m|t(?:an(?:zaro|ia)\.it|ering(?:\.aero)?|holic)?|p(?:e(?:breton\.museum|town)|ital(?:one)?)|n(?:(?:ada)?\.museum|cerresearch|on)|(?:hcesuolo\.n|a\.aer)o|\.(?:eu\.org|it|na|us)|b(?:le-modem\.org)?|gliari\.it|xias\.br|fe)?|l(?:o(?:ud(?:(?:(?:f(?:unctions|ront)|ycluster|eity)\.ne|a(?:ccess\.(?:hos|ne)|pp\.ne))t|ns\.(?:c(?:lub|c)|in(?:fo)?|p(?:ro|w)|asia|biz|org|eu|us)|\.(?:(?:fedoraproject\.or|goo)g|metacentrum\.cz)|control(?:app|led)\.com|66\.ws)?|ck\.museum|thing)|i(?:n(?:ton\.museum|i(?:que|c))|ck)|ub(?:\.(?:aero|tw)|med)?|e(?:verapps\.io|aning)|a(?:n\.rip|ims)|\.it)?|i(?:vil(?:(?:i[sz]ation|war)\.museum|aviation\.aero)|s(?:co(?:freak\.com)?|tron\.nl)|t(?:y(?:\.hu|eats)?|adel|ic?)|n(?:cinnati|ema)\.museum|e(?:ncia\.bo|szyn\.pl)|rc(?:us\.museum|le)|priani|m\.br|\.it)?|u(?:st(?:om(?:er\.(?:speedpartner\.de|enonic\.io)|\.metacentrum\.cz)|\.(?:d(?:isrec|ev)|testing|prod)\.thingdust\.io)|ltur(?:al(?:center)?|e)\.museum|i(?:aba\.br|sinella)|ritiba\.br|pcake\.is|neo\.it)?|r(?:e(?:dit(?:union|card)?|ation\.museum|mona\.it|w\.aero)|a(?:ft(?:s\.museum|ing\.xyz)|nbrook\.museum)|i(?:\.(?:br|nz)|mea\.ua|cket)|o(?:tone\.it|wn)|\.(?:it|ua)|uises?|s)?|c(?:\.(?:(?:m[adeinost]|a[klrsz]|i[adln]|w[aivy]|c[aot]|o[hkr]|v[ait]|[hr]i|d[ce]|g[au]|k[sy]|p[ar]|s[cd]|t[nx]|fl|la)\.us|n(?:[cdehjmvy]\.us|a)|u(?:t\.us|a))|i\.fr)?|e(?:[bo]|r(?:t(?:ification\.aero|mgr\.org)|n)|(?:ltic\.museu|chire\.co)m|\.(?:(?:gov|leg)\.br|it)|nter(?:\.museum)?|sena-?forlì?\.it)|n(?:(?:-north-1\.eb\.amazonaws\.com\.c|py\.gd)n|\.(?:eu\.org|com|it|ua)|[gt]\.br)?|y(?:o(?:n\.(?:link|site)|u)|(?:\.eu\.or|a\.g)g|mru(?:\.museum)?|ber\.museum)?|z(?:\.(?:eu\.org|it)|e(?:ladz|st)\.pl)?|\.(?:(?:cdn77\.or|b)g|la|se)|d(?:n77-ssl\.net|\.eu\.org)?|b(?:[ans]|g\.ru|\.it|re)|t\.(?:it|us)|s(?:\.it|c)|v(?:\.ua)?|pa\.pro|66\.me|f[ad]?|k\.ua|q\.cn)|h(?:i(?:(?:(?:gashi(?:(?:(?:hiroshima\.hiroshi|chichibu\.saita|agatsuma\.gun)m|\.(?:fuku(?:shim|ok)|okinaw)|n(?:aruse\.aki|e\.yamaga)t|o(?:saka\.osak|mi\.shig))a|k(?:a(?:g(?:ura\.hokkaido|awa\.kagawa)|wa\.hokkaido)|urume\.tokyo)|y(?:o(?:dogawa\.osak|shino\.nar)a|ama(?:to\.toky|\.kyot)o)|m(?:atsu(?:shima\.miyagi|yama\.saitama)|urayama\.tokyo)|s(?:umiyoshi\.osaka|hirakawa\.gifu)|izu(?:mo\.shimane|\.shizuoka)|(?:tsuno\.ko|ura\.ai)chi)|r(?:a(?:(?:t(?:suka\.kanagaw|a\.fukushim)|kata\.osak|ra\.okinaw)a|(?:do\.nagasak|nai\.aomor)i|izumi\.iwate|ya\.nagano)|o(?:(?:gawa\.wakayam|kawa\.fukuok)a|no\.(?:fukushima|iwate)|s(?:aki\.aomori|hima)|o\.hokkaido))|k(?:a(?:ri\.yamaguchi|wa\.shimane)|imi\.shimane|one\.shiga)|da(?:ka\.(?:(?:wakay|sait)ama|hokkaido|kochi)|\.gifu)|no(?:(?:hara|de)\.tokyo|\.to(?:ttori|kyo))|m(?:e(?:shima\.oita|ji\.hyogo)|i\.toyama)|(?:oki\.kagoshim|zen\.sag|ji\.oit)a)\.j|pho)p|s(?:to(?:r(?:i(?:c(?:al(?:society)?|houses)|sch(?:es)?)|y(?:ofscience)?)|ire)\.museum|a(?:yama\.fukuoka\.jp|mitsu))|t(?:a(?:chi(?:(?:(?:o(?:miy|t)|nak)a)?\.ibaraki\.jp)?|\.oita\.jp)|ra\.no)|c(?:hiso\.gifu\.jp|am\.net)|\.(?:cn|us)|v)|a(?:(?:k(?:u(?:(?:san|i)\.ishikawa|ba\.nagano)|o(?:date\.hokkaido|ne\.kanagawa)|ata\.fukuoka)|chi(?:(?:oji|jo)\.tokyo|rogata\.akita|nohe\.aomori)|ya(?:kawa\.yamanashi|shima\.okayama)|ebaru\.okinawa|zu\.aichi)\.jp|m(?:a(?:(?:t(?:onbetsu\.hokkaido|ama\.saga)|matsu\.shizuoka|da\.shimane)\.jp|r(?:oy)?\.no)|m(?:arfeasta|erfest)\.no|burg(?:\.museum)?|-radio-op\.net|ura\.tokyo\.jp)|n(?:(?:a(?:m(?:igawa\.chiba|aki\.iwate)|wa\.fukushima)|(?:n(?:o\.saitam|an\.osak)|yu\.saitam)a)\.jp|d(?:a\.aichi\.jp|son\.museum)|g(?:gliding\.aero|out))|s(?:h(?:i(?:m(?:oto\.wakayama|a\.gifu)|kami\.aomori)\.jp|bang\.sh)|u(?:ra(?:-app\.io|\.app)|da\.saitama\.jp)|am(?:i\.nagasaki|a\.oita)\.jp|vik\.no)|r(?:a(?:\.nagano\.jp|m\.no)|vestcelebration\.museum|(?:sta|ei)d\.no|ima\.hyogo\.jp)|t(?:(?:o(?:gay|yam)a\.saita|sukaichi\.hiroshi)ma\.jp|tfjelldal\.no)|b(?:(?:oro\.hokkaido|ikino\.osaka)\.jp|mer\.no)|g(?:(?:i\.yamaguch|a\.tochig)i\.jp|ebostad\.no)|l(?:loffame\.museum|(?:den|sa)\.no|f\.host)|d(?:ano\.kanagawa\.jp|sel\.no)|p(?:pou\.akita\.jp|mir\.no)|i(?:bara\.shizuoka\.jp|r)|u(?:gesund\.no|s)|waii\.museum|\.(?:cn|no))|o(?:me(?:s(?:e(?:curity(?:ma|p)c\.com|nse))?|lin(?:ux\.(?:com|net|org)|k\.one)|unix\.(?:com|net|org)|d(?:ns\.org|epot)|ftp\.(?:net|org)|office\.gov\.uk|-webserver\.de|\.dyndns\.org|built\.aero|ip\.net|goods)|n(?:(?:(?:j(?:o\.(?:saitam|akit)|yo\.akit)|go\.hiroshim)a|betsu\.hokkaido|ai\.ehime)\.jp|e(?:foss\.no|ywell)|da)|k(?:u(?:to\.(?:yamanashi|hokkaido)|ryu\.hokkaido)\.jp|k(?:aido\.jp|sund\.no))|r(?:o(?:(?:kanai|nobe)\.hokkaido\.jp|logy\.museum)|(?:nindal|ten)\.no|se)|l(?:(?:mestrand|t[aå]len|e)?\.no|dings|iday)|s(?:t(?:ing(?:-cluster\.nl)?)?|pital)|b(?:by-site\.(?:com|org)|[oø]l\.no)|t(?:el(?:\.(?:hu|lk|tz)|e?s)|mail)?|f(?:u\.yamaguchi\.jp|\.no)|y(?:landet|anger)\.no|use(?:\.museum)?|pto\.(?:org|me)|ckey|w)|e(?:r(?:o(?:y\.(?:more-og-romsdal|nordland)\.no|ku(?:app|ssl)\.com)|(?:øy\.(?:møre-og-romsdal|nordland)|ad)\.no|e(?:-for-more\.info)?|itage\.museum|mes)|alth(?:\.(?:museum|nz|vn)|-carereform\.com|care)?|m(?:bygdsforbund\.museum|(?:sedal|nes?)\.no)|l(?:sinki(?:\.museum)?|las\.museum|p)|(?:kinan\.aichi|guri\.nara)\.jp|imatunduhren\.museum|pforge\.org|\.cn)|(?:(?:ø(?:y(?:landet|anger)|nefoss)|á(?:(?:bme|pmi)r|mmárfeasta)|j(?:elmeland|artdal)|ægebostad|valer|å)\.n|zc\.i)o|u(?:\.(?:eu\.org|com|net)|issier-justice\.fr|manities\.museum|r(?:dal|um)\.no|ghes)?|y(?:u(?:ga\.miyazaki\.jp|ndai)|llestad\.no|ogo\.jp|att)|k(?:\.(?:c(?:om|n)|org)|t)?|b(?:\.c(?:ldmail\.ru|n)|o)|r(?:\.eu\.org)?|dfc(?:bank)?|l\.(?:cn|no)|s(?:\.kr|bc)|\.(?:bg|se)|(?:n\.c)?n|m(?:\.no)?|gtv|t)|i(?:[oq]|s(?:-(?:a(?:-(?:(?:(?:h(?:ard-work|unt)e|financialadviso)r|d(?:e(?:mocrat|signer)|octor)|t(?:e(?:acher|chie)|herapist)|r(?:epublican|ockstar)|n(?:ascarfan|urse)|anarchist|musician)\.com|c(?:(?:(?:ubicle-sla|onservati)ve|pa)\.com|a(?:ndidate\.org|terer\.com)|hef\.(?:com|net|org)|elticsfan\.org)|l(?:i(?:ber(?:tarian|al)\.com|nux-user\.org)|(?:a(?:ndscap|wy)er|lama)\.com)|p(?:(?:ersonaltrain|hotograph|lay)er\.com|a(?:inter\.com|tsfan\.org))|b(?:(?:(?:ookkeep|logg)er|ulls-fan)\.com|ruinsfan\.org)|s(?:o(?:cialist\.com|xfan\.org)|tudent\.com)|g(?:eek\.(?:com|net|org)|(?:reen|uru)\.com)|knight\.org)|n-(?:a(?:c(?:t(?:ress|or)|countant)|(?:narch|rt)ist)|en(?:tertain|gine)er)\.com)|(?:into-(?:(?:car(?:toon)?|game)s|anime)|(?:(?:not-)?certifie|with-theban)d|uberleet|gone)\.com|(?:very-(?:(?:goo|ba)d|sweet|evil|nice)|found)\.org|s(?:aved\.org|lick\.com)|l(?:eet\.com|ost\.org)|by\.us)|(?:hi(?:ka(?:w(?:a\.(?:fukushim|okinaw))?a|ri\.hokkaido)|nomaki\.miyagi|gaki\.okinawa)|umi\.chiba)\.jp|a(?:-(?:geek\.(?:com|net|org)|hockeynut\.com)|\.(?:kagoshima\.jp|us)|haya\.nagasaki\.jp)|e(?:(?:(?:(?:n\.kagoshi|saki\.gun)m|hara\.kanagaw)a|\.mie)\.jp|(?:rnia\.i|lec)t)|s(?:marterthanyou\.com|hiki\.aichi\.jp)|t(?:(?:eingeek|mein)\.de|anbul)?|l(?:eofman\.museum|a\.pr)|\.(?:eu\.org|gov\.pl|it)|maili)?|n(?:(?:a(?:(?:(?:mi\.(?:waka|to)ya|washiro\.fukushi)m|tsuki\.fukuok)a|(?:shiki\.ibarak|zawa\.aich)i|\.(?:ibaraki|saitama|nagano)|g(?:awa\.hyog|i\.toky)o|be\.mie)|(?:uyama\.ai|o\.ko)chi|zai\.chiba|e\.kyoto)\.jp|t(?:e(?:r(?:n(?:et-dns\.de|ational)|active\.museum)|l(?:ligence\.museum)?)|\.(?:eu\.org|a[rz]|c[io]|l[ak]|m[vw]|r[uw]|t[jt]|v[en]|bo|is|ni|pt)|l\.tn|uit)?|f(?:o(?:\.(?:n[afir]|t[nrtz]|a[tuz]|p[klr]|b[bo]|c[ox]|e[ct]|h[tu]|k[ei]|v[en]|gu|la|mv|ro|sd|zm))?|\.(?:br|cu|mk|ua)|initi)|d(?:i(?:an(?:a(?:polis)?|market)?\.museum|gena\.bo)|\.(?:[it]n|br|gt)|ustri(?:a\.bo|es)|er[oø]y\.no)|\.(?:n(?:[ai]|et)|eu\.org|u[as]|rs|th)|s(?:ur(?:ance(?:\.aero)?|e)|titute)|-(?:the-band\.net|addr\.arpa)|g(?:atlan\.hu|\.pa)?|c(?:heon\.kr|\.hk)?|vestments|k)?|w(?:a(?:t(?:(?:suki\.saitam|a\.shizuok)a|(?:e\.iwat)?e)|k(?:u(?:ni\.yamagu|ra\.ai)chi|i\.fukushima)|m(?:izawa\.hokkaido|a\.ibaraki)|n(?:ai\.hokkaido|uma\.miyagi)|fune\.tochigi|de\.wakayama|izumi\.iwate)\.jp|i\.nz|c)|t(?:a(?:(?:k(?:o\.ibaraki|ura\.gunma)|(?:bashi\.toky|mi\.hyog)o|yanagi\.aomori|no\.tokushima)\.jp|u)|o(?:igawa\.niigat|man\.okinaw|\.shizuok)a\.jp|\.(?:eu\.org|ao)|s\.me|v)?|c(?:[eu]|hi(?:ka(?:wa(?:\.(?:chiba|hyogo)|misato\.yamanashi)|i\.tochigi)|no(?:miya\.(?:aichi|chiba)|(?:seki|he)\.iwate)|(?:ba\.tokushim|hara\.chib)a)\.jp|\.gov\.pl|bc)|k(?:(?:eda\.(?:(?:hokkaid|nagan)o|fukui|osaka|gifu)|usaka\.nagano|oma\.nara)\.jp|a(?:(?:(?:ruga\.nar|wa\.akit)a|ta\.ehime)\.jp|no)|i\.(?:nagasaki\.jp|fi))|z(?:(?:u(?:m(?:i(?:(?:otsu|sano)\.osak|\.(?:kagoshim|osak)|zaki\.fukushim)a|o(?:zaki\.niigata|\.shimane))|(?:nokuni)?\.shizuoka)|ena\.okinawa)\.jp|\.hr)|m(?:a(?:(?:kane\.hokkaido|bari\.ehime|ri\.saga)\.jp|geandsound\.museum|mat)|izu\.toyama\.jp|(?:peria)?\.it|mo(?:bilien)?|b\.br|db)?|(?:i(?:zu(?:ka\.fukuoka|na\.nagano)|d(?:e\.yamagata|a\.nagano)|(?:ji|ya)ma\.nagano|tate\.fukushima)|heya\.okinawa|yo\.ehime)\.jp|b(?:(?:ara(?:ki(?:\.(?:ibaraki|osaka))?|\.okayama)|igawa\.gifu)\.jp|estad\.no|m)|d(?:\.(?:l[vy]|au|ir|us)|e\.kyoto\.jp|v\.(?:hk|tw)|rett\.no|f\.il)?|l(?:lustration\.museum|\.(?:eu\.org|us)|ovecollege\.info|awa\.pl)?|v(?:ano(?:-frankivsk\.ua|vo\.su)|(?:e(?:land\.n|c)|gu\.n)o)|r(?:(?:aq|on)\.museum|uma\.saitama\.jp|is(?:\.arpa|h))?|p(?:i(?:fony\.net|ranga)|6\.arpa)|a(?:mallama\.com|\.us)|glesias-?carbonia\.it|e(?:\.eu\.org|ee)?|\.(?:[bn]g|ph|se)|f(?:\.ua|m)|234\.me)|b(?:[fw]|a(?:r(?:sy(?:\.(?:s(?:upport|hop|ite)|m(?:e(?:nu)?|obi)|i(?:n(?:fo)?|o)|c(?:o\.uk|lub)|o(?:nline|rg)|p(?:ro|ub)|net|bg|de|eu|uk)|online\.co(?:\.uk|m)|center\.com)|(?:(?:letta(?:-trani-|trani)andria|i)\.i|efoo)t|c(?:elona(?:\.museum)?|lay(?:card|s))|re(?:l?l-of-knowledge\.info|au\.bj)|u(?:eri\.br|m\.no)|(?:du\.n|\.pr)o|gains)?|l(?:s(?:an(?:-su[ë]?dtirol)?\.it|fjord\.no)|l(?:ooning\.aer|angen\.n)o|e(?:strand\.no|\.museum)|a(?:shov\.su|t\.no)|timore\.museum)|s(?:e(?:ball(?:\.museum)?|l\.museum)|(?:ilicata)?\.it|hkiria\.[rs]u|ketball)|n(?:d(?:(?:ai\.fukushima|o\.ibaraki)\.jp)?|a(?:narepublic|mex)|k)|t(?:o\.tochigi\.jp|hs\.museum|sfjord\.no)|(?:(?:jddar|mble)\.n|ckplaneapp\.i)o|h(?:c?cavuotna\.no|n\.museum)|da(?:joz\.museum|ddja\.no)|\.(?:(?:gov|leg)\.br|it)|u(?:ern\.museum|haus)|b(?:ia-gora\.pl|y)|id(?:ar\.no|u)|ghdad\.museum|yern)?|o(?:l(?:(?:zano(?:-altoadige)?|ogna)\.it|dlygoingnowhere\.org|eslawiec\.pl|ivia\.bo|t\.hu)|t(?:an(?:ic(?:al(?:garden)?|garden)|y)\.museum)?|u(?:n(?:ty-full\.com|ceme\.net)|tique)|\.(?:(?:nordland|telemark)\.no|it)|s(?:t(?:on(?:\.museum)?|ik)|ch)|zen(?:-su[ë]?dtirol)?\.it|o(?:k(?:ing)?|mla\.net)?|a(?:vista\.br|ts)|(?:d[oø]|kn)\.no|n(?:n\.museum|d)|x(?:fuse\.io)?|m(?:lo\.no)?|ehringer|fa)?|i(?:z(?:\.(?:p[klr]|t[jrt]|a[tz]|m[vw]|n[ir]|bb|cy|dk|et|id|ki|ua|vn|zm)|en\.okayama\.jp)?|r(?:(?:thplace|dart)\.museum|atori\.hokkaido\.jp|kenes\.no|\.ru)|e(?:l(?:awa\.pl|la\.it)|i\.hokkaido\.jp|szczady\.pl|v[aá]t\.no)|b(?:ai\.hokkaido\.jp|le(?:\.museum)?)|(?:l(?:bao|l)\.museu|tballoon\.co)m|(?:fuka|horo)\.hokkaido\.jp|al(?:owieza|ystok)\.pl|n(?:dal\.no|go?)|o(?:\.br)?|\.it|ke|d)?|r(?:o(?:(?:wsersafetymark\.i|nnoy(?:sund)?\.n)o|ke(?:r(?:\.aero)?|-it\.net)|ad(?:cast\.museum|way)|ther)|u(?:ssel(?:s(?:\.museum)?|\.museum)|(?:xelles|nel)\.museum|munddal\.no)|a(?:nd(?:ywinevalley\.museum|\.se)|sil(?:\.museum|ia\.me)|desco)|i(?:(?:tish(?:columbia)?|stol)\.museum|ndisi\.it|dgestone)|e(?:manger\.no|scia\.it)|y(?:ansk\.su|ne\.no)|ønnøy(?:sund)?\.no|\.(?:com|it))?|e(?:r(?:g(?:(?:en)?\.no|bau\.museum|amo\.it)|l(?:in(?:\.museum)?|ev[aå]g\.no)|(?:keley|n)\.museum)|a(?:r(?:alv[aá]hki|du)\.no|u(?:xarts\.museum|ty)|ts)|l(?:l(?:evue\.museum|uno\.it)|(?:em\.b|\.t)r|au\.pw)|t(?:a(?:\.bounty-full|inabox)\.com|ter-than\.tv)?|e(?:ldengeluid\.museum|p\.pl|r)|s(?:t(?:buy)?|kidy\.pl)|n(?:evento\.it|tley)|ppu\.oita\.jp|\.eu\.org|dzin\.pl|iarn\.no)?|l(?:o(?:g(?:s(?:pot\.(?:c(?:[afhlvz]|o(?:m(?:\.(?:e[egs]|a[ru]|b[ry]|c[oy]|mt|ng|tr|uy))?|\.(?:i[dl]|at|ke|nz|uk|za)))|m[dkrxy]|s[egikn]|b[aegj]|i[enst]|r[eosu]|a[elm]|h[kru]|l[itu]|[gk]r|d[ek]|f[ir]|n[lo]|p[et]|t[dw]|jp|qa|ug|vn)|ite\.(?:org|xyz)|yte\.com)|dns\.(?:com|net|org)|\.b[or])?|xcms\.com|ckbuster|omberg)|a(?:ck(?:baudcdn\.net|friday)?|nco)|\.it|ue)|u(?:n(?:go(?:takada|ono)\.oita|kyo\.tokyo)\.jp|s(?:(?:hey)?\.museum|an\.kr|iness)|lsan(?:-su[ë]?dtirol)?\.it|ild(?:ing\.museum|ers)?|z(?:en\.fukuoka\.jp|z)|d(?:ejju\.no|apest)|y(?:shouses\.net)?|rghof\.museum|khara\.su|gatti|\.no)|(?:á(?:(?:jdda|idá)r|hc?cavuotna|lát)|ø(?:\.(?:nordland|telemark)|mlo)|å(?:tsfjord|dåddjå)|ærum)\.no|y(?:(?:dgoszcz|tom)\.pl|(?:gland|kle)\.no|en\.site)?|j(?:(?:ark[oø]y|erkreim|ugn)\.no|\.cn)?|\.(?:s(?:sl\.fastly\.net|e)|b[gr])|m(?:[sw]|oattachments\.org|d\.br)?|c(?:[gn]|i\.dnstrace\.pro|\.ca)|n(?:pparibas|r\.la|\.it|l)|g(?:\.(?:eu\.org|it))?|placed\.(?:com|net|de)|b(?:[ct]|s\.tr|va)?|h(?:z\.br|arti)?|s(?:b\.br|\.it)?|z(?:\.it|h)?|(?:t\.i)?t|v(?:\.nl)?|d\.se)|o(?:r(?:g(?:\.(?:m[aegklnostuvwxyz]|s[abcdeghlnotvyz]|b[abhimorstwz]|g[eghilnprtuy]|p[aefhklnrsty]|a[cefgilruz]|l[abckrsvy]|k[gimnpyz]|t[jmnortw]|c[inouwy]|i[lmnqrs]|e[cegst]|n[agirz]|u[agkyz]|v[ceinu]|h[kntu]|d[moz]|r[osu]|z[amw]|j[eo]|om|qa|ws)|anic)?|\.(?:c[ir]|i[dt]|k[er]|t[hz]|u[gs]|at|bi|jp|mu|na|pw)|(?:k(?:anger|dal)|s(?:kog|ta)|land)\.no|a(?:\.gunma\.jp|(?:cl|ng)e)|egon(?:trail)?\.museum|i(?:stano\.it|gins))|s(?:a(?:k(?:i(?:kamijima\.hiroshima|\.miyagi)\.jp|a(?:(?:sayama\.osaka)?\.jp)?)|sco\.br)|t(?:r(?:o(?:w(?:wlkp|iec)|(?:lek|d)a)\.pl|e-toten\.no)|er[oø]y\.no)|h(?:i(?:ma\.(?:yamaguchi|tokyo)|no\.yamanashi)|u\.iwate)\.jp|(?:\.h(?:ordaland|edmark)|(?:[oø]yr|l)o)\.no|e(?:to\.nagasaki\.jp|n\.no))|t(?:a(?:(?:k(?:i\.(?:(?:saitam|chib)a|nagano)|e\.hiroshima)|r(?:u\.hokkaid|i\.nagan)o|\.(?:gunma|tokyo)|ma\.fukushima)\.jp|go\.museum)|su(?:k(?:i\.(?:yamanas|koc)hi\.jp|a)|(?:chi\.iwate|\.shiga)\.jp)|o(?:(?:(?:fuk|b)e|ineppu)\.hokkaido|\.fukuoka|yo\.kochi)\.jp|(?:\.i)?t|her\.nf)|k(?:(?:a(?:ya(?:(?:ma\.okaya)?ma|\.nagano)|wa\.(?:fukuoka|kochi)|gaki\.fukuoka|zaki\.aichi)|u(?:izumo\.shimane|ma\.fukushima|tama\.tokyo)|e(?:gawa\.saitama|to\.hokkaido)|oppe\.hokkaido)\.jp|i(?:n(?:awa(?:(?:\.okinawa)?\.jp)?|oshima\.shimane\.jp)|\.fukuoka\.jp)|snes\.no|\.us)|n(?:(?:o(?:(?:michi\.hiroshim|jo\.fukuok)a|\.(?:fuku(?:shima|i)|hyogo))|(?:juku\.chib|na\.okinaw)a|agawa\.miyagi)\.jp|-(?:aptible\.com|the-web\.tv|web\.fr)|t(?:ario\.museu|hewifi\.co)m|l(?:ine(?:\.museum)?)?|g(?:a\.fukuoka\.jp)?|(?:yoursid)?e|\.ca|ion)|g(?:(?:a(?:wa(?:\.(?:ibaraki|saitama|nagano)|ra\.miyagi)|(?:(?:ta)?\.akit|no\.saitam)a|sawara\.tokyo|ki\.gifu)|(?:o(?:ri\.fukuok|se\.saitam)|i(?:mi\.okinaw|\.sag))a|u(?:ni\.(?:kumamoto|yamagata)|chi\.aichi))\.jp|\.(?:ao|it)|liastra\.it)|m(?:(?:i(?:(?:hachiman\.shig|gawa\.chib|ya\.saitam)a|\.n(?:iigata|agano)|tama\.ibaraki)|u(?:ra\.nagasaki|ta\.fukuoka)|otego\.fukushima)\.jp|a(?:(?:chi\.(?:nagano|saga)|ezaki\.shizuoka)\.jp|svuotna\.no|ha\.museum)|e(?:\.tokyo\.jp|ga))?|b(?:(?:a(?:ma\.(?:nagasak|fuku)i|nazawa\.yamagata)|u(?:se\.nagano|\.aichi))\.jp|i(?:(?:hiro|ra)\.hokkaido\.jp)?|ninsk\.su|server)|i(?:(?:s(?:hida\.yamagat|o\.kanagaw)|(?:ta\.oi)?t|zumi\.gunm|\.kanagaw)a\.jp|r(?:ase\.aomori\.jp|m\.gov\.pl))|h(?:(?:(?:i(?:ra\.(?:tochi|miya)g|\.fuku)|tawara\.tochig|aru\.aich)i|kura\.yamagata|da\.shimane)\.jp|\.us)|y(?:(?:a(?:ma(?:zaki\.kyoto|\.tochigi)|be\.toyama)|odo\.nara)\.jp|(?:stre-slidre|garden|er)\.no|\.lc)|p(?:e(?:n(?:craft\.hosting|air\.museum)?|raunite\.com)|p(?:eg[aå]rd|dal)\.no|o(?:czno|le)\.pl)|l(?:a(?:yan(?:group)?|wa\.pl)|(?:sztyn|ecko|kusz)\.pl|bia-?tempio\.it|(?:\.n|l)o|dnavy)|(?:(?:ji(?:ya\.niigat|\.nar)|e\.yamagat)a|a(?:mishirasato\.chiba|rai\.ibaraki))\.jp|f(?:f(?:ic(?:e(?:-on-the\.net)?|ial\.academy)|\.ai)?|unato\.iwate\.jp|\.(?:by|no))|u(?:m(?:u\.hokkaido\.jp|\.gov\.pl)|(?:chi\.sag|da\.nar)a\.jp|tsystemscloud\.com)|w(?:n(?:(?:provider\.co|\.p)m|ip\.net)|a(?:riasahi\.aich|ni\.aomor)i\.jp)|d(?:a(?:wara\.kanagaw|te\.akit)a\.jp|(?:es?sa)?\.ua|da\.no|o\.br)|z(?:(?:u\.(?:kumamoto|ehime)|ora\.hokkaido)\.jp|\.au)|c(?:eanographi(?:que|c)\.museum|hi\.kochi\.jp)|o(?:(?:shik|kuw)a\.nagano\.jp|guy\.com|o)|v(?:(?:re-eiker|erhalla)\.no|h)|x(?:ford\.museum|\.rs)|\.(?:bg|se))|f(?:u(?:(?:k(?:u(?:(?:(?:yama\.hiroshi|mitsu\.toya)m|(?:roi\.shizu)?ok|domi\.sag)a|s(?:hima(?:\.(?:fukushima|hokkaido))?|aki\.hyogo)|chi(?:yama\.kyoto|\.fukuoka)|(?:i\.fuku)?i)|a(?:gawa\.hokkaido|ya\.saitama))|chu\.(?:to(?:yama|kyo)|hiroshima)|dai\.iwate)\.jp|ji(?:(?:(?:(?:(?:(?:nomiy|ed)a)?\.shizuo|idera\.osa)k|oka\.gunm)a|s(?:a(?:wa\.(?:kanagawa|iwate)|to\.akita)|hiro\.ibaraki)|kawa(?:\.(?:yamanashi|shizuoka)|guchiko\.yamanashi)|mi(?:\.(?:saitama|nagano)|no\.saitama)|yoshida\.yamanashi)\.jp|xerox|tsu)|r(?:(?:u(?:dono\.fukushima|bira\.hokkaido|kawa\.miyagi)|ano\.hokkaido)\.jp|niture(?:\.museum)?)|t(?:(?:(?:aba\.fukushim|tsu\.chib)a|su\.nagasaki)\.jp|ure(?:host|mail)ing\.at|bol)|n(?:a(?:gata\.yamagat|hashi\.toyam|bashi\.chib)a\.jp|d(?:acio\.museum)?)?|e(?:fuki\.yamanashi\.jp|ttertdasnetz\.de|l\.aero)|s(?:(?:sa\.tokyo|o\.aichi)\.jp|a\.no)|o(?:isku|ssko)\.no)|r(?:o(?:m(?:-(?:(?:i[adln]|w[aivy]|o[hkr]|[hr]i|d[ce]|k[sy]|p[ar]|s[cd]|t[nx]|v[at]|fl|ga|ut)\.com|m(?:[adinost]\.com|e\.org)|n(?:[cdehjmv]\.com|y\.net)|a(?:[klr]\.com|z\.net)|c(?:[at]\.com|o\.net)|la\.net)|\.hr)|g(?:\.museum|n\.no|ans)|s(?:inone\.it|ta\.no)|(?:land|ya)\.no|nt(?:doo|ie)r)|e(?:e(?:box(?:-os\.(?:com|fr)|os\.(?:com|fr))|d(?:dns\.(?:org|us)|esktop\.org)|(?:tls\.fastly\.ne|site\.hos)t|masonry\.museum)?|i(?:(?:ght\.aer|\.n)o|burg\.museum)|drikstad\.no|senius)|i(?:uli-?v(?:e(?:nezia)?)?-?giulia\.it|bourg\.museum)|an(?:(?:ziskaner|caise|kfurt)\.museum|a\.no)|\.(?:eu\.org|it)|(?:æn|øy)a\.no|l)?|i(?:r(?:e(?:wall-gateway\.(?:com|net|de)|baseapp\.com|nze\.it|stone)?|m(?:\.(?:[cr]o|dk|ht|in|nf|ve)|dale))|n(?:(?:earts?|land)\.museum|a(?:nc(?:ial|e)|l)|\.(?:ec|tn)|n[oø]y\.no)|l(?:m(?:\.(?:museum|hu))?|atelia\.museum|egear\.me)|e(?:ld\.museum|\.ee)|\.(?:eu\.org|cr|it)|t(?:jar\.no|ness)?|gueres\.museum|d(?:elity|o)|sh(?:ing)?|at)?|o(?:r(?:-(?:(?:(?:mor|som|th)e|better)\.biz|our\.info)|t(?:(?:missoula|worth)\.museum|al\.br)|got\.h(?:er|is)\.name|um(?:z\.info|\.hu)?|lì?-?cesena\.it|sa(?:nd\.no|le)|d(?:e\.no)?|ce\.museum|ex)|(?:l(?:kebib|lda)l|snes)\.no|o(?:d(?:network)?|tball)?|undation(?:\.museum)?|[tz]\.br|ggia\.it|x)?|a(?:r(?:m(?:e(?:quipment\.museum|rs(?:\.museum)?)|(?:stead)?\.museum)?|sund\.no|\.br)|s(?:t(?:(?:panel\.direc|lylb\.ne)t|vps-server\.com)?|hion)|m(?:ily(?:ds\.(?:com|net|org)|\.museum)?|\.pk)|n(?:tasyleague\.cc|s)?|i(?:rwinds|th|l)|uske\.no|ge)|l(?:o(?:r(?:i(?:da\.museum|pa\.br|st)|[aoø]\.no|ence\.it)|g\.br|wers)|a(?:(?:tanger|kstad)?\.no|nders\.museum)|y(?:nnh(?:osting\.net|ub\.com))?|(?:e(?:kkefjord|sberg)|å)\.no|i(?:ght(?:\.aero|s)|(?:ck)?r)|t\.cloud\.muni\.cz|\.us)|e(?:d(?:ora(?:infracloud|people)\.org|e(?:ration\.aero|x)|je\.no|\.us)|r(?:r(?:ar(?:a\.it|i)|ero)|mo\.it)|(?:ste-ip\.ne|\.i)t|t(?:sund)?\.no|ira\.br|edback)|h(?:s(?:k\.se|\.no)|app\.xyz|v?\.se)|y(?:(?:lkesbib|resda)l\.no|i)|(?:(?:nd|st)\.b|bx-?os\.f)r|j(?:(?:aler|ell)\.no|\.cn)|m(?:\.(?:br|it|no))?|t(?:paccess\.cc|r)|(?:v?g|c)\.it|\.(?:bg|se)|ørde\.no)|g(?:[fhpqt]|o(?:v(?:\.(?:m[aegklnorsuvwyz]|n(?:(?:c\.t)?r|g)|b[abfhmrstyz]|s[abcdghltxy]|a[ceflrsuz]|c[dlmnouxy]|l[abckrtvy]|p[hklnrsty]|t[jlmnortw]|g[ehinruy]|i[elnqrst]|k[gimnpyz]|e[cegt]|d[moz]|r[suw]|v[cen]|z[amw]|u[ak]|hk|jo|om|qa|ws)|ernment\.aero|t\.nz)?|t(?:(?:emba\.shizuoka|o\.nagasaki|su\.shimane)\.jp|dns\.(?:c(?:om|h)|org)|pantheon\.com)?|\.(?:(?:dyndns\.or|u)g|(?:gov|leg)\.br|t[hjz]|c[ir]|i[dt]|k[er]|jp|pw)|b(?:\.(?:p[aek]|[bd]o|e[cs]|ar|cl|gt|hn|mx|ni|sv|ve)|o\.wakayama\.jp)|o(?:g(?:le(?:(?:apis|code)\.com)?)?|d(?:hands|year))?|s(?:(?:e(?:n\.niigat|\.nar)a|hiki\.hyogo)\.jp|\.pk)|l(?:f(?:fan\.us)?|d(?:point)?|\.no)|r(?:ge\.museum|izia\.it|lice\.pl)|uv\.(?:bj|ci|fr|ht|km|ml|rw|sn)|k(?:ase\.miyazaki\.jp|\.pk)|n(?:ohe\.aomori\.jp|\.pk)|d(?:o\.gifu\.jp|addy)|i(?:ania\.br|p\.de)|jome\.akita\.jp|p(?:\.pk)?)|r(?:o(?:u(?:ndhandling\.aero|p(?:\.aero)?)|ks-th(?:is|e)\.info|n(?:dar\.za|g\.no)|zny\.[rs]u|sseto\.it|cery)|a(?:n(?:drapids\.museum|(?:vin|e)?\.no)|t(?:angen\.no|is)|z\.museum|jewo\.pl|inger|phics)|i(?:w\.gov\.pl|mstad\.no|pe)|\.(?:eu\.org|com|it|jp)|u(?:e\.no|\.br)|e(?:ta\.fr|en)|p\.lk)?|e(?:o(?:rg(?:ia\.(?:museum|su)|e)|metre-expert\.fr|logy\.museum)|n(?:\.(?:mi\.us|in|nz|tr)|kai\.saga\.jp|t(?:ing)?|ov?a\.it)|e(?:k(?:galaxy\.com|\.nz)|lvinck\.museum)|t(?:myip\.com|s-it\.net)|mological\.museum|isei\.kochi\.jp|\.it|a)?|a(?:m(?:e(?:-(?:server\.cc|host\.org)|s(?:\.hu)?|\.tw)?|(?:agori\.aichi|o\.shiga)\.jp|vik\.no)|l(?:l(?:ery(?:\.museum)?|up|o)|sa\.no)?|(?:u(?:sdal|lar)|ivuotna)\.no|ng(?:aviika\.no|won\.kr)|rden(?:\.museum)?|teway\.museum|\.us|p)?|i(?:t(?:hub(?:usercontent\.com|\.io)|-repos\.de|lab\.io)|n(?:o(?:wan|za)\.okinawa|an\.gifu)\.jp|e(?:htavuoatna\.no|ssen\.museum)|f(?:(?:u\.gif)?u\.jp|ts?)|(?:ldesk[aå]l|ske)\.no|v(?:ing|es)|ize\.com)?|l(?:o(?:b(?:al(?:\.(?:prod|ssl)\.fastly\.net)?|o)|ppen\.no|gow\.pl)|a(?:s(?:s(?:\.museum)?|\.museum)|de)|i(?:ding\.aero|wice\.pl)|e(?:eze\.com)?|ug\.org\.uk)?|u(?:(?:(?:shikami\.okinaw|nm)a|jo\.gifu)\.jp|(?:ovdageaidnu|len)\.no|a(?:m\.gu|rdian)|ernsey\.museum|i(?:tars|de)|b\.uy|\.us|cci|ge|ru)?|s(?:\.(?:(?:s(?:[ft]|valbard)|o(?:[fl]|slo)|jan-mayen|a[ah]|h[lm]|n[lt]|t[mr]|v[af]|bu|fm|mr|rl)\.no|cn)|m\.pl)?|(?:j(?:e(?:r(?:drum|stad)|mnes|sdal)|[oø]vik)|á(?:(?:ŋgaviik|ivuotn)a|lsá))\.no|y(?:eong(?:buk|nam|gi)\.kr|okuto\.kumamoto\.jp)?|d(?:(?:a(?:nsk)?|ynia)\.pl|(?:\.c)?n)?|w(?:iddle\.co\.uk|angju\.kr)?|m(?:[ox]|(?:ina\.p|ai)l|bh)?|b(?:\.(?:com|net)|iz)?|n(?:iezno\.pl)?|g(?:f\.br|ee)?|\.(?:bg|se)|[xz]\.cn|v\.a[ot]|12\.br|c\.ca)|p(?:a(?:r(?:is(?:\.(?:eu\.org|museum))?|a(?:chut|glid)ing\.aero|t(?:(?:ner)?s|i\.se|y)|(?:och\.k12\.ma\.u)?s|liament\.(?:cy|nz)|ma\.it)|l(?:m(?:springs\.museum|as\.br)|e(?:o\.museum|rmo\.it)|ace\.museum)|s(?:s(?:enger-association\.aero|agens)|adena\.museum)|n(?:a(?:ma\.museum|sonic)|theonsite\.io|erai)|ge(?:(?:speedmobilizer|frontapp)\.com)?|\.(?:gov\.(?:br|pl)|leg\.br|it|us)|d(?:erborn\.museum|(?:ov|u)a\.it)|cific\.museum|tria\.bo|via\.it|y)?|r(?:o(?:\.(?:[bp]r|[ht]t|az|cy|ec|mv|na|om|vn)|d(?:uction(?:\.aero|s))?|f(?:esional\.bo|\.pr)?|t(?:onet\.io|ection)|pert(?:ies|y)|ject\.museum|chowice\.pl|gressive|mo)?|es(?:s(?:\.(?:m(?:useum|a)|aero|cy|se)|e\.(?:ci|fr|km|ml))?|(?:ervation|idio)\.museum)|i(?:v(?:atizehealthinsurance\.net|\.(?:at|hu|me|no|pl))|(?:\.e|m)e|ncipe\.st)|\.(?:(?:gov|leg)\.br|it|us)|u(?:(?:szkow\.p|dentia)l)?|a(?:merica|to\.it|xi)|d\.(?:fr|km|mg)|zeworsk\.pl)?|o(?:r(?:t(?:(?:l(?:ligat|and)|al)\.museum|\.fr)|s(?:ang(?:er|u)|grunn|áŋgu)\.no|denone\.it|n)|l(?:i(?:ti(?:ca\.bo|e)|ce\.uk)|\.(?:dz|ht|tr)|kowice\.pl|tava\.ua)|d(?:(?:lasi|hal)e\.pl|zone\.(?:net|org))|st(?:s-and-telecommunications\.museum)?|i(?:nt(?:2this\.com|to\.us)|vron\.org)|(?:(?:mor(?:ski|z)e|wiat|znan)\.p|h)l|t(?:ager\.org|enza\.it)|k(?:rovsk\.su|er)|\.(?:gov\.pl|it)|a\.br)|i(?:(?:e(?:dmont|monte)\.i|a(?:cenza\.i|ge))t|l(?:ot(?:s\.museum|\.aero)|a\.pl)|(?:ttsburgh\.museu|xolino\.co)m|\.(?:(?:gov|leg)\.br|it)|s(?:(?:toi)?a\.it|z\.pl)|n(?:[gk]|b\.gov\.pl)?|c(?:t(?:ures|et)|s)|ppu\.hokkaido\.jp|mienta\.org|w\.gov\.pl|oneer|zza|d)|h(?:o(?:to(?:graphy(?:\.museum)?|s)?|enix\.museum|ne)|il(?:a(?:delphi(?:aare)?a|tely)\.museum|ips)|armac(?:ien(?:s\.km|\.fr)|y(?:\.museum)?)|ysio|d)?|l(?:a(?:(?:n(?:t(?:ation|s)|etarium)|za)\.museum|y(?:station)?|ce)|u(?:rinacional\.bo|mbing|s)|c\.(?:co\.im|ly|uk)|\.(?:eu\.org|ua)|o\.ps)?|e(?:r(?:so\.(?:[st]n|ht)|\.(?:la|nf|sg)|ugia\.it)|\.(?:(?:(?:gov|leg)\.b|k)r|ca|it)|(?:s(?:aro-?urbino|cara)\.i)?t|nza\.su)?|u(?:b(?:l(?:i(?:shproxy\.co|c\.museu)m|\.pt)|ol\.museum|\.sa)?|(?:p\.gov|lawy)\.pl|(?:g(?:lia)?)?\.it|eblo\.bo)|v(?:t\.(?:k12\.ma\.us|ge)|h\.br|\.it)|s(?:(?:se|p)\.gov\.pl|[ci]\.br)?|t(?:\.(?:eu\.org|it)|plus\.fit)?|g(?:(?:afan\.ne|\.i)t|fog\.com)|c(?:\.(?:it|pl)|loud\.host|cw)|p(?:\.(?:az|ru|se|ua)|g\.br)|b\.(?:(?:gov|leg)\.br|ao)|y(?:atigorsk\.ru)?|n(?:\.it|c)?|\.(?:bg|se)|m(?:n\.it)?|f(?:izer)?|[dz]\.it|wc?|k)|d(?:[jmz]|e(?:v(?:ices\.resinstaging\.io|-myqnapcloud\.com|\.static\.land|elopment\.run)?|l(?:(?:menhorst|aware)\.museum|l(?:-?ogliastra\.it)?|ivery|oitte|ta)|s(?:i(?:gn(?:\.(?:museum|aero))?)?|a\.id)|f(?:inima\.(?:net|io)|ense\.tn|\.br)|p(?:o(?:t\.museum|rte\.bo)|\.no)|(?:corativearts|troit)\.museum|n(?:mark\.museum|t(?:ist|al))|mo(?:cra(?:cia\.bo|t)|n\.nl)|\.(?:co(?:ol|m)|eu\.org|us)|a(?:l(?:er|s)?|tnu\.no)|bian\.net|dyn\.io|gree)?|y(?:n(?:dns(?:-(?:(?:offic|remot|fre|hom)e|at-(?:home|work)|w(?:iki|ork|eb)|server|blog|mail|pics|ip)\.com|\.(?:ddnss\.de|info|biz|org|tv|ws)|1\.de)|a(?:mi(?:sches-dns\.de|c-dns\.info)|lias\.(?:com|net|org)|thome\.net)|\.(?:(?:cosidn|ddns)s|home-webserver)\.de|-(?:(?:ip24|vpn)\.de|o-saur\.com)|v(?:6\.net|pn\.de)|serv\.org|ns\.com|u\.net)|r[oø]y\.no|\.fi)|a(?:[dy]|t(?:to(?:(?:relay|web)\.com|local\.(?:com|net))|e(?:\.(?:fukushima|hokkaido)\.jp)?|a(?:base\.museum)?|ing|sun)|(?:i(?:(?:wa\.hiroshim|sen\.akit|to\.osak)a|go\.ibaraki)|zaifu\.fukuoka)\.jp|(?:l(?:las|i)\.museu|mnserver\.co)m|vve(?:nj[aá]rg|siid)a\.no|(?:e(?:jeon|gu)\.k|bu)r|(?:plie\.m|nc)e|gestan\.[rs]u)|o(?:[gt]|n(?:texist\.(?:com|net|org)|ostia\.museum|etsk\.ua|na\.no)|es(?:ntexist\.(?:com|org)|-it\.net)|m(?:inic\.ua|ains)|omdns\.(?:com|org)|shi\.yamanashi\.jp|lls\.museum|c(?:tor|s)|vre\.no|wnload|dge|ha)?|i(?:s(?:co(?:ver(?:y\.museum)?|unt)|kstation\.(?:org|eu|me)|h)|(?:nosaur\.museu|tchyourip\.co)m|vt(?:tasvuot|asvuod)na\.no|e(?:lddanuorri\.no|t)|rect(?:ory)?|amonds|gital|y)|n(?:s(?:alias\.(?:com|net|org)|dojo\.(?:com|net|org)|up(?:dater\.de|\.net)|(?:home\.d|for\.m)e|iskinky\.com|king\.ch)|i(?:propetrovsk\.ua|\.us)|(?:epropetrovsk)?\.ua|p)|r(?:a(?:y(?:d(?:dns\.com|ns\.de)|-dns\.de)|(?:ngedal|mmen)\.no)|eamhosters\.com|ud\.(?:io|us)|[oø]bak\.no|\.(?:na|tr)|ive)|d(?:ns(?:(?:(?:fre|liv)e|geek|king)\.com|s\.(?:org|de)|\.(?:net|me))|r\.museum|-dns\.de|s)|s(?:cloud\.(?:m(?:obi|e)|biz)|mynas\.(?:com|net|org)|t\.mi\.us)|u(?:r(?:ham\.museum|ban)|ck(?:dns\.org)?|n(?:lop|s)|pont|bai)|v(?:r(?:cam\.info|dns\.org)?|ag)|(?:gca\.aer|ønna\.n)o|(?:lugoleka\.p|h)l|f\.(?:gov|leg)\.br|k(?:\.eu\.org)?|c(?:\.us|lk)|\.(?:bg|se)|p\.ua|tv)|l(?:[bkr]|i(?:b\.(?:(?:m[adeinost]|n[cdehjmvy]|a[klrsz]|i[adln]|c[aot]|o[hkr]|v[ait]|w[aiy]|[hr]i|d[ce]|g[au]|k[sy]|p[ar]|s[cd]|t[nx]|fl|la|ut)\.us|ee)|n(?:k(?:yard(?:-cloud\.ch|\.cloud)|itools\.space)?|d(?:e(?:snes\.no)?|[aå]s\.no)|coln(?:\.museum)?|z\.museum)|m(?:a(?:-city\.(?:rocks|at|ch|de)|nowa\.pl|\.zone)|ited|o)|v(?:ing(?:(?:history)?\.museum)?|orno\.it|e)|ll(?:e(?:hammer|sand)\.no|y)|ke(?:s(?:candy|-pie)\.com)?|fe(?:(?:insuranc|styl)e)?|g(?:(?:uria)?\.it|hting)|er(?:ne)?\.no|(?:xi|d)l|aison|\.it|psy)?|a(?:n(?:c(?:as(?:hire\.museum|ter)|ome|ia)|d(?:-4-sale\.us|es\.museum|rover)?|gev[aå]g\.no|s\.museum|bib\.se|xess)|(?:va(?:ngen|gis)|akesvuemie|hppi)\.no|(?:(?:-spezi|quil)a|z(?:io)?)\.it|r(?:(?:dal|vik)\.no|sson\.museum)|t(?:in(?:a\.it|o)|robe)?|(?:bou?r|jolla)\.museum|w(?:\.(?:pro|za)|yer)?|s(?:pezia\.it|alle)|m(?:borghini|er)|(?:dbroke|\.u)s|kas\.hu|py\.pl|caixa)?|o(?:(?:s(?:angeles\.museu|eyourip\.co)|(?:yalist|uvre)\.museu)m|c(?:alh(?:ost\.daplie\.me|istory\.museum)|ker|us)|g(?:i(?:stics\.aero|nto\.me)|oip\.(?:com|de))|m(?:bard(?:ia|y)\.it|\.(?:it|no)|za\.pl)|nd(?:on(?:\.museum)?|rina\.br)|(?:renskog|ppa)\.no|a(?:b[aá]t\.no|ns?)|di(?:ngen\.no|\.it)|t(?:en\.no|t[eo])|(?:wicz\.p)?l|(?:\.i|f)t|ve)|e(?:i(?:(?:r(?:fjord|vik)|kanger)\.no|tungsen\.de)|a(?:s(?:ing\.aero|e)|[nŋ]gaviika\.no)|(?:k(?:svik|a)|vanger|rdal|sja)\.no|b(?:timnetz\.de|esby\.no|ork\.pl)|g(?:(?:nica\.p|a)l|\.br|o)|c(?:c[eo]\.it|lerc)|n(?:vik\.no|ug\.su)|wismiller\.museum|zajsk\.pl|l\.br|\.it|frak|xus)|u(?:c(?:(?:ani|c)a\.it|erne\.museum)|x(?:e(?:mbourg\.museum)?|ury)|n(?:d(?:\.no|beck)|ner\.no)|g(?:s?\.org\.uk|ansk\.ua)|(?:r[oø]y|ster)\.no|\.(?:eu\.org|it)|(?:bin|kow)\.pl|zern\.museum|tsk\.ua|pin)?|t(?:d(?:\.(?:c(?:o\.im|y)|[hl]k|u[ak]|gi)|a)?|\.(?:eu\.org|it|ua))?|(?:ø(?:(?:ding|t)en|renskog)|áhppi|ærdal)\.no|v(?:\.(?:eu\.org|ua)|iv\.ua)?|c(?:ube-server\.de|\.it)?|y(?:ng(?:dal|en)\.no)?|g(?:\.(?:jp|ua)|bt)|p(?:lfinancia)?l|-o-g-i-n\.de|\.(?:bg|se)|äns\.museum|n\.cn|d?s|lc)|e(?:d(?:u(?:\.(?:e(?:[cest]|(?:u\.or)?g)|k(?:[gimnpyz]|rd)|m[egklnostvwxyz]|p[aefhklnrsty]|b[abhimorstz]|g[ehilnprtuy]|s[abcdglntvy]|l[abckrvy]|a[cflruz]|t[jmortw]|c[inouw]|i[nqst]|v[cenu]|d[moz]|h[knt]|n[gir]|r[suw]|u[ay]|z[am]|jo|om|qa|ws)|cat(?:ion(?:(?:al)?\.museum)?|or\.aero)|net\.tn)?|\.(?:c[ir]|ao|jp|pw)|ogawa\.tokyo\.jp|eka)|n(?:g(?:ine(?:er(?:\.aero|ing)?|\.aero)|\.(?:pro|br)|land\.museum|erdal\.no)|(?:vironment(?:alconservation)?|cyclopedic)\.museum|t(?:er(?:tainment\.aero|prises)|omology\.museum)|dof(?:internet\.(?:net|org)|theinternet\.org)|(?:iwa\.hokkaido|a\.gifu)\.jp|e(?:bakk\.no|rgy)|(?:na)?\.it|onic\.io|s\.tn)|s(?:t(?:-(?:(?:a-la-ma(?:is|si)|le-patr)on|mon-blogueur)\.com|ate(?:\.museum)?|\.pr)|\.(?:(?:(?:gov|leg)\.b|k)r|eu\.org)|a(?:shi|n)\.hokkaido\.jp|sex\.museum|urance|p\.br|q)?|u(?:-(?:(?:west-[123]|central-1)\.elasticbeanstalk|[1234]\.evennode)\.com|\.(?:(?:meteorapp\.)?com|int|org)|rovision|n\.eg|s)?|m(?:b(?:etsu\.hokkaido\.jp|roidery\.museum|aixada\.st)|(?:ilia-?romagna|r)\.it|er(?:gency\.aero|ck)|p(?:resa\.bo|\.br)|ail)|x(?:p(?:ert(?:s-comptables\.fr)?|ress(?:\.aero)?|osed)|(?:hibition|eter)\.museum|change(?:\.aero)?|traspace|net\.su)|a(?:st(?:(?:africa|coast)\.museum|-kazakhstan\.su)|t(?:ing-organic\.net|on\.mi\.us)?|rth)|i(?:(?:d(?:s(?:(?:ber|ko)g|voll)|fjord)?|gersund)\.no|heiji\.fukui\.jp|senbahn\.museum)|l(?:ve(?:ndrell\.museum|rum\.no)|b(?:urg\.museum|lag\.pl)|asticbeanstalk\.com|k\.pl)|t(?:ajima\.hiroshima\.jp|hnology\.museum|i(?:salat|\.br)|ne(?:dal)?\.no|c\.br)?|b(?:i(?:n(?:a\.kanagawa|o\.miyazaki)\.jp|z\.tw)|etsu\.hokkaido\.jp)|v(?:e(?:n(?:(?:(?:ass|ášš)i|es)\.no|ts)|rbank)|je-og-hornnes\.no)|c(?:o(?:(?:log|nom)ia\.bo|\.br)?|hizen\.fukui\.jp|n\.br)?|r(?:i(?:mo\.hokkaido\.jp|csson)|oti[ck]a\.hu|ni)|g(?:yptian\.museum|ersund\.no)?|p(?:ilepsy\.museum|ost|son)|1(?:64\.arpa|2\.ve)|quipment(?:\.aero)?|e(?:\.eu\.org)?|\.(?:bg|se)|kloges\.cy|hime\.jp|4\.cz)|r(?:e(?:s(?:i(?:stance\.museum|ndevice\.io)|earch\.(?:museum|aero)|\.(?:aero|in)|(?:tauran)?t)|a(?:l(?:estate(?:\.pl)?|t(?:or|y)|m\.cz)|d(?:(?:-books|myblog)\.org)?)|c(?:(?:reation\.ae|ht\.p)ro|\.(?:[cr]o|br|nf|ve)|i(?:fe\.br|pes))|n(?:(?:ne(?:s[oø]y|bu)|dalen)\.no|t(?:als)?)?|d(?:irectme\.net|umbrella|stone|\.sv)?|g(?:gio-?(?:calabr|emil)ia\.it|\.dk)|p(?:body\.aero|ublican|\.kp|air|ort)|l(?:\.(?:ht|pl)|iance)|vi(?:sta\.bo|ews?)|bun\.hokkaido\.jp|\.(?:it|kr)|i(?:sen?|t)|motewd\.com|klam\.hu|xroth|hab)?|i(?:(?:(?:ku(?:zentakata\.iwate|betsu\.hokkaido)|fu\.miyagi|tto\.shiga)\.j)?p|s(?:hir(?:ifuj)?i\.hokkaido\.jp|(?:[oø]r|sa)\.no)|o(?:(?:(?:branc|pret)o)?\.br|dejaneiro\.museum)?|n(?:g(?:e(?:rike|bu)|saker)|dal)\.no|(?:ghtathom|ik\.e)e|c(?:h(?:ardli)?|oh)|(?:min|et)i\.it|\.(?:it|us)|beirao\.br|vne\.ua|l)|a(?:n(?:(?:koshi\.hokkaido|zan\.saitama)\.jp|(?:daberg|a)\.no)|d(?:o(?:m\.pl|y\.no)|(?:øy|e)\.no|io(?:\.br)?)|(?:h(?:kkeravju|olt)|kkestad|lingen|uma)\.no|ven(?:db\.(?:community|run|me)|na\.it)|i(?:l(?:road|way)\.museum|sa\.no|d)|c(?:kmaze\.(?:com|net)|ing)|(?:gusa)?\.it|wa-maz\.pl|s\.ru)|o(?:(?:(?:y(?:rvik|ken)|llag|ros|an|st)\.n|torcraft\.aer|d(?:oy\.n|e))o|c(?:he(?:ster\.museum|r)|k(?:art\.museum|s))|m(?:a\.(?:museum|it)|s(?:kog|a)\.no|e\.it)|\.(?:(?:gov|leg)\.br|eu\.org|i[mt])|v(?:igo\.it|no\.ua)|kunohe\.aomori\.jp|uter\.management|gers|om)?|(?:ø(?:y(?:rvik|ken)|mskog|døy|ros|st)|á(?:hkkerávju|isa)|å(?:holt|de)|ælingen|l)\.no|y(?:u(?:(?:gasaki\.ibaraki|oh\.shiga)\.jp|kyu)|okami\.saitama\.jp|bnik\.pl|gge\.no)|u(?:\.(?:eu\.org|com|net)|ssia\.museum|ovat\.no|gby|hr|n)?|n(?:\.(?:(?:gov|leg)\.br|it)|(?:[su]|rt)\.tn)|s(?:\.(?:gov|leg)\.br|c\.cdn77\.org|vp)?|\.(?:cdn77\.net|bg|se)|z(?:gw\.gov|eszow)\.pl|[jr]\.(?:gov|leg)\.br|(?:[cg]\.|m\.?)it|hcloud\.com|v\.ua|we?)|y(?:a(?:m(?:a(?:(?:t(?:o(?:\.(?:k(?:anagawa|umamoto)|fukushima)|(?:koriyam|takad)a\.nara)|suri\.fukushima)|n(?:a(?:(?:shi\.yamana)?|kako\.yamana)shi|o(?:be\.yamagata|uchi\.nagano))|g(?:a(?:ta(?:\.(?:yamagata|ibaraki|nagano|gifu))?|\.kumamoto)|uchi)|da\.(?:(?:fukuok|toyam)a|iwate)|(?:kita\.kanagaw|zoe\.nar)a|moto\.miyagi|shina\.kyoto)\.jp|xun)|e\.fukuoka\.jp)|(?:s(?:u(?:gi\.shimane|oka\.nagano|da\.kochi|\.shiga)|hi(?:o\.saitama|ro\.hyogo)|aka\.nagano)|t(?:su(?:shiro\.kumamoto|ka\.shimane)|omi\.aichi)|k(?:umo\.(?:hokkaido|shimane)|age\.okayama)|wa(?:ta(?:hama\.ehime|\.kyoto)|ra\.ibaraki)|i(?:zu\.shizuoka|ta\.tochigi)|bu(?:ki\.fukushima|\.hyogo)|o(?:tsu\.gifu|\.osaka)|ese\.okinawa|zu\.tottori)\.jp|ch(?:i(?:yo\.(?:ibaraki|chiba)|mata\.chiba)\.jp|ts)|n(?:a(?:izu\.fukushim|gawa\.fukuok)a\.jp|dex)|h(?:(?:iko\.niigata|aba\.iwate)\.jp|oo)|lta\.ua)|o(?:(?:n(?:a(?:g(?:uni\.okinawa|o\.tottori)|baru\.okinawa)|(?:ezawa\.yamagat|o\.saitam)a)|i(?:chi\.hokkaido|ta\.niigata)|tsukaido\.chiba)\.jp|k(?:o(?:(?:s(?:hibahikari\.chib|uka\.kanagaw)|ze\.saitam|te\.akit)a\.jp|hama)|(?:a(?:(?:wa)?\.hyogo|ichiba\.chiba)|kaichi\.mie)\.jp)|s(?:hi(?:(?:(?:kawa|mi)\.saita|oka\.gun)m|da\.s(?:hizuok|aitam)|no(?:gari\.sag|\.nar))a\.jp|emite\.museum)|r(?:(?:ii\.saitama|o\.gifu)\.jp|k(?:shire)?\.museum)|m(?:itan\.okinawa\.jp|bo\.me)|u(?:t(?:h\.museum|ube))?|lasite\.com|dobashi|ga)|u(?:(?:(?:(?:za(?:wa\.nii|\.yama)ga|fu\.oi)t|gawa(?:ra\.kanagaw|\.fukushim)|r(?:ihonjo\.akit|a\.wakayam)|asa\.wakayam)a|k(?:uhashi\.fukuoka|i\.ibaraki)|su(?:i\.kagoshima|hara\.kochi)|u\.yamaguchi)\.jp|n)|bo\.(?:(?:scienc|trad)e|review|faith|party)|\.(?:bg|se)|k\.ca|n\.cn|t)|u(?:s(?:(?:-(?:east-(?:1\.(?:elasticbeanstalk|amazonaws)|2\.elasticbeanstalk)|(?:gov-west-1|west-[12])\.elasticbeanstalk|[1234]\.evennode)\.co|(?:c(?:ountryestat|ultur)e|decorativearts|livinghistory|garden)\.museu)m|h(?:i(?:ku\.ibaraki\.jp|story\.museum)|uaia\.museum)|a(?:(?:ntique|rt)s\.museum|\.(?:oita\.jp|museum))|\.(?:(?:eu\.)?org|gov\.pl|com|na)|u(?:i\.fukuok|ki\.oit)a\.jp|r\.cloud\.muni\.cz|er\.party\.eus|tka\.pl)?|n(?:(?:azuki\.toyama|zen\.nagasaki|nan\.shimane)\.jp|i(?:v(?:ersity(?:\.museum)?|\.sn)|on\.aero|com)|(?:usualperson\.co|dersea\.museu)m|(?:j[aá]rga\.n)?o)|r(?:(?:a(?:(?:soe\.okinaw|wa\.saitam|yasu\.chib)a|(?:kawa|usu)\.hokkaido)|uma\.okinawa|yu\.hokkaido|eshino\.mie)\.jp|bino-?pesaro\.it|[in]\.arpa|l\.tw)|t(?:a(?:z(?:u\.kagawa\.jp|as\.hu)|shinai\.hokkaido\.jp|h\.museum)|s(?:unomiya\.tochigi\.jp|ira\.no)|o\.kumamoto\.jp|wente\.io|\.us)|(?:e(?:no(?:hara\.yamanashi|\.gunma)|da\.nagano)|ji(?:(?:tawara)?\.kyoto|ie\.tochigi))\.jp|c(?:hi(?:n(?:ada\.ishik|omi\.kag)awa|hara\.ibaraki|ko\.ehime)\.jp|onnect)|m(?:i(?:\.fukuoka\.jp|g\.gov\.pl)|aji\.kochi\.jp|b(?:ria)?\.it|\.gov\.pl)|k(?:i(?:ha\.fukuoka|\.kumamoto)\.jp|\.(?:eu\.org|com|net)|lugs\.org)?|l(?:(?:lens(?:aker|vang)|vik)\.no|m\.museum|san\.kr)|d(?:(?:ono\.mie|a\.nara)\.jp|i(?:ne\.it|\.br)|\.it)|(?:2(?:-local)?\.xnbay\.co|(?:hren|vic)\.museu)m|b(?:e(?:\.yamaguchi\.jp|r\.space)|ank|s)|o(?:(?:numa\.niigat|zu\.toyam)a\.jp|l)|z(?:(?:hgorod)?\.ua|s\.gov\.pl)?|w(?:ajima\.ehime\.jp|\.gov\.pl)|p(?:(?:ow|po)\.gov\.pl|s)|g(?:(?:im)?\.gov\.pl)?|\.(?:bg|se)|y(?:\.com)?|fcfan\.org|a)|v(?:i(?:r(?:tu(?:e(?:eldomein\.nl|l\.museum)|al(?:-?user\.de|\.museum))|gin(?:ia\.museum)?)|c(?:(?:\.(?:edu|gov))?\.au|enza\.it)|n(?:n(?:ytsi|ic)a\.ua|dafjord\.no)?|k(?:ing(?:\.museum)?|(?:na)?\.no)|(?:bo-?valentia|terbo)\.it|s(?:ta(?:print)?|ion|a)|lla(?:ge\.museum|s)|p(?:sinaapp\.com)?|deo(?:\.hu)?|\.(?:it|us)|v[ao]|x\.br|ajes|g)?|a(?:l(?:le(?:(?:(?:-(?:d-?)?|d-?)?aosta|́?e(?:(?:-d)?-|d)?aoste)\.it|y\.museum|\.no)|er\.(?:hedmark|ostfold)\.no|-?d-?aosta\.it)|n(?:g(?:\.no|uard)|taa\.museum|ylven\.no|a)|(?:g(?:an?|soy)|ds[oø]|apste|ksdal)\.no|r(?:(?:d[oø]|ggat|oy)\.no|ese\.it)|por(?:cloud\.io|\.cloud)|\.(?:it|no|us)|cations|o\.it)?|e(?:r(?:s(?:ailles\.museum|icherung)|(?:(?:bani|on)a|celli)\.it|mögensberat(?:ung|er)|(?:dal|ran)\.no|isign)|(?:st(?:(?:v(?:ago|ågø)|b)y|re-(?:slidre|toten)|nes)|velstad|fsn)\.no|n(?:(?:e(?:zia|to)|ice)?\.it|nesla\.no|tures)|g(?:a(?:(?:rshei)?\.no|s)|årshei\.no)|t(?:erinaire\.(?:fr|km)|\.br)?|\.it)?|o(?:l(?:k(?:enkunde\.museum|swagen)|(?:da\.n|v)o|ogda\.su|yn\.ua)|(?:ss(?:evangen)?|agat)\.no|t(?:[eo]|ing)|yage|dka)|(?:(?:å(?:ler\.(?:hedmark|østfold)|g(?:søy|an|å))|árggát|ærøy|f)\.n|-info\.inf)o|l(?:a(?:di(?:kavkaz|mir)\.[rs]u|anderen(?:\.museum)?)|og\.br)|pn(?:dns\.net|plus\.to)|(?:[brsv]|da)\.it|t\.(?:it|us)|g(?:s\.no)?|c(?:\.it)?|n(?:\.ua)?|u(?:elos)?|\.bg)|w(?:a(?:(?:k(?:a(?:sa\.(?:tottor|fuku)i|(?:yama\.waka)?yama)|kanai\.hokkaido|uya\.miyagi|e\.okayama)|ji(?:ki\.tokushim|ma\.ishikaw)a|(?:zuka\.kyot|da\.nagan)o)\.jp|t(?:ch(?:(?:-and-|and)clock\.museum|es)?|ar(?:i\.miyagi|ai\.mie)\.jp)|s(?:h(?:ingtondc\.museum|tenaw\.mi\.us)|samu\.hokkaido\.jp)|r(?:abi\.saitama\.jp|m(?:ia\.pl|an)|szawa\.pl|\.museum)|l(?:es(?:\.museum)?|lonie\.museum|brzych\.pl|mart|ter)|n(?:ouchi\.gifu\.jp|g(?:gou)?)|\.(?:(?:(?:edu|gov)\.)?au|us)|w\.pl)|e(?:b(?:\.(?:[bcd]o|[lp]k|n[fi]|t[jr]|gu|id|ve|za)|ho(?:p\.(?:info|biz|net|org|me)|sting\.be)|s(?:pace\.rocks|ite)|redirect\.org|cam|er)|d(?:eploy\.(?:io|me|sh)|ding)?|llbeingzone\.(?:co\.uk|eu)|st(?:fale|er)n\.museum|ather(?:channel)?|i(?:bo|r)|grow\.pl|\.bs)|i(?:l(?:liam(?:sburg\.museum|hill)|dlife\.museum)|n(?:d(?:mill\.museum|ows)|b\.gov\.pl|ners|e)?|t(?:h(?:youtub|googl)e\.com|d\.gov\.pl)|(?:[fw]|ih|os)\.gov\.pl|e(?:lun\.pl|n)|ki(?:\.b[or])?|\.us)|o(?:r(?:k(?:i(?:nggroup\.aero|sboring\.com)|s(?:hop\.museum|\.aero)?)?|se-than\.tv|ld)|l(?:terskluwer|omin\.pl)|dzislaw\.pl|odside|w)|(?:(?:zmiuw|uoz)\.gov|locl(?:awek)?)\.pl|r(?:itesthisblog\.com|oc(?:law)?\.pl)|s(?:(?:kr|a)\.gov\.pl|\.na)?|h(?:aling\.museum|oswho)|m(?:flabs\.org|e)|pdevcloud\.com|\.(?:bg|se)|[vy]\.us|ww\.ro|t[cf]|f)|j(?:o(?:(?:(?:etsu\.niigat|hana\.toyam)a|so\.ibaraki)\.jp|urnal(?:is(?:m\.museum|t\.aero)|\.aero)|b(?:oji\.iwate\.jp|s(?:\.tt)?|urg)|r(?:peland\.no|\.br)|(?:lster|ndal)\.no|y(?:o\.kyoto\.jp)?|inville\.br|gasz\.hu|t)?|e(?:w(?:ish(?:art)?\.museum|elry(?:\.museum)?)|(?:fferson|rusalem)\.museum|(?:on(?:buk|nam)|ju)\.kr|(?:ssheim|vnaker)\.no|lenia-gora\.pl|tzt|ep)?|u(?:(?:d(?:ygarland|aica)|if)\.museum|e(?:disches\.museum|gos)|(?:nipe|s\.b)r|r\.pro)|a(?:m(?:ison\.museum|byl\.su|pa\.br)|(?:b\.b|gua)r|n-mayen\.no|worzno\.pl|va)|p(?:\.(?:eu\.org|net)|morgan|n\.com|rs)?|i(?:nsekikogen\.hiroshima\.jp|o)|d(?:evcloud\.com|f\.br)|ø(?:rpeland|lster)\.no|l(?:[cl]|\.cn)|s\.(?:org|cn)|fk\.museum|gora\.pl|c[bp]|x\.cn|\.bg|mp|nj)|[^\.]+\.(?:s(?:en(?:siosite\.cloud|dai\.jp)|t(?:atics\.cloud|olos\.io)|pectrum\.myjino\.ru|apporo\.jp|5y\.io|ch\.uk)|c(?:ompute(?:\.(?:amazonaws\.com(?:\.cn)?|estate)|-1\.amazonaws\.com)|ns\.joyent\.com|ryptonomic\.net|k)|e(?:x\.(?:futurecms|ortsinfo)\.at|lb\.amazonaws\.com(?:\.cn)?|r)|k(?:[hw]|(?:itakyushu|awasaki|obe)\.jp|unden\.ortsinfo\.at)|a(?:lces\.network|dvisor\.ws|wdev\.ca)|tr(?:ansurl\.(?:be|eu|nl)|iton\.zone)|(?:(?:host|land)ing|vps)\.myjino\.ru|(?:(?:quipelements|0emm)\.co|j)m|p(?:latform(?:sh\.site|\.sh)|g)|n(?:(?:agoya\.j)?p|om\.br)|m(?:agentosite\.cloud|m)|f(?:[jk]|uturecms\.at)|y(?:okohama\.jp|e)|in\.futurecms\.at|uberspace\.de|otap\.co|b[dn])|z(?:[mw]|a(?:p(?:orizhzh(?:ia|e)\.ua|to\.(?:org|xyz)|pos)|(?:ma(?:mi\.okin|\.kanag)awa|o\.miyagi)\.jp|(?:chpomor|kopane|gan)\.pl|\.(?:com|net|org|bz)|r(?:ow\.pl|a))|o(?:olog(?:ical|y)\.museum|ne(?:\.id)?)|u(?:shi\.kanagawa\.jp|erich)|(?:h(?:itomi|ytomy)r|t)\.ua|e(?:ntsuji\.kagawa\.jp|ro)|gor(?:zelec|a)\.pl|p\.(?:gov\.pl|ua)|\.(?:bg|se)|ip(?:po)?|lg\.br|j\.cn)|(?:ø(?:y(?:stre-slidre|garden|er)|r(?:s(?:kog|ta)|land)|stre-toten|vre-eiker|ksnes)|å(?:l(?:(?:esun|går)d)?|s(?:eral|nes)?|m(?:li|ot)|krehamn|fjord|rdal)|á(?:l(?:aheadju|tá)|kŋoluokta)|čáhcesuolo)\.no|(?:(?:[富岡]|和歌)山|(?:[広徳]|鹿児)島|(?:神奈|石)川|山[口形梨]|福[井岡島]|[佐滋]賀|宮[城崎]|愛[媛知]|長[崎野]|北海道|三重|京都|兵庫|千葉|埼玉|奈良|岐阜|岩手|島根|東京|栃木|沖縄|熊本|秋田|群馬|茨城|青森|静岡|高知|鳥取)\.jp|q(?:u(?:e(?:bec(?:\.museum)?|st)|icksytes\.com)|ld(?:\.(?:edu|gov))?\.au|(?:-a\.eu\.or|\.b)g|(?:h\.c|po)n|a(?:2\.com)?|c\.c(?:om|a)|sl\.br|vc)|x(?:e(?:n(?:apponazure|\.prgmr)\.com|rox)|(?:i(?:hua)?|[jz]\.c)n|s4all\.space|\.(?:bg|se)|(?:bo|x)x|nbay\.com|443\.pw|finity|peria|yz)|ا(?:ل(?:سعود(?:ي[ةه]|ی[ةۃ])|(?:عليا|ارد|يم)ن|جزائر|مغرب)|(?:تصال|مار)ات|يران(?:\.ir)?|یران(?:\.ir)?|بوظبي|رامكو)|1(?:2hp\.(?:at|ch|de)|337\.pictures|kapp\.com|6-b\.it|\.bg)|(?:(?:(?:องค์ก|ทหา)ร|ธุรกิจ|รัฐบาล|ศึกษา|เน็ต)\.)?ไทย|2(?:0(?:00\.hu|38\.io)|ix\.(?:at|ch|de)|\.bg)|о(?:(?:бр|д)\.срб|рг(?:\.срб)?|нлайн)|4(?:lima\.(?:at|ch|de)|u\.com|\.bg)|网(?:[址店站]|络(?:\.(?:cn|hk))?|絡\.hk)|3(?:utilities\.com|2-b\.it|\.bg)|網(?:絡\.(?:cn|hk|香港)|络\.hk|路\.tw)|م(?:و(?:بايلي|قع)|ليسيا|صر)|公(?:司(?:\.(?:cn|hk|香港))?|益)|組(?:織\.(?:hk|tw|香港)|织\.hk)|ب(?:ا(?:زار|رت)|ھارت|يتك)|(?:ירושלים|иком)\.museum|政(?:府(?:\.(?:hk|香港))?|务)|组(?:织(?:\.hk|机构)|織\.hk)|(?:پا[كک]ستا|فلسطي)ن|0(?:01www\.com|\.bg)|9(?:guacu\.br|\.bg)|м(?:о(?:сква|н)|кд)|大(?:[分阪]\.jp|众汽车|拿)|ع(?:ر(?:اق|ب)|مان)|भार(?:त(?:म्)?|ोत)|6(?:4-b\.it|\.bg)|இ(?:ந்தியா|லங்கை)|(?:[个箇]人|敎育)\.hk|سو(?:ري[اة]|دان)|商(?:[城店标]|業\.tw)|香(?:川\.jp|格里拉|港)|у(?:пр\.срб|кр)|新(?:潟\.jp|加坡|闻)|(?:ак|пр)\.срб|к(?:атолик|ом)|ك(?:اثوليك|وم)|中(?:[信国國]|文网)|個人\.(?:hk|香港)|教育\.(?:hk|香港)|(?:グーグ|セー)ル|с(?:айт|рб)|சிங்கப்பூர்|嘉里(?:大酒店)?|[578]\.bg|б(?:ел|г)|р(?:ус|ф)|ভা[রৰ]ত|ファッション|همراه|संगठन|বাংলা|భారత్|ഭാരതം|台[湾灣]|手[机表]|澳[門门]|닷[넷컴]|дети|تونس|شبكة|ڀارت|ਭਾਰਤ|ભારત|ଭାରତ|ಭಾರತ|ලංකා|クラウド|ポイント|電訊盈科|қаз|հայ|קום|قطر|कॉम|नेट|คอม|みんな|ストア|天主教|我爱你|淡马锡|诺基亚|飞利浦|ελ|ею|გე|コム|世界|企业|佛山|信息|健康|八卦|在线|娱乐|家電|工行|广东|微博|慈善|招聘|时尚|書籍|机构|游戏|点看|珠宝|移动|联通|臺灣|谷歌|购物|通販|集团|食品|餐厅|삼성|한국)$/ + , + _tldEx: /(?:\.|^)(?:city\.(?:k(?:itakyushu|awasaki|obe)|(?:yokoham|nagoy)a|s(?:apporo|endai))\.jp|www\.ck)$/ +} diff --git a/src/lib/uuid.js b/src/lib/uuid.js new file mode 100644 index 0000000..d809437 --- /dev/null +++ b/src/lib/uuid.js @@ -0,0 +1,6 @@ +'use strict'; +function uuid() { + return ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, + c => (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4) + .toString(16)); +} diff --git a/src/manifest.json b/src/manifest.json new file mode 100644 index 0000000..87549f9 --- /dev/null +++ b/src/manifest.json @@ -0,0 +1,101 @@ +{ + "manifest_version": 2, + "default_locale": "en", + "name": "NoScript", + "applications": { + "gecko": { + "id": "{73a6fe31-595d-460b-a920-fcc0f8843232}", + "strict_min_version": "59.0" + } + }, + "version": "10.1.8.3rc4", + "description": "__MSG_Description__", + + "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'", + + "icons": { + "48": "img/icon48.png", + "96": "img/icon96.png", + "256": "img/icon256.png" + }, + + "permissions": [ + "contextMenus", + "privacy", + "storage", + "tabs", + "unlimitedStorage", + "webNavigation", + "webRequest", + "webRequestBlocking", + "<all_urls>" + ], + + "background": { + "persistent": true, + "scripts": [ + "lib/uuid.js", + "lib/log.js", + "lib/include.js", + "lib/punycode.js", + "lib/tld.js", + "common/Policy.js", + "common/locale.js", + "common/Entities.js", + "common/SyntaxChecker.js", + "common/Storage.js", + "ui/Prompts.js", + "xss/XSS.js", + "bg/main.js" + ] + }, + + "content_scripts": [ + { + "run_at": "document_start", + "matches": ["<all_urls>"], + "match_about_blank": true, + "all_frames": true, + "js": [ + "lib/log.js", + "content/onScriptDisabled.js", + "content/content.js", + "content/PlaceHolder.js" + ] + }, + { + "matches": ["<all_urls>"], + "match_about_blank": true, + "all_frames": true, + "css": [ + "/content/content.css" + ] + } + ], + + "options_ui": { + "page": "ui/options.html", + "open_in_tab": true + }, + + "browser_action": { + "default_area": "navbar", + "default_title": "NoScript", + "default_icon": { + "64": "img/ui-maybe64.png" + } + }, + + "commands": { + "_execute_browser_action": { + "suggested_key": { + "default": "Alt+Shift+N" + } + }, + "togglePermissions": { + "suggested_key": { + "default": "Ctrl+Shift+T" + } + } + } +} diff --git a/src/test/Policy_test.js b/src/test/Policy_test.js new file mode 100644 index 0000000..f658379 --- /dev/null +++ b/src/test/Policy_test.js @@ -0,0 +1,29 @@ +{ + let p1 = new Policy(); + p1.set("noscript.net", new Permissions(["script"], true)); + p1.set("https://noscript.net", new Permissions(["script", "object"])); + p1.set("maone.net", p1.TRUSTED.tempTwin); + p1.set(Sites.secureDomainKey("secure.informaction.com"), p1.TRUSTED); + p1.set("https://flashgot.net", p1.TRUSTED); + p1.set("http://flashgot.net", p1.UNTRUSTED); + p1.set("perchè.com", p1.TRUSTED); + let p2 = new Policy(p1.dry()); + debug("p1", JSON.stringify(p1.dry())); + debug("p2", JSON.stringify(p2.dry())); + + for(let t of [ + () => p2.can("https://noscript.net"), + () => !p2.can("http://noscript.net"), + () => p2.can("https://noscript.net", "object"), + () => p1.snapshot !== p2.snapshot, + () => JSON.stringify(p1.dry()) === JSON.stringify(p2.dry()), + () => p1.can("http://perchè.com/test") /* IDN encoding */, + () => Sites.toExternal(new URL("https://perché.com/test")) === + "https://perché.com/test" /* IDN decoding */, + () => !p1.can("http://secure.informaction.com"), + () => p1.can("https://secure.informaction.com"), + () => p1.can("https://www.secure.informaction.com"), + ]) Test.run(t); + + Test.report(); +} diff --git a/src/test/Test.js b/src/test/Test.js new file mode 100644 index 0000000..8ca2ed7 --- /dev/null +++ b/src/test/Test.js @@ -0,0 +1,43 @@ +var Test = (() => { + 'use strict'; + return { + passed: 0, + failed: 0, + async include(tests) { + for(let test of tests) { + let src = `/test/${test}_test.js`; + log(`Testing ${test}`); + this.passed = this.failed = 0; + try { + await include(src); + } catch (e) { + // we might omit some tests in publicly available code for Security + // reasons, e.g. XSS_test.js + log("Missing test ", test); + continue; + } + } + }, + async run(test, msg = "", callback = null) { + let r = false; + try { + r = await test(); + } catch(e) { + error(e); + } + this[r ? "passed" : "failed"]++; + log(`${r ? "PASSED" : "FAILED"} ${msg || uneval(test)}`); + if (typeof callback === "function") try { + callback(r, test, msg); + } catch(e) { + error(e); + } + }, + + report() { + let {passed, failed} = this; + log(`FAILED: ${failed}, PASSED: ${passed}, TOTAL ${passed + failed}.`); + } + }; + +})(); diff --git a/src/test/XSS_test.js b/src/test/XSS_test.js new file mode 100644 index 0000000..99cbb3d --- /dev/null +++ b/src/test/XSS_test.js @@ -0,0 +1,16 @@ +{ + let y = async (url, originUrl = '') => await XSS.maybe({originUrl, url, method: "GET"}); + let n = async (...args) => !await y(...args); + Promise.all([ + () => y("https://noscript.net/<script"), + () => n("https://noscript.net/<script", "https://noscript.net/"), + () => y("https://vulnerabledoma.in/char_test?body=%80%3Cscript%3Ealert(1)%3C/script%3E"), + () => y("https://vulnerabledoma.in/char_test?body=%3Cp%20id=x%3Ejavascrip%3Cx%3Et:alert(%3Cx%3E1)%3C/p%3E%3Cmath%3E%3Ca%20href=%22%23*/=x.innerText,a%22%20xml:base=javascript:location/*%3EClick%20HERE"), + () => y("https://vulnerabledoma.in/char_test?body=%3Cp%20id=x%3E%26lt%3Bsv%3Cx%3Eg%20o%3Cx%3Enload=alert(%3Cx%3E1)%3E%3C/p%3E%3Cmath%3E%3Ca%20href=%23%250ax.innerText%20xml:base=javascript:%3C!--%3EClick%20HERE"), + () => y("https://vulnerabledoma.in/char_test?body=%3Cp%20id=x%3E%26lt%3Bsv%3Cx%3Eg%20o%3Cx%3Enload=alert(%3Cx%3E1)%3E%3C/p%3E%3Cmath%3E%3Ca%20href=%23*/x.innerText%20xml:base=%01javascript:/*%3EClick%20HERE"), + () => y("https://vulnerabledoma.in/char_test?body=%3Ca%20href=javascript%26colo%u0000n%3balert%281%u0029%3ECLICK"), + () => y("https://vulnerabledoma.in/xss_link?url=javascript%26colo%00n%3Balert%u00281%29"), + () => y("https://vulnerabledoma.in/xss_link?url=javascript:\\u{%0A6e}ame"), + ].map(t => Test.run(t)) + ).then(() => Test.report()); +} diff --git a/src/test/run.js b/src/test/run.js new file mode 100644 index 0000000..4325a40 --- /dev/null +++ b/src/test/run.js @@ -0,0 +1,8 @@ +(async () => { + await include("/test/Test.js"); + Test.include([ + "Policy", + "XSS", + "embargoed/XSS", + ]); +})(); diff --git a/src/ui/Prompts.js b/src/ui/Prompts.js new file mode 100644 index 0000000..03ea9ee --- /dev/null +++ b/src/ui/Prompts.js @@ -0,0 +1,101 @@ +var Prompts = (() => { + + + var promptData; + var backlog = []; + class WindowManager { + async open(data) { + promptData = data; + this.close(); + this.currentWindow = await browser.windows.create({ + url: browser.extension.getURL("ui/prompt.html"), + type: "panel", + allowScriptsToClose: true, + // titlePreface: "NoScript ", + width: data.features.width, + height: data.features.height, + }); + } + async close() { + if (this.currentWindow) { + try { + await browser.windows.remove(this.currentWindow.id); + } catch (e) { + debug(e); + } + this.currentWindow = null; + } + } + + async focus() { + if (this.currentWindow) { + try { + await browser.windows.update(this.currentWindow.id, + { + focused: true, + } + ); + } catch (e) { + error(e, "Focusing popup window"); + } + } + } + } + + var winMan = new WindowManager(); + var Prompts = { + DEFAULTS: { + title: "", + message: "Proceed?", + options: [], + checks: [], + buttons: [_("Ok"), _("Cancel")], + multiple: "close", // or "queue", or "focus" + width: 400, + height: 300, + }, + async prompt(features) { + features = Object.assign({}, this.DEFAULTS, features || {}); + return new Promise((resolve, reject) => { + let data = { + features, + result: { + button: -1, + checks: [], + option: null, + }, + done() { + this.done = () => {}; + winMan.close(); + resolve(this.result); + if (backlog.length) { + winMan.open(backlog.shift()); + } else { + promptData = null; + } + } + }; + if (promptData) { + backlog.push(data); + switch(promptData.features.multiple) { + case "focus": + winMan.focus(); + case "queue": + break; + default: + promptData.done(); + } + } else { + winMan.open(data); + } + }); + }, + + get promptData() { + return promptData; + } + } + + return Prompts; + +})(); diff --git a/src/ui/options.css b/src/ui/options.css new file mode 100644 index 0000000..f7db24b --- /dev/null +++ b/src/ui/options.css @@ -0,0 +1,187 @@ + +/* @import url("chrome://browser/content/extension.css"); */ +body { + background: #eee url("/img/noscript-options.png") no-repeat fixed top right; + background-size: 8em; + padding: 0 2em 0 0; + margin: 0.5em 0.5em 0.5em 0.5em; +} +.mobile body { + background-size: 4em; + padding-right: 0; +} + + +#header { + display: flex; + flex-flow: column; + padding: 0; + margin: 0 6em 0 0; + text-align: right; +} +#header h1 { + color: #048; + text-shadow: 0.06em 0.06em 0.06em rgba(0,0,0,.5); + font-size: 2em; + padding: 0; + margin: 0; + text-align: right; +} +#version { + color: #048; + font-size: 0.75em; + padding: 0; + margin: 0 0 0.5em; + display: block; + text-align: right; +} + +.buttons { + display: flex; + flex-flow: row wrap; + justify-content: flex-end; + width: 100%; + text-align: right; +} + +#sect-general { + display: flex; + flex-direction: column; + justify-content: space-around; + font-size: 1em; +} + +#sect-general label, #sect-general button, #sect-general span { + white-space: nowrap; +} + +.opt-group { + display: flex; + flex-flow: row wrap; + justify-content: flex-start; + border-bottom: 1px solid rgba(255, 255, 255, .5); + padding: .5em 0; +} + +.opt-group:last-child { + border-bottom: none; + margin-bottom: .5em; +} + +section form, section fieldset { + margin: .5em 0; +} + +fieldset:disabled { + opacity: .5; +} + +.opt-group > span { + margin: 0 .5em; +} + +.sect-sites form { + display: flex; + align-items: baseline; + flex-wrap: wrap; + justify-content: space-between; +} + +.sect-sites form > label { + white-space: nowrap; +} +#newsite { + flex: 2 2; +} + +#policy { + display: block; + margin-top: .5em; + min-height: 20em; + width: 90%; +} +.hide, div.debug { + display: none; +} + +body.debug div.debug { + display: initial; +} + +.error { + background: #ff8; + color: red; +} + +#policy-error { + background: red; + color: #ff8; + padding: 0; + margin: 0; + font-weight: bold; +} + +input, button { + font-size: 1em; +} + +button.add { + font-weight: bold; +} + +input[type="file"] { + display: none; +} + +.opt-group { + padding: 0.5em 0; +} +#xssFaq { + padding: 0.5em 1em; +} +#clearclick-options { + display: none; +} + + +.flextabs__tab { + /* shift all tabs to appear before content */ + order: -1; + /* let tabs scale to fit multiple on each row */ + width: auto; + margin: 0; +} +.flextabs__content--active { + /* ignore states activated for multi (accordion) toggle view */ + display: none; +} +.flextabs__content--active--last { + /* show the last activated item */ + display: block; +} + +.flextabs__content, .flextabs__toggle[aria-expanded="true"] { + background-color: rgba(200, 200, 200, .5) !important; + border: 0 solid #888; +} + +.flextabs__toggle { + -moz-appearance: none; + border-width: 0 1px 0 0 !important; + margin: 0 4px 0 0; + background: #ccc; + outline-width: 1px 0 0 0 !important; +} + + + +.flextabs__content { + border-width: 0 1px 1px 0; + border-radius: 0 .5em 0 0; + padding: .5em; +} + +.flextabs__toggle { + border-radius: .2em .2em 0 0; + padding: .2em .4em; +} diff --git a/src/ui/options.html b/src/ui/options.html new file mode 100644 index 0000000..433a1bd --- /dev/null +++ b/src/ui/options.html @@ -0,0 +1,125 @@ +<!DOCTYPE html> +<html> +<head> +<meta name="viewport" content="width=device-width,initial-scale=1"> +<title>NoScript Settings</title> +<meta charset="utf-8"> +<link rel="icon" href="/img/noscript-options.png"> +<link rel="stylesheet" href="/lib/flextabs.css" /> +<link rel="stylesheet" href="options.css" /> +<link rel="stylesheet" href="whirlpool.css" /> +<script src="/lib/include.js"></script> +<script src="/lib/log.js"></script> +<script src="/lib/flextabs.js"></script> +<script src="/common/locale.js"></script> +<script src="/ui/ui.js"></script> +</head> +<body> +<div id="header"> +<h1 > +NoScript Options +</h1> +<div> +<span id="version"></span> +</div> + +<div class="buttons"> +<span><input id="file-import" type="file"/></span> +<button id="btn-import" accesskey="__MSG_Import_accesskey__">__MSG_Import__</button> +<button id="btn-export" accesskey="__MSG_Export_accesskey__">__MSG_Export__</button> +<button id="btn-reset" accesskey="__MSG_Reset_accesskey__">__MSG_Reset__</button> +</div> +</div> +<section id="sect-io"> + +</section> + +<div id="main-tabs" class="flextabs"> + +<h3 class="flextabs__tab"><button class="flextabs__toggle">__MSG_SectionGeneral__</button></h3> +<div class="flextabs__content flextabs__content--active--last"> + <section id="sect-general"> + <div class="opt-group"> + <span id="global-opt"> + <input type="checkbox" id="opt-global"><label for="opt-global" id="lbl-global">__MSG_NoEnforcement__</label> + </span> + <span id="auto-opt"> + <input type="checkbox" class="enforcement_required" id="opt-auto"><label for="opt-auto" id="lbl-auto">__MSG_AutoAllowTopLevel__</label> + </span> + + </div> + + <fieldset class="enforcement_required"> + <legend accesskey="__MSG_CustomizePresets_accesskey__">__MSG_CustomizePresets__</legend> + <div id="presets"></div> + </fieldset> + </section> +</div> + +<h3 class="flextabs__tab"><button class="flextabs__toggle enforcement_required">__MSG_SectionSitePermissions__</button></h3> +<div class="flextabs__content"> + <section class="sect-sites"> + <form id="form-newsite" class="browser-style" > + <label id="newsite-label" for="newsite" accesskey="__MSG_WebAddress_accesskey__">__MSG_WebAddress__</label><input name="newsite" id="newsite" type="text" placeholder="[https://]noscript.net" + ><button class="add">+</button> + </form> + <div id="sites"> + <div class="cssload-container"> + <div class="cssload-whirlpool"></div> + </div> + </div> + </section> +</div> + +<h3 class="flextabs__tab appearance_tab"><button class="flextabs__toggle">__MSG_SectionAppearance__</button></h3> +<div class="flextabs__content appearance_tab"> + <div class="opt-group desktop"> + <span id="showCtxMenuItem-opt"> + <input type="checkbox" id="opt-showCtxMenuItem"> + <label for="opt-showCtxMenuItem" id="lbl-showCtxMenuItem">__MSG_ShowCtxMenuItem__</label> + </span> + </div> + <div class="opt-group desktop"> + <span id="showCountBadge-opt"> + <input type="checkbox" id="opt-showCountBadge"> + <label for="opt-showCountBadge" id="lbl-showCountBadge">__MSG_ShowCountBadge__</label> + </span> + </div> + <div class="opt-group"> + <span id="showFullAddresses-opt"> + <input type="checkbox" id="opt-showFullAddresses"> + <label for="opt-showFullAddresses" id="lbl-showFullAddresses">__MSG_ShowFullAddresses__</label> + </span> + </div> +</div> + +<h3 class="flextabs__tab"><button class="flextabs__toggle">__MSG_SectionAdvanced__</button></h3> +<div class="flextabs__content"> + <div class="opt-group"> + <span id="xss-opts"> + <input type="checkbox" id="opt-xss"><label for="opt-xss" id="lbl-xss">__MSG_OptFilterXGet__</label> + <span id="xssFaq">(<a href="https://noscript.net/faq#xss" title="https://noscript.net/faq#xss">__MSG_XssFaq__</a>)</span> + </span> + <button id="btn-delete-xss-choices" disabled>__MSG_XSS_clearUserChoices__</button> + </div> + <div id="clearclick-options" class="opt-group"> + <input type="checkbox" id="opt-clearclick"><label for="opt-clearclick" id="lbl-clearclick">ClearClick</label> + </div> + + <section id="debug" class="browser-style"> + <div class="opt-group"> + <span><input type="checkbox" id="opt-debug"><label id="label-debug" for="opt-debug">Debug</label></span> + </div> + <div id="debug-tools" class="debug browser-style"> + <label for="policy">Policy:</label> + <div id="policy-error"></div> + <textarea id="policy" class="browser-style"> + </textarea> + </div> + </section> +</div> +</div> +<script src="/lib/persistent-tabs.js"></script> +<script src="options.js"></script> +</body> +</html> diff --git a/src/ui/options.js b/src/ui/options.js new file mode 100644 index 0000000..79e6cb7 --- /dev/null +++ b/src/ui/options.js @@ -0,0 +1,220 @@ +'use strict'; +(async () => { + + await UI.init(); + + let policy = UI.policy; + + let version = browser.runtime.getManifest().version; + document.querySelector("#version").textContent = _("Version", version); + // simple general options + opt("global", o => { + if (o) { + policy.enforced = !o.checked; + UI.updateSettings({policy}); + } + let {enforced} = policy; + let disabled = !enforced; + for (let e of document.querySelectorAll(".enforcement_required")) { + e.disabled = disabled; + } + return disabled; + }); + + opt("auto", o => { + if (o) { + policy.autoAllowTop = o.checked; + UI.updateSettings({policy}); + } + return policy.autoAllowTop; + }); + + opt("xss"); + + { + let button = document.querySelector("#btn-reset"); + button.onclick = async () => { + if (confirm(_("reset_warning"))) { + policy = new Policy(); + await UI.updateSettings({policy, local: null, sync: null, xssUserChoices: {}}); + window.location.reload(); + } + } + + let fileInput = document.querySelector("#file-import"); + fileInput.onchange = () => { + let fr = new FileReader(); + fr.onload = async () => { + try { + await UI.importSettings(fr.result); + } catch (e) { + error(e, "Importing settings %s", fr.result); + } + location.reload(); + } + fr.readAsText(fileInput.files[0]); + } + + button = document.querySelector("#btn-import"); + button.onclick = () => fileInput.click(); + + document.querySelector("#btn-export").addEventListener("click", async e => { + let button = e.target; + button.disabled = true; + let settings = await UI.exportSettings(); + let f = document.createElement("iframe"); + f.srcdoc = `<a download="noscript_data.txt" target="_blank">NoScript Export</a>`; + f.style.position = "fixed"; + f.style.top = "-999px"; + f.style.height = "1px"; + f.onload = () => { + let w = f.contentWindow; + let a = w.document.querySelector("a"); + a.href = w.URL.createObjectURL(new w.Blob([settings], { + type: "text/plain" + })); + a.click(); + setTimeout(() => { + f.remove(); + button.disabled = false; + }, 1000); + + }; + document.body.appendChild(f); + }); + } + + { + let a = document.querySelector("#xssFaq a"); + a.onclick = e => { + e.preventDefault(); + browser.tabs.create({ + url: a.href + }); + } + let button = document.querySelector("#btn-delete-xss-choices"); + let choices = UI.xssUserChoices; + button.disabled = Object.keys(choices).length === 0; + button.onclick = () => { + UI.updateSettings({ + xssUserChoices: {} + }); + button.disabled = true + }; + + } + + opt("clearclick"); + opt("debug", "local", b => { + document.body.classList.toggle("debug", b); + if (b) updateRawPolicyEditor(); + }); + + // Appearance + + opt("showCountBadge", "local"); + opt("showCtxMenuItem", "local"); + opt("showFullAddresses", "local"); + + // PRESET CUSTOMIZER + { + let parent = document.getElementById("presets"); + let presetsUI = new UI.Sites(parent, + {"DEFAULT": true, "TRUSTED": true, "UNTRUSTED": true}); + + presetsUI.render([""]); + window.setTimeout(() => { + let def = parent.querySelector('input.preset[value="DEFAULT"]'); + def.checked = true; + def.click(); + }, 10); + } + + // SITES UI + let sitesUI = new UI.Sites(document.getElementById("sites")); + { + sitesUI.onChange = () => { + if (UI.local.debug) { + updateRawPolicyEditor(); + } + }; + let sites = policy.sites; + sitesUI.render(sites); + + let newSiteForm = document.querySelector("#form-newsite"); + let newSiteInput = newSiteForm.newsite; + let button = newSiteForm.querySelector("button"); + let canAdd = s => policy.get(s).siteMatch === null; + + let validate = () => { + let site = newSiteInput.value.trim(); + button.disabled = !(Sites.isValid(site) && canAdd(site)); + sitesUI.filterSites(site); + } + validate(); + newSiteInput.addEventListener("input", validate); + + newSiteForm.addEventListener("submit", e => { + e.preventDefault(); + e.stopPropagation(); + let site = newSiteInput.value.trim(); + let valid = Sites.isValid(site); + if (valid && canAdd(site)) { + policy.set(site, policy.TRUSTED); + UI.updateSettings({policy}); + newSiteInput.value = ""; + sitesUI.render(policy.sites); + sitesUI.highlight(site); + sitesUI.onChange(); + } + }, true); + } + + + // UTILITY FUNCTIONS + + async function opt(name, storage = "sync", onchange) { + let input = document.querySelector(`#opt-${name}`); + if (!input) { + debug("Checkbox not found %s", name); + return; + } + if (typeof storage === "function") { + input.onchange = e => storage(input); + input.checked = storage(null); + } else { + let obj = UI[storage]; + if (!obj) log(storage); + input.checked = obj[name]; + if (onchange) onchange(input.checked); + input.onchange = async () => { + obj[name] = input.checked; + await UI.updateSettings({[storage]: obj}); + if (onchange) onchange(obj[name]); + } + } + } + + + function updateRawPolicyEditor() { + if (!UI.local.debug) return; + + // RAW POLICY EDITING (debug only) + let policyEditor = document.getElementById("policy"); + policyEditor.value = JSON.stringify(policy.dry(true), null, 2); + if (!policyEditor.onchange) policyEditor.onchange = (e) => { + let ed = e.currentTarget + try { + policy = new Policy(JSON.parse(ed.value)); + UI.updateSettings({policy}); + sitesUI.render(policy.sites); + ed.className = ""; + document.getElementById("policy-error").textContent = ""; + } catch (e) { + error(e); + ed.className = "error"; + document.getElementById("policy-error").textContent = e.message; + } + } + } +})(); diff --git a/src/ui/popup.css b/src/ui/popup.css new file mode 100644 index 0000000..f8b31e2 --- /dev/null +++ b/src/ui/popup.css @@ -0,0 +1,235 @@ +body { + background: white; +} + +#top { + font-size: 1em; + position: relative; + margin: 0; + height: 2.4em; + min-width: 18.75em; + border-bottom: 0.06em solid #eee; + display: flex; + -moz-user-select: none; +} + + +#top a { + appearance: none !important; + -moz-appearance: none !important; + width: 2em; + height: 2em; + margin: 0.25em; + cursor: pointer; + font-size: 1em; + font-family: sans-serif; + font-weight: bold; + color: black; + background: transparent no-repeat center; + background-size: 100%; + transform: unset; + transition: all 0.3s; + border: none; + display: block; + + top: 0; + padding: 0; + text-align: left; + vertical-align: middle; + line-height: 1em; + +} + +#top > .spacer { + flex-grow: 1; + display: block; + cursor: pointer; +} + + + +#top > .hider.open ~ .spacer { + display: none; +} + +.hider { + background: #ccc; + box-shadow: inset 0 1px 3px #444; + border-radius: 1em 1em 0 0; + display: none; + position: relative; + margin: .25em 1.5em; + padding: 0; + + height: 2em; + overflow: hidden; + opacity: .5; +} + + + +.hider.open { + display: flex; + flex-grow: 1; + opacity: 1; + padding-left: 2em; +} +.hider:hover { + opacity: 1; +} +.hider:not(.open):not(.empty) { + display: block; + text-align: right; + line-height: 1em; + overflow: hidden; + width: 2em; +} + + +.reveal { + display: block; + padding: .3em; + margin: 0; +} + +.hider.open > .reveal { + display: none !important; +} + +.hider:not(.open) > :not(.reveal) { + display: none !important; +} + +.hider-label { + position: absolute; + z-index: 100; + top: .5em; + right: .5em; + color: #222; + text-align: right; + vertical-align: middle; + line-height: 100%; + font-size: 1em; + font-weight: bold; + pointer-events: none; + text-shadow: -2px 0 2px white, 2px 0 2px white; +} + +.hider-close { + -moz-appearance: none; + appearance: none; + color: black; + background: transparent; + padding: 0; + border-radius: .2em; + border: none; + position: absolute; + left: .2em; + top: 0; + font-size: 1em; + z-index: 100; + vertical-align: middle; + padding: .2em; +} + +.hider-close:hover, .reveal:hover { + color: white !important; + text-shadow: -2px 0 2px red, 2px 0 2px red; +} + +.hider > .icon { + opacity: .7; + margin: 0 .25em; + padding: 0; +} + +#top > a:hover { + transform: scale(1.2); +} + +#top a.icon { + text-indent: -500em; + color: transparent; +} + + +#top #revoke-temp { + background-image: url(/img/ui-revoke-temp64.png); +} +#top #temp-trust-page { + background-image: url(/img/ui-temp-all64.png); +} + +#top #enforce-tab { + background-image: url(/img/ui-tab-no64.png); +} +#top #enforce-tab[aria-pressed="true"] { + background-image: url(/img/ui-tab64.png); +} + +#top #enforce { + background-image: url(/img/ui-global-no64.png); +} +#top #enforce[aria-pressed="true"] { + background-image: url(/img/ui-global64.png); +} + +#top #options { + background-image: url(/img/noscript-options.png); +} +#top #close { + background-image: url(/img/ui-close64.png); +} + +#top #reload { + background-image: url(/img/ui-reload64.png); +} + +#sites { + margin: 0.5em 0.25em; +} + +#content { + text-align: center; +} +#buttons { + text-align: center; + margin: 0.5em; + display: flex; + justify-content: space-around; + +} +#buttons button { + flex-grow: 1; + margin: .5em 2em; +} + +.disabled .toggle.icon, .toggle.icon:disabled { + opacity: .2; + pointer-events: none; +} + +#message { + height: auto; + margin: .5em; + padding: .8em 0 0 2.5em; + background-size: 2em; + background-position: left top; + background-repeat: no-repeat; + min-height: 3em; + transition: height .5s; + font-size: 1.2em; + vertical-align: middle; +} +#message.hidden { + display: none; + height: 0; + min-height: 0; + overflow: hidden; +} +.warning { + background-image: url("/img/warning64.png"); +} +.error { + background-image: url("/img/error64.png"); +} diff --git a/src/ui/popup.html b/src/ui/popup.html new file mode 100644 index 0000000..d4bab21 --- /dev/null +++ b/src/ui/popup.html @@ -0,0 +1,41 @@ +<!DOCTYPE html> +<html> +<head> +<meta name="viewport" content="width=device-width,initial-scale=1"> +<meta charset="utf-8"> +<title>NoScript Settings</title> +<meta charset="utf-8"> +<link rel="stylesheet" type="text/css" href="popup.css" /> +<script src="/lib/include.js"></script> +<script src="/lib/log.js"></script> +<script src="/common/locale.js"></script> +<script src="/ui/ui.js"></script> + +</head> +<body> +<div id="main"> +<div id="top"> + <a aria-role="button" id="close" class="close icon">__MSG_Close__</a> + <a aria-role="button" id="reload" class="reload icon">__MSG_Reload__</a> + <a aria-role="button" id="options" class="options icon">__MSG_Options__</a> + <div class="hider"> + <a aria-role="button" class="reveal" title="__MSG_Reveal__">🡆</a> + <div class="hider-label">__MSG_Hider__</div> + <button class="hider-close">🗙</button> + </div> + <div class="spacer"></div> + <a aria-role="button" id="enforce" class="toggle icon"></a> + <a aria-role="button" id="enforce-tab" class="toggle icon"></a> + <a aria-role="button" id="temp-trust-page" class="toggle icon">__MSG_TempTrustPage__</a> + <a aria-role="button" id="revoke-temp" class="toggle icon">__MSG_RevokeTemp__</a> +</div> +<div id="message" class="hidden"></div> +<div id="content"></div> +<div id="sites"></div> +<div id="buttons"> + +</div> +</div> +<script src="popup.js"></script> +</body> +</html> diff --git a/src/ui/popup.js b/src/ui/popup.js new file mode 100644 index 0000000..3f84549 --- /dev/null +++ b/src/ui/popup.js @@ -0,0 +1,249 @@ +'use strict'; + +var sitesUI; + +addEventListener("unload", e => { + if (!UI.initialized) { + browser.runtime.sendMessage({ + type: "openStandalonePopup" + }); + } +}); + +(async () => { + + function showMessage(className, message) { + let el = document.getElementById("message"); + el.textContent = message; + el.className = className; + } + + try { + let tabId; + let pendingReload = false; + let isBrowserAction = true; + let optionsClosed = false; + let tab = (await browser.tabs.query({ + windowId: browser.windows ? + (await browser.windows.getLastFocused({windowTypes: ["normal"]})).id + : null, + active: true + }))[0]; + + if (!tab || tab.id === -1) { + log("No tab found to open the UI for"); + close(); + } + if (tab.url === document.URL) { + isBrowserAction = false; + try { + tabId = parseInt(document.URL.match(/#.*\btab(\d+)/)[1]); + } catch (e) { + close(); + } + addEventListener("blur", close); + } else { + tabId = tab.id; + } + + await UI.init(tabId); + + if (isBrowserAction) { + browser.tabs.onActivated.addListener(e => { + if (e.tabId !== tabId) close(); + }); + } + + await include("/ui/toolbar.js"); + { + let clickHandlers = { + "options": e => { + browser.runtime.openOptionsPage(); + close(); + }, + "close": close, + "reload": reload, + "temp-trust-page": e => sitesUI.tempTrustAll(), + "revoke-temp": e => { + UI.revokeTemp(); + close(); + } + }; + for (let [id, handler] of Object.entries(clickHandlers)) { + document.getElementById(id).onclick = handler; + } + } + { + let policy = UI.policy; + let pressed = policy.enforced; + let button = document.getElementById("enforce"); + button.setAttribute("aria-pressed", pressed); + button.textContent = button.title = _(pressed ? "NoEnforcement" : "Enforce"); + button.onclick = () => { + policy.enforced = !pressed; + UI.updateSettings({policy, reloadAffected: true}); + close(); + } + } + { + let pressed = !UI.unrestrictedTab; + let button = document.getElementById("enforce-tab"); + button.setAttribute("aria-pressed", pressed); + button.textContent = button.title = _(pressed ? "NoEnforcementForTab" : "EnforceForTab"); + if (UI.policy.enforced) { + button.onclick = () => { + UI.updateSettings({ + unrestrictedTab: pressed, + reloadAffected: true, + }); + close(); + } + } else { + button.disabled = true; + } + } + + + let mainFrame = UI.seen && UI.seen.find(thing => thing.request.type === "main_frame"); + debug("Seen: %o", UI.seen); + if (!mainFrame) { + + if (/^https?:/.test(tab.url) && !tab.url.startsWith("https://addons.mozilla.org/")) { + document.body.classList.add("disabled"); + showMessage("warning", _("freshInstallReload")); + let buttons = document.querySelector("#buttons"); + let b = document.createElement("button"); + b.textContent = _("OK"); + b.onclick = document.getElementById("reload").onclick = () => { + reload(); + close(); + } + buttons.appendChild(b); + b = document.createElement("button"); + b.textContent = _("Cancel"); + b.onclick = () => close(); + buttons.appendChild(b); + return; + } + showMessage("warning", _("privilegedPage")); + document.getElementById("temp-trust-page").disabled = true; + if (!UI.seen) return; + } + + let justDomains = !UI.local.showFullAddresses; + + sitesUI = new UI.Sites(document.getElementById("sites")); + + sitesUI.onChange = (row) => { + pendingReload = !row.temp2perm; + if (optionsClosed) return; + browser.tabs.query({url: browser.runtime.getManifest().options_ui.page }) + .then(tabs => { + browser.tabs.remove(tabs.map(t => t.id)); + }); + optionsClosed = true; + }; + initSitesUI(); + UI.onSettings = initSitesUI; + + + + function initSitesUI() { + pendingReload = false; + let { + typesMap + } = sitesUI; + typesMap.clear(); + let policySites = UI.policy.sites; + let domains = new Map(); + + function urlToLabel(url) { + let { + origin + } = url; + let match = policySites.match(url); + if (match) return match; + if (domains.has(origin)) { + if (justDomains) return domains.get(origin); + } else { + let domain = tld.getDomain(url.hostname); + domain = url.protocol === "https:" ? Sites.secureDomainKey(domain) : domain; + domains.set(origin, domain); + if (justDomains) return domain; + } + return origin; + } + let seen = UI.seen; + let parsedSeen = seen.map(thing => Object.assign({ + type: thing.policyType + }, Sites.parse(thing.request.url))) + .filter(parsed => parsed.url && parsed.url.origin !== "null"); + + let sitesSet = new Set( + parsedSeen.map(parsed => parsed.label = urlToLabel(parsed.url)) + ); + if (!justDomains) { + for (let domain of domains.values()) sitesSet.add(domain); + } + let sites = [...sitesSet]; + for (let parsed of parsedSeen) { + sites.filter(s => parsed.label === s || domains.get(parsed.url.origin) === s).forEach(m => { + let siteTypes = typesMap.get(m); + if (!siteTypes) typesMap.set(m, siteTypes = new Set()); + siteTypes.add(parsed.type); + }); + } + + sitesUI.mainUrl = new URL(mainFrame.request.url) + sitesUI.mainSite = urlToLabel(sitesUI.mainUrl); + sitesUI.mainDomain = tld.getDomain(sitesUI.mainUrl.hostname); + + sitesUI.render(sites); + } + + function reload() { + if (sitesUI) sitesUI.clear(); + browser.tabs.reload(tabId); + pendingReload = false; + } + + function close() { + if (isBrowserAction) { + window.close(); + } else { + //browser.windows.remove(tab.windowId); + browser.tabs.remove(tab.id); + } + } + + let { + onCompleted + } = browser.webNavigation; + + let loadSnapshot = sitesUI.snapshot; + let onCompletedListener = navigated => { + if (navigated.tabId === tabId) { + UI.pullSettings(); + } + }; + onCompleted.addListener(onCompletedListener, { + url: [{ + hostContains: sitesUI.mainDomain + }] + }); + addEventListener("unload", e => { + onCompleted.removeListener(onCompletedListener); + debug("pendingReload", pendingReload); + if (pendingReload) { + UI.updateSettings({ + policy: UI.policy, + reloadAffected: true, + }); + } + }, true); + } catch (e) { + error(e, "Can't open popup"); + close(); + } + +})(); diff --git a/src/ui/prompt.css b/src/ui/prompt.css new file mode 100644 index 0000000..9406f01 --- /dev/null +++ b/src/ui/prompt.css @@ -0,0 +1,91 @@ + +body { + bottom: 8px; + font-family: sans-serif; + font-size: 12px; + color: #222; +} + +#header { + text-align: left; + margin: 0; + line-height: 24px; + color: #048; + position: relative; + font-size: 24px; + z-index: 500; + padding: 8px; + display: block; + background: url(/img/icon96.png) no-repeat top right; + height: 96px; +} + +#title { + margin-right: 96px; + font-size: 24px; + position: absolute; + bottom: 0; + top: 0; +} + +#main { + background: linear-gradient(to bottom, #e4f5fc 0%,#bfe8f9 41%,#9fd8ef 90%,#2ab0ed 100%) no-repeat; + display: flex; + flex-direction: column; + align-items: center; + padding: 120px 16px 16px 16px; + top: 0; + left: 0; + right:0; + bottom: 0; + position: fixed; + justify-content: center; +} +#message { + flex-grow: 1; + width: 100%; + max-height: 300px; + padding: 8px; + text-align: center; + word-break: break-all; +} +#message.multiline { + overflow: auto; + font-size: 12px; + text-align: justify; + margin-bottom: 16px; + background: rgba(255,255,255,.5); +} +#message.multiline p { + margin: 1px; + padding: 0; +} +#options { + display: flex; + flex-grow: 2; + flex-direction: column; + text-align: left; + align-items:baseline; + justify-content: center; +} + + +#checks { + display: flex; + flex-direction: column; + flex-grow: 1; + text-align: left; +} + +#buttons { + width: 100%; + display: flex; + flex-grow: 0; + flex-direction: row; + align-items: center; + margin: 8px; + justify-content: space-around; +} +#buttons button { + min-width: 100px; +} diff --git a/src/ui/prompt.html b/src/ui/prompt.html new file mode 100644 index 0000000..902b375 --- /dev/null +++ b/src/ui/prompt.html @@ -0,0 +1,32 @@ +<!DOCTYPE html> +<html> +<head> +<meta charset="utf-8"> +<title></title> +<meta charset="utf-8"> +<link rel="stylesheet" type="text/css" href="prompt.css" /> +<script src="/lib/include.js"></script> +<script src="/lib/log.js"></script> +<script src="/common/locale.js"></script> +<script src="/ui/resize_hack.js"></script> +</head> +<body> +<div id="header"> +<h1 id="title"></h1> +</div> +<div id="main"> +<div id="message"> +</div> +<div id="options"> +<input type="radio"> +</div> +<div id="checks"> + <input type="checkbox"> +</div> +<div id="buttons"> + <button id="button0" type="submit">OK</button><button id="button1">Cancel</button> +</div> +</div> +<script src="prompt.js"></script> +</body> +</html> diff --git a/src/ui/prompt.js b/src/ui/prompt.js new file mode 100644 index 0000000..f19aac9 --- /dev/null +++ b/src/ui/prompt.js @@ -0,0 +1,91 @@ +(async () => { + window.bg = await browser.runtime.getBackgroundPage(); + ["Prompts"] + .forEach(p => window[p] = bg[p]); + let data = Prompts.promptData; + debug(data); + let {title, message, options, checks, buttons} = data.features; + + function labelFor(el, text) { + let label = document.createElement("label"); + label.setAttribute("for", el.id); + label.textContent = text; + return label; + } + + function createInput(container, {label, type, name, checked}, count) { + let input = document.createElement("input"); + input.type = type; + input.value = count; + input.name = name; + input.checked = checked; + input.id = `${name}-${count}`; + let sub = document.createElement("div"); + sub.appendChild(input); + sub.appendChild(labelFor(input, label)); + container.appendChild(sub); + } + + function createButton(container, label, count) { + let button = document.createElement("button"); + if (count === 0) button.type = "submit"; + button.id = `${button}-${count}`; + button.value = count; + button.textContent = label; + container.appendChild(button); + } + + function renderInputs(container, dataset, type, name) { + if (typeof container === "string") { + container = document.querySelector(container); + } + if (typeof dataset === "string") { + container.innerHTML = dataset; + return; + } + container.innerHTML = ""; + let count = 0; + if (dataset && dataset[Symbol.iterator]) { + let create = type === "button" ? createButton : createInput; + for (let data of dataset) { + data.type = type; + data.name = name; + create(container, data, count++); + } + } + } + if (title) { + document.title = title; + document.querySelector("#title").textContent = title; + } + if (message) { + let lines = message.split(/\n/); + let container = document.querySelector("#message"); + container.classList.toggle("multiline", lines.length > 1); + message.innerHTML = ""; + for (let l of lines) { + let p = document.createElement("p"); + p.textContent = l; + container.appendChild(p); + } + } + renderInputs("#options", options, "radio", "opt"); + renderInputs("#checks", checks, "checkbox", "flag"); + renderInputs("#buttons", buttons, "button", "button"); + addEventListener("unload", e => { + data.done(); + }); + + let buttonClicked = e => { + let {result} = data; + result.button = parseInt(e.currentTarget.value); + let option = document.querySelector('#options [type="radio"]:checked'); + result.option = option && parseInt(option.value); + result.checks = [...document.querySelectorAll('#checks [type="checkbox"]:checked')] + .map(c => parseInt(c.value)); + data.done(); + }; + for (let b of document.querySelectorAll("#buttons button")) { + b.addEventListener("click", buttonClicked); + } +})(); diff --git a/src/ui/resize_hack.js b/src/ui/resize_hack.js new file mode 100644 index 0000000..c981e28 --- /dev/null +++ b/src/ui/resize_hack.js @@ -0,0 +1,15 @@ +document.addEventListener("DOMContentLoaded", async e => { + // Fix for Fx57 bug where bundled page loaded using + // browser.windows.create won't show contents unless resized. + // See https://bugzilla.mozilla.org/show_bug.cgi?id=1402110 + let win = await browser.windows.getCurrent({populate: true}); + if (win.tabs[0].url === document.URL) { + debug("Resize hack"); + await browser.windows.update(win.id, { + width: win.width + 1 + }); + await browser.windows.update(win.id, { + width: win.width + }); + } +}); diff --git a/src/ui/siteInfo.html b/src/ui/siteInfo.html new file mode 100644 index 0000000..0cb24ec --- /dev/null +++ b/src/ui/siteInfo.html @@ -0,0 +1,5 @@ +<!DOCTYPE html> +<meta charset="utf-8"> +<script src="/lib/log.js"></script> +<script src="/lib/include.js"></script> +<script src="siteInfo.js"></script> diff --git a/src/ui/siteInfo.js b/src/ui/siteInfo.js new file mode 100644 index 0000000..708c983 --- /dev/null +++ b/src/ui/siteInfo.js @@ -0,0 +1,20 @@ +(async () => { + let [domain, tabId] = decodeURIComponent(location.hash.replace("#", "")).split(";"); + const BASE = "https://noscript.net"; + await include(['/lib/punycode.js', '/common/Storage.js']); + let {siteInfoConsent} = await Storage.get("sync", "siteInfoConsent"); + if (!siteInfoConsent) { + await include('/common/locale.js'); + siteInfoConsent = confirm(_("siteInfo_confirm", [domain, BASE])); + if (siteInfoConsent) { + await Storage.set("sync", {siteInfoConsent}); + } else { + let current = await browser.tabs.getCurrent(); + await browser.tabs.update(parseInt(tabId), {active: true}); + await browser.tabs.remove(current.id); + return; + } + } + let ace = punycode.toASCII(domain); + location.href = `${BASE}/about/${domain};${ace}`; +})(); diff --git a/src/ui/toolbar.js b/src/ui/toolbar.js new file mode 100644 index 0000000..d2a2f6e --- /dev/null +++ b/src/ui/toolbar.js @@ -0,0 +1,117 @@ +{ + let toolbar = document.getElementById("top"); + let spacer = toolbar.querySelector(".spacer"); + let hider = toolbar.querySelector(".hider"); + + if (UI.local.toolbarLayout) { + debug(uneval(UI.local.toolbarLayout)); + let {left, right, hidden} = UI.local.toolbarLayout; + for (let id of left) { + toolbar.insertBefore(document.getElementById(id), hider); + } + for (let id of right) { + toolbar.appendChild(document.getElementById(id)); + } + for (let id of hidden) { + hider.appendChild(document.getElementById(id)); + } + } + + for (let i of toolbar.querySelectorAll(".icon")) { + if (!i.title) i.title = i.textContent; + } + + function toggleHider(b) { + let cl = hider.classList; + cl.toggle("open", b); + cl.toggle("empty", !hider.querySelector(".icon")); + } + hider.querySelector(".hider-close").onclick = e => { + toggleHider(false); + }; + + toggleHider(false); + + let dnd = { + dragstart(ev) { + let d = ev.target; + if (hider.querySelectorAll(".icon").length) { + toggleHider(true); + } + + if (!d.classList.contains("icon")) { + ev.preventDefault(); + return; + } + d.style.opacity = ".5"; + let dt = ev.dataTransfer; + dt.setData("text/plain", d.id); + dt.dropEffect = "move"; + dt.setDragImage(d, 0, 0); + toggleHider(true); + }, + dragend(ev) { + ev.target.style.opacity = ""; + }, + dragover(ev) { + ev.preventDefault(); + }, + dragenter(ev) { + let t = ev.target; + }, + dragleave(ev) { + let t = ev.target; + }, + drop(ev) { + let t = ev.target; + let d = document.getElementById(ev.dataTransfer.getData("text/plain")); + switch(t) { + case hider: + t.appendChild(d); + break; + case toolbar: + t.insertBefore(d, ev.clientX < hider.offsetLeft ? hider : spacer.nextElementSibling); + break; + default: + t.parentNode.insertBefore(d, ev.clientX < (t.offsetLeft + t.offsetWidth) ? t : t.nextElementSibling); + } + + let left = [], right = []; + let side = left; + for (let el of document.querySelectorAll("#top > .icon, #top > .spacer")) { + if (el === spacer) { + side = right; + } else { + side.push(el.id); + } + } + UI.local.toolbarLayout = { + left, right, + hidden: Array.map(document.querySelectorAll("#top > .hider > .icon"), el => el.id), + }; + + debug("%o", UI.local); + UI.updateSettings({local: UI.local}); + }, + + click(ev) { + let el = ev.target; + if (el.parentNode === hider && el.classList.contains("icon")) { + ev.preventDefault(); + ev.stopPropagation(); + } else if (el === spacer || el.classList.contains("reveal")) { + toggleHider(true); + } + } + + }; + + + for (let [action, handler] of Object.entries(dnd)) { + toolbar.addEventListener(action, handler, true); + } + + for (let draggable of document.querySelectorAll("#top .icon")) { + draggable.setAttribute("draggable", "true"); + } +} diff --git a/src/ui/ui-hc.css b/src/ui/ui-hc.css new file mode 100644 index 0000000..fd70e2a --- /dev/null +++ b/src/ui/ui-hc.css @@ -0,0 +1,63 @@ +input { + transform: none !important; + width: auto !important; + position: static !important; +} + +input[type="radio"] { + -moz-appearance: radio !important; + padding-right: .2em !important; +} +input[type="checkbox"] { + -moz-appearance: checkbox !important; +} + + +button { + text-indent: 0 !important; +} + +label { + display: initial !important; + position: static !important; + transform: none !important; + opacity: 1 !important; + text-indent: 0 !Important; + position: static; + width: auto !important; + padding: 4px !important; +} + +span.preset { + display: block; + width: auto !important; + white-space: nowrap !important; +} + +input.temp { + position: static !important; + opacity: 1 !important; +} + +.full-address { + font-size: 130%; +} + +tr.site { + border-top: 1px solid #888; +} + +#top { + display:flex; + flex-flow: row; + justify-content: space-around; + +} +#top button { + position: static; + width: auto; +} +#top button.icon { + font-size: 12px !important; + font-family: arial sans-serif !important; +} diff --git a/src/ui/ui.css b/src/ui/ui.css new file mode 100644 index 0000000..55f9247 --- /dev/null +++ b/src/ui/ui.css @@ -0,0 +1,391 @@ + +body { + font-family: sans-serif; + font: -moz-use-system-font; + font-size: 12px; +} + +.mobile > body { + font-size: 4mm; + min-width: auto; +} + +.mobile .desktop { + display: none !important; +} + + @media (max-width: 100mm) { + body { + background-size: 4em !important; + padding-right: 0 !important; + } + + .presets { + width: 0; + } + + .presets input.preset { + min-width: 0 !important; + background-color: none !important; + margin-bottom: 0; + margin-top: 1mm; + font-weight: bold; + } + .presets input.temp { + position: static; + } + .presets label.preset { + font-size: 50%; + top: -1mm; + left: 0; + margin: 0; + padding: 0; + text-align: center; + text-shadow: 0 0 4px #ff8; + position: absolute; + overflow: visible; + } + + td.presets { + white-space: nowrap !important; + vertical-align: bottom; + } + .url { + white-space: wrap; + word-break: break-all; + font-size: 75%; + letter-spacing: -0.2mm; + + } + + } + +input[type="text"] { + border: 1px solid; +} +input[type="checkbox"] { + width: 1em; + height: 1em; +} + +.presets { + -moz-user-select: none; +} +.sites { + border: 0; + background: white; + border-collapse: collapse; + border-spacing: 0; + width: 100%; + overflow-y: auto; + +} +.sites tr, .sites td { + margin: 0; + padding: 0; + border: none; + font-size: 1em; +} +.sites > tr.site:hover, .sites > tr.sites:active { + background: #abf; +} +.sites > tr:nth-child(even) {background: #fff} +.sites > tr:nth-child(odd) {background: #eee} + +.site .url { + padding: 0 0 0 0.5em; + color: #ccc; + vertical-align: middle; +} +.site .url .protocol { display: none } + +.site .url .domain { cursor: help } + +[data-key="domain"] .full-address .host, +[data-key="domain"] .full-address .sub, +[data-key="domain"] .full-address .protocol, +[data-key="host"] .full-address span .protocol, +[data-key="host"] .full-address span .protocol, { + background-color: #afe; +} +[data-key="host"] .full-address span .protocol, +[data-key="domain"] .full-address span .host, +[data-key="domain"] .full-address span .protocol { + border: none; +} + + +.site .url[data-key="domain"] .domain, +.site .url[data-key="host"] .domain, +.site .url[data-key="host"] .sub, +.site .url[data-key="unsafe"] span { + color: #a00; +} + +.site .url[data-key="secure"] .domain, +.site .url[data-key="secure"] .sub, +.site .url[data-key="full"] span { + color: black; +} + +.site .url[data-key="full"] span, +.site .url[data-key="unsafe"] span { + display: initial; +} + +.site .url .domain { + font-weight: bold; +} + +input.https-only { + font-size: 1em; + -moz-appearance: none; + background: url(/img/ui-http64.png) no-repeat center; + background-size: 1.5em; + width: 1.5em; + height: 1.5em; + margin: 0 0 -0.13em 0.13em; + padding:0; + cursor: pointer; +} +input.https-only:checked { + background-image: url(/img/ui-https64.png); +} +label.https-only { + display: none; +} + +[data-preset="UNTRUSTED"] .https-only, [data-preset="DEFAULT"] .https-only { + visibility: hidden; +} + + +td.presets { + font-size: 1em; + white-space: nowrap; +} + +.mobile td.presets { + white-space: normal; +} + +span.preset { + position: relative; + display: inline-block; + top: 0.13em; + font-size: 1em; +} + +.preset label, .preset input, .preset button { + cursor: pointer; +} + +.presets input.preset { + font-size: 1em; + -moz-appearance: none; + background: url(/img/ui-no64.png) no-repeat center left; + background-size: 1.5em; + width: 1.5em; + height: 1.5em; + outline: 0; + opacity: .5; + margin: 0 .5em 0.13em .5em; +} + +input.preset:active, input.preset:focus, input.preset:hover { + background-color: #ff8; + border-radius: .5em; +} + +.presets input.preset:checked, #presets input.preset { + opacity: 1; + transform: none; + min-width: 9.38em; + background-color: #ddd; + border-radius: 0.5em; +} + +.presets input.preset:focus { + transform: none; +} +.sites input + label { + font-size: 1em; + line-height: 1.5em; + vertical-align: top; +} +.presets label.preset { + padding: 0; + letter-spacing: -0.06em; + width: 0em; + overflow: hidden; + display: none; + text-transform: uppercase; + color: #000; + opacity: .6; + position: absolute; + left: 0em; + padding-left: 2.5em; + + transition: 0.2s all; +} + +.presets input.preset[value^="T"] + label { + text-transform: none; +} + +.presets input.preset:checked + label, #presets .presets label { + opacity: 1; + width: 100%; + display: inline-block; +} + +button.options { + -moz-appearance: none; + border: none; + background: none transparent; + font-family: sans-serif; + font-weight: bold; + color: #048; + text-shadow: -0.06em -0.06em 0.06em #fff, 0.13em 0.13em 0.13em #000; + padding: 0; + margin: 0; +} + +.preset .options { + -moz-appearance: none; + + border: 0; + background: none; + font-size: 1em; + width: 1em; + height: 1em; + + opacity: 0; + position: absolute; + bottom: 0.88em; + left: 1.13em; + + pointer-events: none; + +} + +.preset:hover input.preset:checked ~ .options { + display: block; + opacity: 1; + bottom: 0.38em; + +} +input.preset[value="T_TRUSTED"] { + background-image: url(/img/ui-temp64.png); +} + +input.preset[value="TRUSTED"] { + background-image: url(/img/ui-yes64.png) +} +input.preset[value="UNTRUSTED"] { + background-image: url(/img/ui-black64.png) +} +input.preset[value="CUSTOM"] { + background-image: url(/img/ui-custom64.png) +} + +input.temp { + font-size: 1em; + -moz-appearance: none; + margin: 0; + padding: 0; + border: 0; + opacity: 0; + background: url(/img/ui-clock64.png) no-repeat center; + background-size: 60%; + width: 1.5em; + height: 1.5em; + transition: 0.2s all; + right: 0; + top: 0; + pointer-events: none; + position: absolute; +} + +input.temp + label { + display: none; +} + +input.preset:checked ~ input.temp { + opacity: .5; + right: .5em; + pointer-events: all; +} +.presets input.preset:checked ~ input.temp:checked { + opacity: 1 !important; + background-size: 100%; + +} + +.customizing input.preset:checked, #presets input.preset:checked, .customizer fieldset { + background-color: #ffb !important; + border-radius: 0.5em 0.5em 0 0; + margin: 0 0.06em 0.06em 0.06em; +} +.customizing input.preset:checked, #presets input.preset, #presets input.preset:checked { + margin: 0 1em -0.2em 1em; + border-radius: 0.5em 0.5em 0 0; +} + +.customizing input.preset:checked + label.preset { + padding-left: 3em; +} + +.customizing, .customizer { + background-color: #cca !important; +} + +.customizer div { + transition: 0.2s height; + padding: 0; + margin: 0; +} + +span.cap { + white-space: nowrap; + display: inline-block; +} + +.customizer.closed .customizer-controls { + height: 0; + overflow: hidden; +} + +span.cap { + padding: 0.5em; + font-weight: normal; +} + +span.cap.needed { + font-weight: bold; + background-color: #c88; +} + +fieldset { + border: 0; + padding: 1.5em 0.5em 0.5em 0.5em; + margin: 0; + position: relative; +} + +legend { + font-weight: bold; + display: inline; + position: absolute; + top: 0.25em; + left: 1em; + white-space: nowrap; +} +.customizer legend { + font-weight: bold; + font-size: 0.75em; +} + +#presets .https-only { + display: none; +} diff --git a/src/ui/ui.js b/src/ui/ui.js new file mode 100644 index 0000000..99943d7 --- /dev/null +++ b/src/ui/ui.js @@ -0,0 +1,661 @@ +'use strict'; +var UI = (() => { + + var UI = { + initialized: false, + + presets: { + "DEFAULT": "Default", + "T_TRUSTED": "Trusted_temporary", + "TRUSTED": "Trusted_permanent", + "UNTRUSTED": "Untrusted", + "CUSTOM": "Custom", + }, + + async init(tabId = -1) { + UI.tabId = tabId; + let scripts = [ + "/ui/ui.css", + "/lib/punycode.js", + "/lib/tld.js", + "/common/Policy.js", + ]; + this.mobile = !("windows" in browser); + if (this.mobile) { + document.documentElement.classList.toggle("mobile", true); + scripts.push("/lib/fastclick.js"); + } + await include(scripts); + + detectHighContrast(); + + let inited = new Promise(resolve => { + let listener = m => { + if (m.type === "settings") { + UI.policy = new Policy(m.policy); + UI.snapshot = UI.policy.snapshot; + UI.seen = m.seen; + UI.unrestrictedTab = m.unrestrictedTab; + UI.xssUserChoices = m.xssUserChoices; + UI.local = m.local; + UI.sync = m.sync; + if (UI.local && !UI.local.debug) { + debug = () => {}; // be quiet! + } + resolve(); + if (UI.onSettings) UI.onSettings(); + } + }; + browser.runtime.onMessage.addListener(listener); + + if (this.mobile) FastClick.attach(document.body); + UI.pullSettings(); + }); + + await inited; + + this.initialized = true; + debug("Imported", Policy); + }, + async pullSettings() { + browser.runtime.sendMessage({type: "NoScript.broadcastSettings", tabId: UI.tabId}); + }, + async updateSettings({policy, xssUserChoices, unrestrictedTab, local, sync, reloadAffected}) { + if (policy) policy = policy.dry(true); + return await browser.runtime.sendMessage({type: "NoScript.updateSettings", + policy, + xssUserChoices, + unrestrictedTab, + local, + sync, + reloadAffected, + tabId: UI.tabId, + }); + }, + + async exportSettings() { + return await browser.runtime.sendMessage({type: "NoScript.exportSettings"}); + }, + async importSettings(data) { + return await browser.runtime.sendMessage({type: "NoScript.importSettings", data}); + }, + + async revokeTemp() { + let policy = this.policy; + Policy.hydrate(policy.dry(), policy); + if (this.isDirty(true)) { + await this.updateSettings({policy, reloadAffected: true}); + } + }, + + isDirty(reset = false) { + let currentSnapshot = this.policy.snapshot; + let dirty = currentSnapshot != this.snapshot; + if (reset) this.snapshot = currentSnapshot; + return dirty; + }, + + async openSiteInfo(domain) { + let url = `/ui/siteInfo.html#${encodeURIComponent(domain)};${UI.tabId}`; + browser.tabs.create({url}); + } + }; + + function detectHighContrast() { + // detect high contrast + let canary = document.createElement("input"); + canary.className="https-only"; + canary.style.display = "none"; + document.body.appendChild(canary); + if (UI.highContrast = window.getComputedStyle(canary).backgroundImage === "none") { + include("/ui/ui-hc.css"); + document.documentElement.classList.toggle("hc"); + } + canary.parentNode.removeChild(canary); + } + + function fireOnChange(sitesUI, data) { + if (UI.isDirty(true)) { + UI.updateSettings({policy: UI.policy}); + if (sitesUI.onChange) sitesUI.onChange(data, this); + } + } + + function compareBy(prop, a, b) { + let x = a[prop], y = b[prop]; + return x > y ? 1 : x < y ? -1 : 0; + } + + const TEMPLATE = ` + <table class="sites"> + <tr class="site"> + + <td class="presets"> + <span class="preset"> + <input id="preset" class="preset" type="radio" name="preset"><label for="preset" class="preset">PRESET</label> + <button class="options tiny">⚙</button> + <input id="temp" class="temp" type="checkbox"><label for="temp">Temporary</input> + </span> + </td> + + <td class="url" data-key="secure"> + <input class="https-only" id="https-only" type="checkbox"><label for="https-only" class="https-only"></label> + <span class="full-address"> + <span class="protocol">https://</span><span class="sub">www.</span><span class="domain">noscript.net</span><span class="path"></span> + </span> + </td> + + + + </tr> + <tr class="customizer"> + <td colspan="2"> + <div class="customizer-controls"> + <fieldset><legend></legend> + <span class="cap"> + <input class="cap" type="checkbox" value="script" /> + <label class="cap">script</label> + </span> + </fieldset> + </div> + </td> + </tr> + </table> + `; + + const TEMP_PRESETS = ["CUSTOM"]; + const DEF_PRESETS = { + // name: customizable, + "DEFAULT": false, + "T_TRUSTED": false, + "TRUSTED": false, + "UNTRUSTED": false, + "CUSTOM": true, + }; + + UI.Sites = class { + constructor(parentNode, presets = DEF_PRESETS) { + this.parentNode = parentNode; + let policy = UI.policy; + this.uiCount = UI.Sites.count = (UI.Sites.count || 0) + 1; + this.sites = policy.sites; + this.presets = presets; + this.customizing = null; + this.typesMap = new Map(); + this.clear(); + } + + initRow(table = this.table) { + let row = table.querySelector("tr.site"); + + // PRESETS + { + let presets = row.querySelector(".presets"); + let [span, input, label, options] = presets.querySelectorAll("span.preset, input.preset, label.preset, .options"); + span.remove(); + options.title = _("Options"); + for (let [preset, customizable] of Object.entries(this.presets)) { + let messageKey = UI.presets[preset]; + input.value = preset; + label.textContent = label.title = input.title = _(messageKey); + let clone = span.cloneNode(true); + clone.classList.add(preset); + let temp = clone.querySelector(".temp"); + if (TEMP_PRESETS.includes(preset)) { + temp.title = _("allowTemp", `(${label.title.toUpperCase()})`); + temp.nextElementSibling.textContent = _("allowTemp", ""); // label; + } else { + temp.nextElementSibling.remove(); + temp.remove(); + } + if (customizable) { + clone.querySelector(".options").remove(); + } + presets.appendChild(clone); + } + } + + // URL + { + let [input, label] = row.querySelectorAll("input.https-only, label.https-only"); + input.title = label.title = label.textContent = _("httpsOnly"); + } + + // CUSTOMIZER ROW + { + let [customizer, legend, cap, capInput, capLabel] = table.querySelectorAll(".customizer, legend, span.cap, input.cap, label.cap"); + row._customizer = customizer; + customizer.remove(); + let capParent = cap.parentNode; + capParent.removeChild(cap); + legend.textContent = _("allow"); + let idSuffix = UI.Sites.count; + for (let capability of Permissions.ALL) { + capInput.id = `capability-${capability}-${idSuffix}` + capLabel.setAttribute("for", capInput.id); + capInput.value = capability; + capInput.title = capLabel.textContent = _(`cap_${capability}`); + let clone = capParent.appendChild(cap.cloneNode(true)); + clone.classList.add(capability); + } + } + + // debug(table.outerHTML); + return row; + } + + allSiteRows() { + return this.table.querySelectorAll("tr.site"); + } + clear() { + debug("Clearing list", this.table); + + this.template = document.createElement("template"); + this.template.innerHTML = TEMPLATE; + this.fragment = this.template.content; + this.table = this.fragment.querySelector("table.sites"); + this.rowTemplate = this.initRow(); + + for (let r of this.allSiteRows()) { + r.parentNode.removeChild(r); + } + this.customize(null); + this.sitesCount = 0; + } + + siteNeeds(site, type) { + let siteTypes = this.typesMap && this.typesMap.get(site); + return !!siteTypes && siteTypes.has(type); + } + + handleEvent(ev) { + let target = ev.target; + let customizer = target.closest(".customizer"); + let row = customizer ? customizer.parentNode.querySelector("tr.customizing") : target.closest("tr.site"); + if (!row) return; + row.temp2perm = false; + let isTemp = target.matches("input.temp"); + let preset = target.matches("input.preset") ? target + : customizer || isTemp ? row.querySelector("input.preset:checked") + : target.closest("input.preset"); + debug("%s target %o\n\trow %s, perms %o\npreset %s %s", + ev.type, + target, row && row.siteMatch, row && row.perms, + preset && preset.value, preset && preset.checked); + + if (!preset) { + if (target.matches("input.https-only") && ev.type === "change") { + this.toggleSecure(row, target.checked); + fireOnChange(this, row); + } else if (target.matches(".domain")) { + UI.openSiteInfo(row.domain); + } + return; + } + + let policy = UI.policy; + let {siteMatch, contextMatch, perms} = row; + let presetValue = preset.value; + let policyPreset = presetValue.startsWith("T_") ? policy[presetValue.substring(2)].tempTwin : policy[presetValue]; + + if (policyPreset) { + if (row.perms !== policyPreset) { + row.temp2perm = row.perms && policyPreset.tempTwin === row.perms; + row.perms = policyPreset; + } + } + + + let isCap = customizer && target.matches(".cap"); + let tempToggle = preset.parentNode.querySelector("input.temp"); + + if (ev.type === "change") { + if (preset.checked) { + row.dataset.preset = preset.value; + } + if (isCap) { + perms.set(target.value, target.checked); + } else if (policyPreset) { + if (tempToggle && tempToggle.checked) { + policyPreset = policyPreset.tempTwin; + } + row.contextMatch = null; + row.perms = policyPreset; + delete row._customPerms; + debug("Site match", siteMatch); + if (siteMatch) { + policy.set(siteMatch, policyPreset); + } else { + this.customize(policyPreset, preset, row); + } + + } else if (preset.value === "CUSTOM") { + if (isTemp) { + row.perms.temp = target.checked; + } else { + let temp = preset.parentNode.querySelector("input.temp").checked; + let perms = row._customPerms || + (row._customPerms = new Permissions(new Set(row.perms.capabilities), temp)); + row.perms = perms; + policy.set(siteMatch, perms); + this.customize(perms, preset, row); + } + } + fireOnChange(this, row); + } else if (!(isCap || isTemp) && ev.type === "click") { + this.customize(row.perms, preset, row); + } + } + + customize(perms, preset, row) { + debug("Customize preset %s (%o) - Dirty: %s", preset && preset.value, perms, this.dirty); + for(let r of this.table.querySelectorAll("tr.customizing")) { + r.classList.toggle("customizing", false); + } + let customizer = this.rowTemplate._customizer; + customizer.classList.toggle("closed", true); + + if (!(perms && row && preset && + row.dataset.preset === preset.value && + this.presets[preset.value] && + preset !== customizer._preset)) { + delete customizer._preset; + return; + } + + customizer._preset = preset; + row.classList.toggle("customizing", true); + let immutable = Permissions.IMMUTABLE[preset.value] || {}; + for (let input of customizer.querySelectorAll("input")) { + let type = input.value; + if (type in immutable) { + input.disabled = true; + input.checked = immutable[type]; + } else { + input.checked = perms.allowing(type); + input.disabled = false; + } + input.parentNode.classList.toggle("needed", this.siteNeeds(row._site, type)); + row.parentNode.insertBefore(customizer, row.nextElementSibling); + customizer.classList.toggle("closed", false); + customizer.onkeydown = e => { + switch(e.keyCode) { + case 38: + case 8: + e.preventDefault(); + this.onkeydown = null; + this.customize(null); + preset.focus(); + return false; + } + } + window.setTimeout(() => customizer.querySelector("input").focus(), 50); + } + } + + render(sites = this.sites, sorter = this.sorter) { + let parentNode = this.parentNode; + debug("Rendering %o inside %o", sites, parentNode); + if (sites) this._populate(sites, sorter); + parentNode.innerHTML = ""; + parentNode.appendChild(this.fragment); + let root = parentNode.querySelector("table.sites"); + debug("Wiring", root); + if (!root.wiredBy) { + root.addEventListener("click", this, true); + root.addEventListener("change", this, true); + root.wiredBy = this; + } + return root; + } + + _populate(sites, sorter) { + this.clear(); + if (sites instanceof Sites) { + for (let [site, perms] of sites) { + this.append(site, site, perms); + } + } else { + for (let site of sites) { + let context = null; + if (site.site) { + site = site.site; + context = site.context; + } + let {siteMatch, perms, contextMatch} = UI.policy.get(site, context); + this.append(site, siteMatch, perms, contextMatch); + } + this.sites = sites; + } + this.sort(sorter); + window.setTimeout(() => this.focus(), 50); + } + + focus() { + let firstPreset = this.table.querySelector("input.preset:checked"); + if (firstPreset) firstPreset.focus(); + } + + sort(sorter = this.sorter) { + if (this.mainDomain) { + let md = this.mainDomain; + let wrappedCompare = sorter; + sorter = (a, b) => { + let x = a.domain, y = b.domain; + if (x === md) { + if (y !== md) { + return -1; + } + } else if (y === md) { + return 1; + } + return wrappedCompare(a, b); + } + } + let rows = [...this.allSiteRows()].sort(sorter); + if (this.mainSite) { + let mainLabel = "." + this.mainDomain; + let topIdx = rows.findIndex(r => r._label === mainLabel); + if (topIdx === -1) rows.findIndex(r => r._site === this.mainSite); + if (topIdx !== -1) { + // move the row to the top + let topRow = rows.splice(topIdx, 1)[0]; + rows.unshift(topRow); + topRow.classList.toggle("main", true); + } + } + this.clear(); + for (let row of rows) this.table.appendChild(row); + this.table.appendChild(this.rowTemplate._customizer); + } + + sorter(a, b) { + return compareBy("domain", a, b) || compareBy("_label", a, b); + } + + async tempTrustAll() { + let {policy} = UI; + let changed = 0; + for (let row of this.allSiteRows()) { + if (row._preset === "DEFAULT") { + policy.set(row._site, policy.TRUSTED.tempTwin); + changed++; + } + } + if (changed && UI.isDirty(true)) { + await UI.updateSettings({policy, reloadAffected: true}); + } + return changed; + } + + createSiteRow(site, siteMatch, perms, contextMatch = null, sitesCount = this.sitesCount++) { + debug("Creating row for site: %s, matching %s / %s, %o", site, siteMatch, contextMatch, perms); + + let row = this.rowTemplate.cloneNode(true); + row.sitesCount = sitesCount; + let url; + try { + url = new URL(site); + } catch (e) { + let protocol = Sites.isSecureDomainKey(site) ? "https:" : "http:"; + let hostname = Sites.toggleSecureDomainKey(site, false); + url = {protocol, hostname, origin: `${protocol}://${site}`, pathname: "/"}; + } + + let hostname = Sites.toExternal(url.hostname); + let domain = tld.getDomain(hostname); + + if (!siteMatch) { + // siteMatch = url.protocol === "https:" ? Sites.secureDomainKey(domain) : site; + siteMatch = site; + } + let secure = Sites.isSecureDomainKey(siteMatch); + let keyStyle = secure ? "secure" + : !domain || /^\w+:/.test(siteMatch) ? + (url.protocol === "https:" ? "full" : "unsafe") + : domain === hostname ? "domain" : "host"; + + let urlContainer = row.querySelector(".url"); + urlContainer.dataset.key = keyStyle; + row._site = site; + + row.siteMatch = siteMatch; + row.contextMatch = contextMatch; + row.perms = perms; + row.domain = domain || siteMatch; + if (domain) { // "normal" URL + let justDomain = hostname === domain; + let domainEntry = secure || domain === site; + row._label = domainEntry ? "." + domain : site; + row.querySelector(".protocol").textContent = `${url.protocol}//`; + row.querySelector(".sub").textContent = justDomain ? + (keyStyle === "full" || keyStyle == "unsafe" + ? "" : "…") + : hostname.substring(0, hostname.length - domain.length); + + row.querySelector(".domain").textContent = domain; + row.querySelector(".path").textContent = siteMatch.length > url.origin.length ? url.pathname : ""; + let httpsOnly = row.querySelector("input.https-only"); + httpsOnly.checked = keyStyle === "full" || keyStyle === "secure"; + } else { + row._label = siteMatch; + urlContainer.querySelector(".full-address").textContent = siteMatch; + } + + let presets = row.querySelectorAll("input.preset"); + let idSuffix = `-${this.uiCount}-${sitesCount}`; + for (let p of presets) { + p.id = `${p.value}${idSuffix}`; + p.name = `preset${idSuffix}`; + let label = p.nextElementSibling; + label.setAttribute("for", p.id); + let temp = p.parentNode.querySelector("input.temp"); + if (temp) { + temp.id = `temp-${p.id}`; + label = temp.nextElementSibling; + label.setAttribute("for", temp.id); + } + } + let policy = UI.policy; + + let presetName = "CUSTOM"; + for (let p of ["TRUSTED", "UNTRUSTED", "DEFAULT"]) { + let preset = policy[p]; + switch (perms) { + case preset: + presetName = p; + break; + case preset.tempTwin: + presetName = `T_${p}`; + if (!presetName in UI.presets) { + presetName = p; + } + break; + } + } + let tempFirst = true; // TODO: make it a preference + let unsafeMatch = keyStyle !== "secure" && keyStyle !== "full"; + if (presetName === "DEFAULT" && (tempFirst || unsafeMatch)) { + // prioritize temporary privileges over permanent + for (let p of TEMP_PRESETS) { + if (p in this.presets && (unsafeMatch || tempFirst && p === "TRUSTED")) { + row.querySelector(`.presets input[value="${p}"]`).parentNode.querySelector("input.temp").checked = true; + perms = policy.TRUSTED.tempTwin; + } + } + } + let preset = row.querySelector(`.presets input[value="${presetName}"]`); + if (!preset) { + debug(`Preset %s not found in %s!`, presetName, row.innerHTML); + } else { + preset.checked = true; + row.dataset.preset = row._preset = presetName; + if (TEMP_PRESETS.includes(presetName)) { + let temp = preset.parentNode.querySelector("input.temp"); + if (temp) { + temp.checked = perms.temp; + } + } + } + return row; + } + + append(site, siteMatch, perms, contextMatch) { + this.table.appendChild(this.createSiteRow(...arguments)); + } + + toggleSecure(row, secure = !!row.querySelector("https-only:checked")) { + this.customize(null); + let site = row.siteMatch; + site = site.replace(/^https?:/, secure ? "https:" : "http:"); + if (site === row.siteMatch) { + site = Sites.toggleSecureDomainKey(site, secure); + } + if (site !== row.siteMatch) { + let {policy} = UI; + policy.set(row.siteMatch, policy.DEFAULT); + policy.set(site, row.perms); + for(let r of this.allSiteRows()) { + if (r !== row && r.siteMatch === site && r.contextMatch === row.contextMatch) { + r.parentNode.removeChild(r); + } + } + let newRow = this.createSiteRow(site, site, row.perms, row.contextMatch, row.sitesCount); + row.parentNode.replaceChild(newRow, row); + } + } + + highlight(key) { + key = Sites.toExternal(key); + for (let r of this.allSiteRows()) { + if (r.querySelector(".full-address").textContent.trim().includes(key)) { + let url = r.lastElementChild; + url.style.transition = r.style.transition = "none"; + r.style.backgroundColor = "#850"; + url.style.transform = "scale(2)"; + r.querySelector("input.preset:checked").focus(); + window.setTimeout(() => { + r.style.transition = "1s background-color"; + url.style.transition = "1s transform"; + r.style.backgroundColor = ""; + url.style.transform = "none"; + r.scrollIntoView(); + }, 50); + } + } + } + + filterSites(key) { + key = Sites.toExternal(key); + for (let r of this.allSiteRows()) { + if (r.querySelector(".full-address").textContent.trim().includes(key)) { + r.style.display = ""; + } else { + r.style.display = "none"; + } + } + } + } + + return UI; +})(); diff --git a/src/ui/whirlpool.css b/src/ui/whirlpool.css new file mode 100644 index 0000000..0e2147a --- /dev/null +++ b/src/ui/whirlpool.css @@ -0,0 +1,45 @@ + +.cssload-container{ + position:relative; +} + +.cssload-whirlpool, +.cssload-whirlpool::before, +.cssload-whirlpool::after { + position: absolute; + top: 50%; + left: 50%; + border: 1px solid rgb(204,204,204); + border-left-color: rgb(0,0,0); + border-radius: 974px; +} + +.cssload-whirlpool { + margin: -24px 0 0 -24px; + height: 49px; + width: 49px; + animation: cssload-rotate 1150ms linear infinite; +} + +.cssload-whirlpool::before { + content: ""; + margin: -22px 0 0 -22px; + height: 43px; + width: 43px; + animation: cssload-rotate 1150ms linear infinite; +} + +.cssload-whirlpool::after { + content: ""; + margin: -28px 0 0 -28px; + height: 55px; + width: 55px; + animation: cssload-rotate 2300ms linear infinite; +} + + +@keyframes cssload-rotate { + 100% { + transform: rotate(360deg); + } +} diff --git a/src/xss/ASPIdiocy.js b/src/xss/ASPIdiocy.js new file mode 100644 index 0000000..c9958f1 --- /dev/null +++ b/src/xss/ASPIdiocy.js @@ -0,0 +1,638 @@ +'use strict'; + +var ASPIdiocy = XSS.ASPIdiocy = { + _replaceRx: /%u([0-9a-fA-F]{4})/g, + _affectsRx: /%u[0-9a-fA-F]{4}/, + _badPercentRx: /%(?!u[0-9a-fA-F]{4}|[0-9a-fA-F]{2})|%(?:00|u0000)[^&=]*/g, + + hasBadPercents(s) { + return this._badPercentRx.test(s) + }, + removeBadPercents(s) { + return s.replace(this._badPercentRx, ''); + }, + affects(s) { + return this._affectsRx.test(s); + }, + process(s) { + s = this.filter(s); + return /[\uff5f-\uffff]/.test(s) ? s + '&' + s.replace(/[\uff5f-\uffff]/g, '?') : s; + }, + filter(s) { + return this.removeBadPercents(s).replace(this._replaceRx, this._replace) + }, + + coalesceQuery(s) { // HPP protection, see https://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf + let qm = s.indexOf("?"); + if (qm < 0) return s; + let p = s.substring(0, qm); + let q = s.substring(qm + 1); + if (!q) return s; + + let unchanged = true; + let emptyParams = false; + + let pairs = (function rearrange(joinNames) { + let pairs = q.split("&"); + let accumulator = { + __proto__: null + }; + for (let j = 0, len = pairs.length; j < len; j++) { + let nv = pairs[j]; + let eq = nv.indexOf("="); + if (eq === -1) { + emptyParams = true; + if (joinNames && j < len - 1) { + pairs[j + 1] = nv + "&" + pairs[j + 1]; + delete pairs[j]; + } + continue; + } + let key = "#" + unescape(nv.substring(0, eq)).toLowerCase(); + if (key in accumulator) { + delete pairs[j]; + pairs[accumulator[key]] += ", " + nv.substring(eq + 1); + unchanged = false; + } else { + accumulator[key] = j; + } + } + return (emptyParams && !(unchanged || joinNames)) ? + pairs.concat(rearrange(true).filter(p => pairs.indexOf(p) === -1)) : + pairs; + })(); + + if (unchanged) return s; + for (let j = pairs.length; j-- > 0;) + if (!pairs[j]) pairs.splice(j, 1); + return p + pairs.join("&"); + }, + + _replace(match, hex) { + const k = parseInt(hex, 16); + const map = ASPIdiocy.map; + if (k in map) return map[k]; + const range = ASPIdiocy._findRange(k); + return range && range.data || String.fromCharCode(k); + }, + _findRange(k) { + const ranges = this.ranges; + for (let low = 0, high = ranges.length - 1; low <= high;) { + let i = parseInt((low + high) / 2); + let r = ranges[i]; + let comparison = k < r.start ? 1 : k > r.end ? -1 : 0; + if (comparison < 0) low = i + 1; + else if (comparison > 0) high = i - 1; + else return r; + } + return null; + } +} + +XSS.ASPIdiocy.map = { + 0x100: "\x41", + 0x101: "\x61", + 0x102: "\x41", + 0x103: "\x61", + 0x104: "\x41", + 0x105: "\x61", + 0x106: "\x43", + 0x107: "\x63", + 0x108: "\x43", + 0x109: "\x63", + 0x10a: "\x43", + 0x10b: "\x63", + 0x10c: "\x43", + 0x10d: "\x63", + 0x10e: "\x44", + 0x10f: "\x64", + 0x110: "\ufffd", + 0x111: "\x64", + 0x112: "\x45", + 0x113: "\x65", + 0x114: "\x45", + 0x115: "\x65", + 0x116: "\x45", + 0x117: "\x65", + 0x118: "\x45", + 0x119: "\x65", + 0x11a: "\x45", + 0x11b: "\x65", + 0x11c: "\x47", + 0x11d: "\x67", + 0x11e: "\x47", + 0x11f: "\x67", + 0x120: "\x47", + 0x121: "\x67", + 0x122: "\x47", + 0x123: "\x67", + 0x124: "\x48", + 0x125: "\x68", + 0x126: "\x48", + 0x127: "\x68", + 0x128: "\x49", + 0x129: "\x69", + 0x12a: "\x49", + 0x12b: "\x69", + 0x12c: "\x49", + 0x12d: "\x69", + 0x12e: "\x49", + 0x12f: "\x69", + 0x130: "\x49", + 0x131: "\x69", + 0x134: "\x4a", + 0x135: "\x6a", + 0x136: "\x4b", + 0x137: "\x6b", + 0x138: "\x3f", + 0x139: "\x4c", + 0x13a: "\x6c", + 0x13b: "\x4c", + 0x13c: "\x6c", + 0x13d: "\x4c", + 0x13e: "\x6c", + 0x141: "\x4c", + 0x142: "\x6c", + 0x143: "\x4e", + 0x144: "\x6e", + 0x145: "\x4e", + 0x146: "\x6e", + 0x147: "\x4e", + 0x148: "\x6e", + 0x14c: "\x4f", + 0x14d: "\x6f", + 0x14e: "\x4f", + 0x14f: "\x6f", + 0x150: "\x4f", + 0x151: "\x6f", + 0x154: "\x52", + 0x155: "\x72", + 0x156: "\x52", + 0x157: "\x72", + 0x158: "\x52", + 0x159: "\x72", + 0x15a: "\x53", + 0x15b: "\x73", + 0x15c: "\x53", + 0x15d: "\x73", + 0x15e: "\x53", + 0x15f: "\x73", + 0x162: "\x54", + 0x163: "\x74", + 0x164: "\x54", + 0x165: "\x74", + 0x166: "\x54", + 0x167: "\x74", + 0x168: "\x55", + 0x169: "\x75", + 0x16a: "\x55", + 0x16b: "\x75", + 0x16c: "\x55", + 0x16d: "\x75", + 0x16e: "\x55", + 0x16f: "\x75", + 0x170: "\x55", + 0x171: "\x75", + 0x172: "\x55", + 0x173: "\x75", + 0x174: "\x57", + 0x175: "\x77", + 0x176: "\x59", + 0x177: "\x79", + 0x178: "\ufffd", + 0x179: "\x5a", + 0x17a: "\x7a", + 0x17b: "\x5a", + 0x17c: "\x7a", + 0x17f: "\x3f", + 0x180: "\x62", + 0x189: "\ufffd", + 0x197: "\x49", + 0x19a: "\x6c", + 0x1a1: "\x6f", + 0x1ab: "\x74", + 0x1ae: "\x54", + 0x1af: "\x55", + 0x1b0: "\x75", + 0x1b6: "\x7a", + 0x1c0: "\x7c", + 0x1c3: "\x21", + 0x1cd: "\x41", + 0x1ce: "\x61", + 0x1cf: "\x49", + 0x1d0: "\x69", + 0x1d1: "\x4f", + 0x1d2: "\x6f", + 0x1d3: "\x55", + 0x1d4: "\x75", + 0x1d5: "\x55", + 0x1d6: "\x75", + 0x1d7: "\x55", + 0x1d8: "\x75", + 0x1d9: "\x55", + 0x1da: "\x75", + 0x1db: "\x55", + 0x1dc: "\x75", + 0x1dd: "\x3f", + 0x1de: "\x41", + 0x1df: "\x61", + 0x1e4: "\x47", + 0x1e5: "\x67", + 0x1e6: "\x47", + 0x1e7: "\x67", + 0x1e8: "\x4b", + 0x1e9: "\x6b", + 0x1ea: "\x4f", + 0x1eb: "\x6f", + 0x1ec: "\x4f", + 0x1ed: "\x6f", + 0x1f0: "\x6a", + 0x261: "\x67", + 0x2b9: "\x27", + 0x2ba: "\x22", + 0x2bb: "\x3f", + 0x2bc: "\x27", + 0x2c4: "\x5e", + 0x2c5: "\x3f", + 0x2c6: "\ufffd", + 0x2c7: "\x3f", + 0x2c8: "\x27", + 0x2cb: "\x60", + 0x2cc: "\x3f", + 0x2cd: "\x5f", + 0x2da: "\ufffd", + 0x2db: "\x3f", + 0x2dc: "\ufffd", + 0x300: "\x60", + 0x301: "\ufffd", + 0x302: "\x5e", + 0x303: "\x7e", + 0x308: "\ufffd", + 0x309: "\x3f", + 0x30a: "\ufffd", + 0x30e: "\x22", + 0x327: "\ufffd", + 0x37e: "\x3b", + 0x393: "\x47", + 0x398: "\x54", + 0x3a3: "\x53", + 0x3a6: "\x46", + 0x3a9: "\x4f", + 0x3b1: "\x61", + 0x3b2: "\ufffd", + 0x3b3: "\x3f", + 0x3b4: "\x64", + 0x3b5: "\x65", + 0x3bc: "\ufffd", + 0x3c0: "\x70", + 0x3c3: "\x73", + 0x3c4: "\x74", + 0x3c5: "\x3f", + 0x3c6: "\x66", + 0x4bb: "\x68", + 0x589: "\x3a", + 0x66a: "\x25", + 0x2012: "\x3f", + 0x2017: "\x3d", + 0x201b: "\x3f", + 0x201f: "\x3f", + 0x2023: "\x3f", + 0x2024: "\ufffd", + 0x2025: "\x3f", + 0x2026: "\ufffd", + 0x2030: "\ufffd", + 0x2031: "\x3f", + 0x2032: "\x27", + 0x2035: "\x60", + 0x2044: "\x2f", + 0x2070: "\ufffd", + 0x2074: "\x34", + 0x2075: "\x35", + 0x2076: "\x36", + 0x2077: "\x37", + 0x2078: "\x38", + 0x207f: "\x6e", + 0x2080: "\x30", + 0x2081: "\x31", + 0x2082: "\x32", + 0x2083: "\x33", + 0x2084: "\x34", + 0x2085: "\x35", + 0x2086: "\x36", + 0x2087: "\x37", + 0x2088: "\x38", + 0x2089: "\x39", + 0x20a1: "\ufffd", + 0x20a4: "\ufffd", + 0x20a7: "\x50", + 0x20ac: "\ufffd", + 0x2102: "\x43", + 0x2107: "\x45", + 0x210a: "\x67", + 0x210e: "\x68", + 0x210f: "\x3f", + 0x2112: "\x4c", + 0x2113: "\x6c", + 0x2114: "\x3f", + 0x2115: "\x4e", + 0x211a: "\x51", + 0x2122: "\ufffd", + 0x2123: "\x3f", + 0x2124: "\x5a", + 0x2128: "\x5a", + 0x2129: "\x3f", + 0x212a: "\x4b", + 0x212b: "\ufffd", + 0x212c: "\x42", + 0x212d: "\x43", + 0x2130: "\x45", + 0x2131: "\x46", + 0x2132: "\x3f", + 0x2133: "\x4d", + 0x2134: "\x6f", + 0x2205: "\ufffd", + 0x2212: "\x2d", + 0x2213: "\ufffd", + 0x2214: "\x3f", + 0x2215: "\x2f", + 0x2216: "\x5c", + 0x2217: "\x2a", + 0x221a: "\x76", + 0x221e: "\x38", + 0x2223: "\x7c", + 0x2229: "\x6e", + 0x2236: "\x3a", + 0x223c: "\x7e", + 0x2248: "\ufffd", + 0x2261: "\x3d", + 0x22c5: "\ufffd", + 0x2302: "\ufffd", + 0x2303: "\x5e", + 0x2310: "\ufffd", + 0x2320: "\x28", + 0x2321: "\x29", + 0x2329: "\x3c", + 0x232a: "\x3e", + 0x2500: "\x2d", + 0x2501: "\x3f", + 0x2502: "\ufffd", + 0x250c: "\x2b", + 0x2510: "\x2b", + 0x2514: "\x2b", + 0x2518: "\x2b", + 0x251c: "\x2b", + 0x2524: "\ufffd", + 0x252c: "\x2d", + 0x2534: "\x2d", + 0x253c: "\x2b", + 0x2550: "\x2d", + 0x2551: "\ufffd", + 0x2580: "\ufffd", + 0x2584: "\x5f", + 0x2588: "\ufffd", + 0x258c: "\ufffd", + 0x25a0: "\ufffd", + 0x263c: "\ufffd", + 0x2758: "\x7c", + 0x3000: "\x20", + 0x3008: "\x3c", + 0x3009: "\x3e", + 0x301a: "\x5b", + 0x301b: "\x5d", + 0x30fb: "\ufffd", + 0xff01: "\x21", + 0xff02: "\x22", + 0xff03: "\x23", + 0xff04: "\x24", + 0xff05: "\x25", + 0xff06: "\x26", + 0xff07: "\x27", + 0xff08: "\x28", + 0xff09: "\x29", + 0xff0a: "\x2a", + 0xff0b: "\x2b", + 0xff0c: "\x2c", + 0xff0d: "\x2d", + 0xff0e: "\x2e", + 0xff0f: "\x2f", + 0xff10: "\x30", + 0xff11: "\x31", + 0xff12: "\x32", + 0xff13: "\x33", + 0xff14: "\x34", + 0xff15: "\x35", + 0xff16: "\x36", + 0xff17: "\x37", + 0xff18: "\x38", + 0xff19: "\x39", + 0xff1a: "\x3a", + 0xff1b: "\x3b", + 0xff1c: "\x3c", + 0xff1d: "\x3d", + 0xff1e: "\x3e", + 0xff1f: "\x3f", + 0xff20: "\x40", + 0xff21: "\x41", + 0xff22: "\x42", + 0xff23: "\x43", + 0xff24: "\x44", + 0xff25: "\x45", + 0xff26: "\x46", + 0xff27: "\x47", + 0xff28: "\x48", + 0xff29: "\x49", + 0xff2a: "\x4a", + 0xff2b: "\x4b", + 0xff2c: "\x4c", + 0xff2d: "\x4d", + 0xff2e: "\x4e", + 0xff2f: "\x4f", + 0xff30: "\x50", + 0xff31: "\x51", + 0xff32: "\x52", + 0xff33: "\x53", + 0xff34: "\x54", + 0xff35: "\x55", + 0xff36: "\x56", + 0xff37: "\x57", + 0xff38: "\x58", + 0xff39: "\x59", + 0xff3a: "\x5a", + 0xff3b: "\x5b", + 0xff3c: "\x5c", + 0xff3d: "\x5d", + 0xff3e: "\x5e", + 0xff3f: "\x5f", + 0xff40: "\x60", + 0xff41: "\x61", + 0xff42: "\x62", + 0xff43: "\x63", + 0xff44: "\x64", + 0xff45: "\x65", + 0xff46: "\x66", + 0xff47: "\x67", + 0xff48: "\x68", + 0xff49: "\x69", + 0xff4a: "\x6a", + 0xff4b: "\x6b", + 0xff4c: "\x6c", + 0xff4d: "\x6d", + 0xff4e: "\x6e", + 0xff4f: "\x6f", + 0xff50: "\x70", + 0xff51: "\x71", + 0xff52: "\x72", + 0xff53: "\x73", + 0xff54: "\x74", + 0xff55: "\x75", + 0xff56: "\x76", + 0xff57: "\x77", + 0xff58: "\x78", + 0xff59: "\x79", + 0xff5a: "\x7a", + 0xff5b: "\x7b", + 0xff5c: "\x7c", + 0xff5d: "\x7d", + 0xff5e: "\x7e" +}; + +{ + let Range = class { + constructor(start, end, data) { + this.start = start; + this.end = end; + this.data = data; + } + }; + + XSS.ASPIdiocy.ranges = [ + new Range(0x80, 0xff, "\ufffd"), + new Range(0x132, 0x133, "\x3f"), + new Range(0x13f, 0x140, "\x3f"), + new Range(0x149, 0x14b, "\x3f"), + new Range(0x152, 0x153, "\ufffd"), + new Range(0x160, 0x161, "\ufffd"), + new Range(0x17d, 0x17e, "\ufffd"), + new Range(0x181, 0x188, "\x3f"), + new Range(0x18a, 0x190, "\x3f"), + new Range(0x191, 0x192, "\ufffd"), + new Range(0x193, 0x196, "\x3f"), + new Range(0x198, 0x199, "\x3f"), + new Range(0x19b, 0x19e, "\x3f"), + new Range(0x19f, 0x1a0, "\x4f"), + new Range(0x1a2, 0x1aa, "\x3f"), + new Range(0x1ac, 0x1ad, "\x3f"), + new Range(0x1b1, 0x1b5, "\x3f"), + new Range(0x1b7, 0x1bf, "\x3f"), + new Range(0x1c1, 0x1c2, "\x3f"), + new Range(0x1c4, 0x1cc, "\x3f"), + new Range(0x1e0, 0x1e3, "\x3f"), + new Range(0x1ee, 0x1ef, "\x3f"), + new Range(0x1f1, 0x260, "\x3f"), + new Range(0x262, 0x2b8, "\x3f"), + new Range(0x2bd, 0x2c3, "\x3f"), + new Range(0x2c9, 0x2ca, "\ufffd"), + new Range(0x2ce, 0x2d9, "\x3f"), + new Range(0x2dd, 0x2ff, "\x3f"), + new Range(0x304, 0x305, "\ufffd"), + new Range(0x306, 0x307, "\x3f"), + new Range(0x30b, 0x30d, "\x3f"), + new Range(0x30f, 0x326, "\x3f"), + new Range(0x328, 0x330, "\x3f"), + new Range(0x331, 0x332, "\x5f"), + new Range(0x333, 0x37d, "\x3f"), + new Range(0x37f, 0x392, "\x3f"), + new Range(0x394, 0x397, "\x3f"), + new Range(0x399, 0x3a2, "\x3f"), + new Range(0x3a4, 0x3a5, "\x3f"), + new Range(0x3a7, 0x3a8, "\x3f"), + new Range(0x3aa, 0x3b0, "\x3f"), + new Range(0x3b6, 0x3bb, "\x3f"), + new Range(0x3bd, 0x3bf, "\x3f"), + new Range(0x3c1, 0x3c2, "\x3f"), + new Range(0x3c7, 0x4ba, "\x3f"), + new Range(0x4bc, 0x588, "\x3f"), + new Range(0x58a, 0x669, "\x3f"), + new Range(0x66b, 0x1fff, "\x3f"), + new Range(0x2000, 0x2006, "\x20"), + new Range(0x2007, 0x200f, "\x3f"), + new Range(0x2010, 0x2011, "\x2d"), + new Range(0x2013, 0x2014, "\ufffd"), + new Range(0x2015, 0x2016, "\x3f"), + new Range(0x2018, 0x201a, "\ufffd"), + new Range(0x201c, 0x201e, "\ufffd"), + new Range(0x2020, 0x2022, "\ufffd"), + new Range(0x2027, 0x202f, "\x3f"), + new Range(0x2033, 0x2034, "\x3f"), + new Range(0x2036, 0x2038, "\x3f"), + new Range(0x2039, 0x203a, "\ufffd"), + new Range(0x203b, 0x2043, "\x3f"), + new Range(0x2045, 0x206f, "\x3f"), + new Range(0x2071, 0x2073, "\x3f"), + new Range(0x2079, 0x207e, "\x3f"), + new Range(0x208a, 0x20a0, "\x3f"), + new Range(0x20a2, 0x20a3, "\x3f"), + new Range(0x20a5, 0x20a6, "\x3f"), + new Range(0x20a8, 0x20ab, "\x3f"), + new Range(0x20ad, 0x2101, "\x3f"), + new Range(0x2103, 0x2106, "\x3f"), + new Range(0x2108, 0x2109, "\x3f"), + new Range(0x210b, 0x210d, "\x48"), + new Range(0x2110, 0x2111, "\x49"), + new Range(0x2116, 0x2117, "\x3f"), + new Range(0x2118, 0x2119, "\x50"), + new Range(0x211b, 0x211d, "\x52"), + new Range(0x211e, 0x2121, "\x3f"), + new Range(0x2125, 0x2127, "\x3f"), + new Range(0x212e, 0x212f, "\x65"), + new Range(0x2135, 0x2204, "\x3f"), + new Range(0x2206, 0x2211, "\x3f"), + new Range(0x2218, 0x2219, "\ufffd"), + new Range(0x221b, 0x221d, "\x3f"), + new Range(0x221f, 0x2222, "\x3f"), + new Range(0x2224, 0x2228, "\x3f"), + new Range(0x222a, 0x2235, "\x3f"), + new Range(0x2237, 0x223b, "\x3f"), + new Range(0x223d, 0x2247, "\x3f"), + new Range(0x2249, 0x2260, "\x3f"), + new Range(0x2262, 0x2263, "\x3f"), + new Range(0x2264, 0x2265, "\x3d"), + new Range(0x2266, 0x2269, "\x3f"), + new Range(0x226a, 0x226b, "\ufffd"), + new Range(0x226c, 0x22c4, "\x3f"), + new Range(0x22c6, 0x2301, "\x3f"), + new Range(0x2304, 0x230f, "\x3f"), + new Range(0x2311, 0x231f, "\x3f"), + new Range(0x2322, 0x2328, "\x3f"), + new Range(0x232b, 0x24ff, "\x3f"), + new Range(0x2503, 0x250b, "\x3f"), + new Range(0x250d, 0x250f, "\x3f"), + new Range(0x2511, 0x2513, "\x3f"), + new Range(0x2515, 0x2517, "\x3f"), + new Range(0x2519, 0x251b, "\x3f"), + new Range(0x251d, 0x2523, "\x3f"), + new Range(0x2525, 0x252b, "\x3f"), + new Range(0x252d, 0x2533, "\x3f"), + new Range(0x2535, 0x253b, "\x3f"), + new Range(0x253d, 0x254f, "\x3f"), + new Range(0x2552, 0x255d, "\x2b"), + new Range(0x255e, 0x2563, "\ufffd"), + new Range(0x2564, 0x2569, "\x2d"), + new Range(0x256a, 0x256c, "\x2b"), + new Range(0x256d, 0x257f, "\x3f"), + new Range(0x2581, 0x2583, "\x3f"), + new Range(0x2585, 0x2587, "\x3f"), + new Range(0x2589, 0x258b, "\x3f"), + new Range(0x258d, 0x258f, "\x3f"), + new Range(0x2590, 0x2593, "\ufffd"), + new Range(0x2594, 0x259f, "\x3f"), + new Range(0x25a1, 0x263b, "\x3f"), + new Range(0x263d, 0x2757, "\x3f"), + new Range(0x2759, 0x2fff, "\x3f"), + new Range(0x3001, 0x3007, "\x3f"), + new Range(0x300a, 0x300b, "\ufffd"), + new Range(0x300c, 0x3019, "\x3f"), + new Range(0x301c, 0x30fa, "\x3f"), + new Range(0x30fc, 0xff00, "\x3f") + ]; +} diff --git a/src/xss/Exceptions.js b/src/xss/Exceptions.js new file mode 100644 index 0000000..4e80c39 --- /dev/null +++ b/src/xss/Exceptions.js @@ -0,0 +1,238 @@ +'use strict'; + +XSS.Exceptions = (() => { + + var Exceptions = { + get legacyExceptions() { + delete this.legacyExceptions; + this.legacyExceptions = + Legacy.getRxPref("filterXExceptions", + Legacy.RX.multi, "g", /^https?:[a-z:/@.?-]*$/i); + return this.legacyExceptions; + }, + + async getWhitelist() { + return (await Storage.get("sync", "xssWhitelist")).xssWhitelist; + }, + async setWhitelist(xssWhitelist) { + await Storage.set("sync", {xssWhitelist}); + }, + + async shouldIgnore(xssReq) { + function logEx(...args) { + debug("[XSS preprocessing] Ignoring %o", xssReq, ...args); + } + + let { + srcObj, + destObj, + srcUrl, + destUrl, + srcOrigin, + destOrigin, + unescapedDest, + isGet, + isPost + } = xssReq; + + // same srcUrl + if (srcOrigin === destOrigin) { + return true; + } + + // same domain + https: source + if (/^https:/.test(srcOrigin) && xssReq.srcDomain === xssReq.destDomain) { + return true; + } + + if (/^(?:chrome|resource|moz-extension|about):/.test(srcOrigin)) { + debug("Privileged origin", srcOrigin); + } + + // destination or @source matching legacy regexp + if (this.legacyExceptions.test(unescapedDest) && + !this.isBadException(destObj.hostname) || + this.legacyExceptions.test("@" + unescape(srcUrl))) { + logEx("Legacy exception", this.legacyExceptions); + return true; + } + + if (!srcObj && isGet) { + if (/^https?:\/\/msdn\.microsoft\.com\/query\/[^<]+$/.test(unescapedDest)) { + return true; // MSDN from Microsoft VS + } + } + + if (srcOrigin) { // srcUrl-specific exceptions + + if (/^about:(?!blank)/.test(srcOrigin)) + return true; // any about: URL except about:blank + + if (srcOrigin === "https://www.youtube.com" && + /^https:\/\/(?:plus\.googleapis|apis\.google)\.com\/[\w/]+\/widget\/render\/comments\?/.test(destUrl) && + Legacy.getPref("filterXExceptions.yt_comments") + ) { + logEx("YouTube comments exception"); + return true; + } + + if (isPost) { + + if (srcOrigin === "https://sso.post.ch" && destOrigin === "https://app.swisspost.ch") { + return true; + } + + if (srcOrigin === "https://twitter.com" && /^https:\/\/.*\.twitter\.com$/.test(destOrigin)) { + return true; + } + + { + let rx = /^https:\/\/(?:[a-z]+\.)?unionbank\.com$/; + if (rx.test(srcOrigin) && rx.test(destOrigin)) { + return true; + } + } + + if (/^https?:\/\/csr\.ebay\.(?:\w{2,3}|co\.uk)\/cse\/start\.jsf$/.test(srcUrl) && + /^https?:\/\/msa-lfn\.ebay\.(?:\w{2,3}|co\.uk)\/ws\/eBayISAPI\.dll\?[^<'"%]*$/.test(unescapedDest) && + destObj.protocol === srcObj.protocol && + Legacy.getPref("filterXException.ebay")) { + logEx("Ebay exception"); + return true; + } + + if (/^https:\/\/(?:cap\.securecode\.com|www\.securesuite\.net|(?:.*?\.)?firstdata\.(?:l[tv]|com))$/.test(srcUrl) && + Legacy.getPref("filterXException.visa")) { + logEx("Verified by Visa exception"); + return true; + } + + if (/\.verizon\.com$/.test(srcOrigin) && + /^https:\/\/signin\.verizon\.com\/sso\/authsso\/forumLogin\.jsp$/.test(destUrl) && + Legacy.getPref("filterXExceptions.verizon")) { + logEx("Verizon login exception"); + return true; + } + + if (/^https?:\/\/mail\.lycos\.com\/lycos\/mail\/MailCompose\.lycos$/.test(srcUrl) && + /\.lycosmail\.lycos\.com$/.test(destOrigin) && + Legacy.getPref("filterXExceptions.lycosmail")) { + logEx("Lycos Mail exception"); + return true; + } + + if (/\.livejournal\.com$/.test(srcOrigin) && + /^https?:\/\/www\.livejournal\.com\/talkpost_do\.bml$/.test(destUrl) && + Legacy.getPref("filterXExceptions.livejournal")) { + logEx("Livejournal comments exception"); + return true; + } + + if (srcOrigin == "https://ssl.rapidshare.com" && + xssReq.srcDomain == "rapidshare.com") { + logEx("Rapidshare upload exception"); + return true; + } + + if (srcOrigin == "http://wm.letitbit.net" && + /^http:\/\/http\.letitbit\.net:81\/cgi-bin\/multi\/upload\.cgi\?/.test(destUrl) && + Legacy.getPref("filterXExceptions.letitibit") + ) { + logEx("letitbit.net upload exception"); + return true; + } + + if (/\.deviantart\.com$/.test(srcOrigin) && + /^http:\/\/my\.deviantart\.com\/journal\/update\b/.test(destUrl) && + Legacy.getPref("filterXExceptions.deviantart") + ) { + logEx("deviantart.com journal post exception"); + return true; + } + + if (srcOrigin == "https://www.mymedicare.gov" && + destOrigin == "https://myporal.medicare.gov" && + Legacy.getPref("filterXExceptions.medicare") + ) { + logEx("mymedicare.gov exception"); + return true; + } + + if (/^https?:\/\/(?:draft|www)\.blogger\.com\/template-editor\.g\?/.test(srcUrl) && + /^https?:\/\/[\w\-]+\.blogspot\.com\/b\/preview\?/.test(destUrl) && + Legacy.getPref("filterXExceptions.blogspot") + ) { + logEx("blogspot.com template preview exception"); + return true; + } + + if (/^https?:\/\/www\.readability\.com\/articles\/queue$/.test(destUrl) && + Legacy.getPref("filterXExceptions.readability")) { + logEx("Readability exception"); + return true; + } + + if (/^https?:\/\/pdf\.printfriendly\.com\/pdfs\/make$/.test(destUrl) && + Legacy.getPref("filterXExceptions.printfriendly")) { + logEx("Printfriendly exception"); + return true; + } + } + } + }, + + isBadException(host) { + // TLD check for Google search + let m = host.match(/\bgoogle\.((?:[a-z]{1,3}\.)?[a-z]+)$/i); + return m && tld.getPublicSuffix(host) != m[1]; + }, + + partial(xssReq) { + let { + srcObj, + destObj, + srcUrl, + destUrl, + srcOrigin, + destOrigin, + } = xssReq; + + let skipParams, skipRx; + if (/^https:\/\/www\.paypal\.com\/(?:[\w\-]+\/)?cgi-bin\/webscr\b/.test(destUrl)) { + // Paypal buttons encrypted parameter causes a DOS, strip it out + skipParams = ['encrypted']; + } else if (/\.adnxs\.com$/.test(srcOrigin) && /\.adnxs\.com$/.test(destOrigin)) { + skipParams = ['udj']; + } else if (/^https?:\/\/www\.mendeley\.com\/import\/bookmarklet\/$/.test(destUrl)) { + skipParams = ['html']; + } else if (destObj.hash && /^https:/.test(srcOrigin) && + (/^https?:\/\/api\.facebook\.com\//.test(srcUrl) || + /^https:\/\/tbpl\.mozilla\.org\//.test(srcUrl) || // work-around for hg reftest DOS + /^https:\/\/[^\/]+\.googleusercontent\.com\/gadgets\/ifr\?/.test(destUrl) // Google gadgets + )) { + skipRx = /#[^#]+$/; // remove receiver's hash + } else if (/^https?:\/\/apps\.facebook\.com\//.test(srcUrl) && Legacy.getPref("filterXExceptions.fbconnect")) { + skipRx = /&invite_url=javascript[^&]+/; // Zynga stuff + } else if (/^https?:\/\/l\.yimg\.com\/j\/static\/frame\?e=/.test(destUrl) && + /\.yahoo\.com$/.test(srcOrigin) && + Legacy.getPref("filterXExceptions.yahoo")) { + skipParams = ['e']; + } else if (/^https?:\/\/wpcomwidgets\.com\/\?/.test(destUrl)) { + skipParams = ["_data"]; + } else if (/^https:\/\/docs\.google\.com\/picker\?/.test(destUrl)) { + skipParams = ["nav", "pp"]; + } else if (/^https:\/\/.*[\?&]scope=/.test(destUrl)) { + skipRx = /[\?&]scope=[+\w]+(?=&|$)/; + } + if (skipParams) { + skipRx = new RegExp("(?:^|[&?])(?:" + skipParams.join('|') + ")=[^&]+", "g"); + } + return { + skipParams, + skipRx + }; + } + + }; + return Exceptions; +})(); diff --git a/src/xss/FlashIdiocy.js b/src/xss/FlashIdiocy.js new file mode 100644 index 0000000..c6835b1 --- /dev/null +++ b/src/xss/FlashIdiocy.js @@ -0,0 +1,147 @@ +'use strict'; + +XSS.FlashIdiocy = { + _affectsRx: /%(?:[8-9a-f]|[0-7]?[^0-9a-f])/i, // high (non-ASCII) percent encoding or invalid second digit + affects(s) { + return this._affectsRx.test(s); + }, + + purgeBadEncodings(s) { + return s.replace(/%(?:[0-9a-f]?(?:[^0-9a-f]|$))/ig, ""); + }, + + platformDecode(s) { + return s.replace(/%[8-9a-f][0-9a-f]/ig, s => this.map[s.substring(1).toLowerCase()]); + }, + + map: { + "80": "?", + "81": "", + "82": "?", + "83": "?", + "84": "?", + "85": "?", + "86": "?", + "87": "?", + "88": "?", + "89": "?", + "8a": "?", + "8b": "?", + "8c": "?", + "8d": "", + "8e": "?", + "8f": "", + "90": "", + "91": "?", + "92": "?", + "93": "?", + "94": "?", + "95": "?", + "96": "?", + "97": "?", + "98": "?", + "99": "?", + "9a": "?", + "9b": "?", + "9c": "?", + "9d": "", + "9e": "?", + "9f": "?", + "a0": " ", + "a1": "¡", + "a2": "¢", + "a3": "£", + "a4": "¤", + "a5": "¥", + "a6": "¦", + "a7": "§", + "a8": "¨", + "a9": "©", + "aa": "ª", + "ab": "«", + "ac": "¬", + "ad": "", + "ae": "®", + "af": "¯", + "b0": "°", + "b1": "±", + "b2": "²", + "b3": "³", + "b4": "´", + "b5": "µ", + "b6": "¶", + "b7": "·", + "b8": "¸", + "b9": "¹", + "ba": "º", + "bb": "»", + "bc": "¼", + "bd": "½", + "be": "¾", + "bf": "¿", + "c0": "À", + "c1": "Á", + "c2": "Â", + "c3": "Ã", + "c4": "Ä", + "c5": "Å", + "c6": "Æ", + "c7": "Ç", + "c8": "È", + "c9": "É", + "ca": "Ê", + "cb": "Ë", + "cc": "Ì", + "cd": "Í", + "ce": "Î", + "cf": "Ï", + "d0": "Ð", + "d1": "Ñ", + "d2": "Ò", + "d3": "Ó", + "d4": "Ô", + "d5": "Õ", + "d6": "Ö", + "d7": "×", + "d8": "Ø", + "d9": "Ù", + "da": "Ú", + "db": "Û", + "dc": "Ü", + "dd": "Ý", + "de": "Þ", + "df": "ß", + "e0": "à", + "e1": "á", + "e2": "â", + "e3": "ã", + "e4": "ä", + "e5": "å", + "e6": "æ", + "e7": "ç", + "e8": "è", + "e9": "é", + "ea": "ê", + "eb": "ë", + "ec": "ì", + "ed": "í", + "ee": "î", + "ef": "ï", + "f0": "ð", + "f1": "ñ", + "f2": "ò", + "f3": "ó", + "f4": "ô", + "f5": "õ", + "f6": "ö", + "f7": "÷", + "f8": "ø", + "f9": "ù", + "fa": "ú", + "fb": "û", + "fc": "ü", + "fd": "ý", + "fe": "þ", + "ff": "ÿ", + } +}; diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js new file mode 100644 index 0000000..9617e3d --- /dev/null +++ b/src/xss/InjectionChecker.js @@ -0,0 +1,1199 @@ +debug("Initializing InjectionChecker"); +XSS.InjectionChecker = (async () => { + await include([ + "/lib/Base64.js", + "/xss/FlashIdiocy.js", + "/xss/ASPIdiocy.js"] + ); + + var {FlashIdiocy, ASPIdiocy} = XSS; + + const wordCharRx = /\w/g; + + function fuzzify(s) { + return s.replace(wordCharRx, '\\W*(?:/[*/][^]*)?$&'); + } + + const IC_COMMENT_PATTERN = '\\s*(?:\\/[\\/\\*][^]+)?'; + const IC_WINDOW_OPENER_PATTERN = fuzzify("alert|confirm|prompt|open(?:URL)?|print|show") + "\\w*" + fuzzify("Dialog"); + const IC_EVAL_PATTERN = "\\b(?:" + + fuzzify('eval|import|set(?:Timeout|Interval)|(?:f|F)unction|Script|toString|Worker|document|constructor|generateCRMFRequest|jQuery|fetch|write(?:ln)?|__(?:define(?:S|G)etter|noSuchMethod)__|definePropert(?:y|ies)') + + "|\\$|" + IC_WINDOW_OPENER_PATTERN + ")\\b"; + const IC_EVENT_PATTERN = "on(?:p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n)|positioned)|state))|a(?:ge(?:hide|show)|(?:st|us)e)|ush(?:subscriptionchange)?|ro(?:cessorerror|gress)|lay(?:ing)?|hoto)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|m(?:o(?:z(?:pointerlock(?:change|error)|fullscreen(?:change|error)|key(?:down|up)onplugin|accesskeynotfound|orientationchange)|use(?:l(?:ongtap|eave)|o(?:ver|ut)|enter|wheel|down|move|up))|(?:idimessag|ut)e|essage(?:error)?|ark)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rollerchange|extmenu)|nect(?:ionavailable)?)|py)|h(?:(?:arging(?:time)?ch)?ange|ecking)|a(?:n(?:play(?:through)?|cel)|ched)|u(?:echange|t)|l(?:ick|ose))|s(?:ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|t)|h(?:ipping(?:address|option)change|ow)|t(?:a(?:techange|lled|rt)|o(?:rage|p))|u(?:ccess|spend|bmit)|peech(?:start|end)|croll)|d(?:r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|leave|start|drop|over)?|in)|op)|evice(?:(?:orienta|mo)tion|proximity|change|light)|(?:ischargingtime|uration)change|ata(?:available)?|ownloading|blclick)|a(?:nimation(?:iteration|cancel|start|end)|u(?:dio(?:process|start|end)|xclick)|b(?:solutedeviceorientation|ort)|fter(?:scriptexecute|print)|dd(?:sourcebuffer|track)|ppinstalled|ctivate)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:ourcetimingbufferfull|ponseprogress|u(?:lt|me)|ize|et)|move(?:sourcebuffer|track)|adystatechange|pea(?:tEven)?t|questprogress)|atechange)|w(?:ebkit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|a(?:iting(?:forkey)?|rning)|heel)|v(?:rdisplay(?:(?:presentchang|activat)e|d(?:eactivate|isconnect)|connect)|o(?:iceschanged|lumechange)|(?:isibility|ersion)change)|b(?:e(?:fore(?:p(?:aste|rint)|scriptexecute|c(?:opy|ut)|unload)|gin(?:Event)?)|ufferedamountlow|l(?:ocked|ur)|roadcast|oundary)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ransition(?:cancel|start|end|run)|ime(?:update|out)|e(?:rminate|xt)|ypechange)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|stpointercapture)|(?:anguage|evel)change|y)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|n(?:derflow|load|mute)|serproximity)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|otpointercapture|et)|o(?:(?:rientationchang|(?:ff|n)lin|bsolet)e|verflow|pen)|e(?:n(?:d(?:Event|ed)?|crypted|ter)|mptied|rror|xit)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|no(?:tificationcl(?:ick|ose)|update|match)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:statuseschange|press|down|up)|(?:CheckboxStateC|hashc)hange|R(?:adioStateChange|equest)|in(?:stall|valid|put)|AppCommand|zoom)" + // autogenerated from nsGkAtomList.h + ; + const IC_EVENT_DOS_PATTERN = + "\\b(?:" + IC_EVENT_PATTERN + ")[^]*=[^]*\\b(?:" + IC_WINDOW_OPENER_PATTERN + ")\\b" + + "|\\b(?:" + IC_WINDOW_OPENER_PATTERN + ")\\b[^]+\\b(?:" + IC_EVENT_PATTERN + ")[^]*="; + + var InjectionChecker = { + reset: function() { + + this.isPost = + this.base64 = + this.nameAssignment = false; + + this.base64tested = []; + + }, + + fuzzify: fuzzify, + syntax: new SyntaxChecker(), + _log: function(msg, t, i) { + if (msg) msg = this._printable(msg); + if (t) msg += " - TIME: " + (Date.now() - t); + if (i) msg += " - ITER: " + i; + debug("[InjectionChecker]", msg); + }, + + _printable: function(msg) { + return msg.toString().replace(/[^\u0020-\u007e]/g, function(s) { + return "{" + s.charCodeAt(0).toString(16) + "}"; + }); + }, + log: function() {}, + get logEnabled() { + return this.log == this._log; + }, + set logEnabled(v) { + this.log = v ? this._log : function() {}; + }, + + escalate: function(msg) { + this.log(msg); + log("[InjectionChecker] ", msg); + }, + + bb: function(brac, s, kets) { + for (var j = 3; j-- > 0;) { + s = brac + s + kets; + if (this.checkJSSyntax(s)) return true; + } + return false; + }, + + checkJSSyntax(s) { + // bracket balancing for micro injections like "''), e v a l (name,''" + if (/^(?:''|"")?[^\('"]*\)/.test(s)) return this.bb("x(\n", s, "\n)"); + if (/^(?:''|"")?[^\['"]*\\]/.test(s)) return this.bb("y[\n", s, "\n]"); + if (/^(?:''|"")?[^\{'"]*\}/.test(s)) return this.bb("function z() {\n", s, "\n}"); + + let syntax = this.syntax; + s += " /* COMMENT_TERMINATOR */\nDUMMY_EXPR"; + if (syntax.check(s)) { + this.log("Valid fragment " + s); + return true; + } + return false; + }, + + checkTemplates(script) { + let templateExpressions = script.replace(/[[\]{}]/g, ";"); + return templateExpressions !== script && + (this.maybeMavo(script) || + (this.maybeJS(templateExpressions, true) && + (this.syntax.check(templateExpressions) || + /[^><=]=[^=]/.test(templateExpressions) && this.syntax.check( + templateExpressions.replace(/([^><=])=(?=[^=])/g, '$1==')) + ))); + }, + + maybeMavo(s) { + return /\[[^]*\([^]*\)[^]*\]/.test(s) && /\b(?:and|or|mod|\$url\b)/.test(s) && + this.maybeJS(s.replace(/\b(?:and|or|mod|[[\]])/g, ',').replace(/\$url\b/g, 'location'), true); + }, + get breakStops() { + var def = "\\/\\?&#;\\s\\x00}<>"; // we stop on URL, JS and HTML delimiters + var bs = { + nq: new RegExp("[" + def + "]") + }; + Array.forEach("'\"`", // special treatment for quotes + function(c) { + bs[c] = new RegExp("[" + def + c + "]"); + } + ); + delete this.breakStops; + return (this.breakStops = bs); + }, + + collapseChars: (s) => s.replace(/\;+/g, ';').replace(/\/{4,}/g, '////') + .replace(/\s+/g, (s) => /\n/g.test(s) ? '\n' : ' '), + + _reduceBackslashes: (bs) => bs.length % 2 ? "\\" : "", + + reduceQuotes: function(s) { + if (s[0] == '/') { + // reduce common leading path fragment resembling a regular expression or a comment + s = s.replace(/^\/[^\/\n\r]+\//, '_RX_').replace(/^\/\/[^\r\n]*/, '//_COMMENT_'); + } + + if (/\/\*/.test(s) || // C-style comments, would make everything really tricky + /\w\s*(\/\/[\s\S]*)?\[[\s\S]*\w[\s\S]*\]/.test(s)) { // property accessors, risky + return s; + } + + if (/['"\/]/.test(s)) { + + // drop noisy backslashes + s = s.replace(/\\{2,}/g, this._reduceBackslashes); + + // drop escaped quotes + s = s.replace(/\\["'\/]/g, " EQ "); + var expr; + for (;;) { + expr = s.replace(/(^[^'"\/]*[;,\+\-=\(\[]\s*)\/[^\/]+\//g, "$1 _RX_ ") + .replace(/(^[^'"\/]*)(["']).*?\2/g, "$1 _QS_ "); + if (expr == s) break; + s = expr; + } + } + + // remove c++ style comments + return s.replace(/^([^'"`\\]*?)\/\/[^\r\n]*/g, "$1//_COMMENT_"); + }, + + reduceURLs: function(s) { + // nested URLs with protocol are parsed as C++ style comments, and since + // they're potentially very expensive, we preemptively remove them if possible + while (/^[^'"]*?:\/\//.test(s)) { + s = s.replace(/:\/\/[^*\s]*/, ':'); + } + s = s.replace(/:\/\/[^'"*\n]*/g, ':'); + + return (/\bhttps?:$/.test(s) && !/\bh\W*t\W*t\W*p\W*s?.*=/.test(s)) ? + s.replace(/\b(?:[\w.]+=)?https?:$/, '') : + s; + }, + + reduceJSON(s) { + const REPL = 'J'; + const toStringRx = /^function\s*toString\(\)\s*{\s*\[native code\]\s*\}$/; + + // optimistic case first, one big JSON block + let m = s.match(/{[^]+}|\[[^]*{[^]+}[^]*\]/); + if (!m) return s; + + // semicolon-separated JSON chunks, like on syndication.twitter.com + if (/}\s*;\s*{/.test(s)) s = s.split(";").map(chunk => this.reduceJSON(chunk)).join(";"); + + let [expr] = m; + try { + if (toStringRx.test(JSON.parse(expr).toString)) { + this.log("Reducing big JSON " + expr); + return this.reduceJSON(s.replace(expr, REPL)); + } + } catch (e) {} + let iterations = 0; + for (;;) { + let prev = s; + let start = s.indexOf("{"); + let end = s.lastIndexOf("}"); + let prevExpr = ""; + while (start > -1 && end - start > 1) { + expr = s.substring(start, end + 1); + if (expr === prevExpr) break; + end = s.lastIndexOf("}", end - 1); + if (end === -1) { + start = s.indexOf("{", start + 1); + end = s.lastIndexOf("}"); + } + try { + if (!toStringRx.test(JSON.parse(expr).toString)) + continue; + + this.log("Reducing JSON " + expr); + s = s.replace(expr, REPL); + break; + } catch (e) {} + + if (/\btoString\b[\s\S]*:/.test(expr)) { + continue; + } + + let qred = this.reduceQuotes(expr); + if (/\{(?:\s*(?:(?:\w+:)+\w+)+;\s*)+\}/.test(qred)) { + this.log("Reducing pseudo-JSON " + expr); + s = s.replace(expr, REPL); + break; + } + + if (!/[(=.]|[^:\s]\s*\[|:\s*(?:location|document|set(?:Timeout|Interval)|eval|open|show\w*Dialog|alert|confirm|prompt)\b|(?:\]|set)\s*:/.test(qred) && + this.checkJSSyntax("JSON = " + qred) // no-assignment JSON fails with "invalid label" + ) { + this.log("Reducing slow JSON " + expr); + s = s.replace(expr, REPL); + break; + } + prevExpr = expr; + } + + if (s === prev) break; + } + + return s; + }, + + reduceXML: function reduceXML(s) { + var res; + + for (let pos = s.indexOf("<"); pos !== -1; pos = s.indexOf("<", 1)) { + + let head = s.substring(0, pos); + let tail = s.substring(pos); + + let qnum = 0; + for (pos = -1; + (pos = head.indexOf('"', ++pos)) > -1;) { + if (pos === 0 || head[pos - 1] != '\\') qnum++; + } + if (qnum % 2) break; // odd quotes + + let t = tail.replace(/^<(\??\s*\/?[a-zA-Z][\w:-]*)(?:[\s+]+[\w:-]+="[^"]*")*[\s+]*(\/?\??)>/, '<$1$2>'); + + (res || (res = [])).push(head); + s = t; + } + if (res) { + res.push(s); + s = res.join(''); + } + + return s; + }, + + _singleAssignmentRx: new RegExp( + "(?:\\b" + fuzzify('document') + "\\b[^]*\\.|\\s" + fuzzify('setter') + "\\b[^]*=)|/.*/[^]*(?:\\.(?:" + + "\\b" + fuzzify("onerror") + "\\b[^]*=|" + + +fuzzify('source|toString') + ")|\\[)|" + IC_EVENT_DOS_PATTERN + ), + _riskyAssignmentRx: new RegExp( + "\\b(?:" + fuzzify('location|innerHTML|outerHTML') + ")\\b[^]*=" + ), + _nameRx: new RegExp( + "=[^]*\\b" + fuzzify('name') + "\\b|" + + fuzzify("hostname") + "[^]*=[^]*(?:\\b\\d|[\"'{}~^|<*/+-])" + ), + _evalAliasingRx: new RegExp( + "=[^]+\\[" + IC_EVAL_PATTERN + "\\W*\\]" // TODO: check if it can be coalesced into _maybeJSRx + ), + + _maybeJSRx: new RegExp( + '(?:(?:\\[[^]+\\]|\\.\\D)(?:[^]*\\([^]*\\)|[^*]`[^]+`|[^=]*=[^=][^]*\\S)' + + // double function call + '|\\([^]*\\([^]*\\)' + + ')|(?:^|\\W)(?:' + IC_EVAL_PATTERN + + ')(?:\\W+[^]*|)[(`]|(?:[=(]|\\{[^]+:)[^]*(?:' + // calling eval-like functions directly or... + IC_EVAL_PATTERN + // ... assigning them to another function possibly called by the victim later + ')[^]*[\\n,;:|]|\\b(?:' + + fuzzify('setter|location|innerHTML|outerHTML') + // eval-like assignments + ')\\b[^]*=|' + + '.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' + + IC_EVENT_DOS_PATTERN + + "|\\b" + fuzzify("onerror") + "\\b[^]*=" + + "|=[s\\\\[ux]?\d{2}" + // escape (unicode/ascii/octal) + "|\\b(?:toString|valueOf)\\b" + IC_COMMENT_PATTERN + "=[^]*(?:" + IC_EVAL_PATTERN + ")" + + "|(?:\\)|(?:[^\\w$]|^)[$a-zA-Z_\\u0ff-\\uffff][$\\w\\u0ff-\\uffff]*)" + IC_COMMENT_PATTERN + '=>' + // concise function definition + "|(?:[^\\w$]|^)" + IC_EVENT_PATTERN + IC_COMMENT_PATTERN + "=" + ), + + _riskyParensRx: new RegExp( + "(?:^|\\W)(?:(?:" + IC_EVAL_PATTERN + "|on\\w+)\\s*[(`]|" + + fuzzify("with") + "\\b[^]*\\(|" + + fuzzify("for") + "\\b[^]*\\([^]*[\\w$\\u0080-\\uffff]+[^]*\\b(?:" + + fuzzify("in|of") + ")\\b)" + ), + + _dotRx: /\./g, + _removeDotsRx: /^openid\.[\w.-]+(?==)|(?:[?&#\/]|^)[\w.-]+(?=[\/\?&#]|$)|[\w\.]*\.(?:\b[A-Z]+|\w*\d|[a-z][$_])[\w.-]*|=[a-z.-]+\.(?:com|net|org|biz|info|xxx|[a-z]{2})(?:[;&/]|$)/g, + _removeDots: (p) => p.replace(InjectionChecker._dotRx, '|'), + _arrayAccessRx: /\s*\[\d+\]/g, + _riskyOperatorsRx: /[+-]{2}\s*(?:\/[*/][\s\S]+)?(?:\w+(?:\/[*/][\s\S]+)?[[.]|location)|(?:\]|\.\s*(?:\/[*/][\s\S]+)?\w+|location)\s*(?:\/[*/][\s\S]+)?([+-]{2}|[+*\/<>~-]+\s*(?:\/[*/][\s\S]+)?=)/, // inc/dec/self-modifying assignments on DOM props + _assignmentRx: /^(?:[^()="'\s]+=(?:[^(='"\[+]+|[?a-zA-Z_0-9;,&=/]+|[\d.|]+))$/, + _badRightHandRx: /=[\s\S]*(?:_QS_\b|[|.][\s\S]*source\b|<[\s\S]*\/[^>]*>)/, + _wikiParensRx: /^(?:[\w.|-]+\/)*\(*[\w\s-]+\([\w\s-]+\)[\w\s-]*\)*$/, + _neutralDotsRx: /(?:^|[\/;&#])[\w-]+\.[\w-]+[\?;\&#]/g, + _openIdRx: /^scope=(?:\w+\+)\w/, // OpenID authentication scope parameter, see http://forums.informaction.com/viewtopic.php?p=69851#p69851 + _gmxRx: /\$\(clientName\)-\$\(dataCenter\)\.(\w+\.)+\w+/, // GMX webmail, see http://forums.informaction.com/viewtopic.php?p=69700#p69700 + + maybeJS(expr, mavoChecked = false) { + if (!mavoChecked && this.maybeMavo(expr)) return true; + + if (/`[\s\S]*`/.test(expr) || // ES6 templates, extremely insidious!!! + this._evalAliasingRx.test(expr) || + this._riskyOperatorsRx.test(expr) // this must be checked before removing dots... + ) return true; + + expr = // dotted URL components can lead to false positives, let's remove them + expr.replace(this._removeDotsRx, this._removeDots) + .replace(this._arrayAccessRx, '_ARRAY_ACCESS_') + .replace(/<([\w:]+)>[^</(="'`]+<\/\1>/g, '<$1/>') // reduce XML text nodes + .replace(/<!--/g, '') // remove HTML comments preamble (see next line) + .replace(/(^(?:[^/]*[=;.+-])?)\s*[\[(]+/g, '$1') // remove leading parens and braces + .replace(this._openIdRx, '_OPENID_SCOPE_=XYZ') + .replace(/^[^=]*OPENid\.(\w+)=/gi, "OPENid_\1") + .replace(this._gmxRx, '_GMX_-_GMX_'); + + if (expr.indexOf(")") !== -1) expr += ")"; // account for externally balanced parens + if (this._assignmentRx.test(expr) && !this._badRightHandRx.test(expr)) // commonest case, single assignment or simple chained assignments, no break + return this._singleAssignmentRx.test(expr) || this._riskyAssignmentRx.test(expr) && this._nameRx.test(expr); + + return this._riskyParensRx.test(expr) || + this._maybeJSRx.test(expr.replace(this._neutralDotsRx, '')) && + !this._wikiParensRx.test(expr); + + }, + + checkNonTrivialJSSyntax: function(expr) { + return this.maybeJS(this.reduceQuotes(expr)) && this.checkJSSyntax(expr); + }, + + + wantsExpression: (s) => /(?:^[+-]|[!%&(,*/:;<=>?\[^|]|[^-]-|[^+]\+)\s*$/.test(s), + + stripLiteralsAndComments: function(s) { + "use strict"; + + const MODE_NORMAL = 0; + const MODE_REGEX = 1; + const MODE_SINGLEQUOTE = 2; + const MODE_DOUBLEQUOTE = 3; + const MODE_BLOCKCOMMENT = 4; + const MODE_LINECOMMENT = 6; + const MODE_INTERPOLATION = 7; + + let mode = MODE_NORMAL; + let escape = false; + let res = []; + + function handleQuotes(c, q, type) { + if (escape) { + escape = false; + } else if (c == '\\') { + escape = true; + } else if (c === q) { + res.push(type); + mode = MODE_NORMAL; + } + } + for (let j = 0, l = s.length; j < l; j++) { + + switch (mode) { + case MODE_REGEX: + handleQuotes(s[j], '/', "_REGEXP_"); + break; + case MODE_SINGLEQUOTE: + handleQuotes(s[j], "'", "_QS_"); + break; + case MODE_DOUBLEQUOTE: + handleQuotes(s[j], '"', "_DQS_"); + break; + case MODE_INTERPOLATION: + handleQuotes(s[j], '`', "``"); + break; + case MODE_BLOCKCOMMENT: + if (s[j] === '/' && s[j - 1] === '*') { + res.push("/**/"); + mode = MODE_NORMAL; + } + break; + case MODE_LINECOMMENT: + if (s[j] === '\n') { + res.push("//\n"); + mode = MODE_NORMAL; + } + break; + default: + switch (s[j]) { + case '"': + mode = MODE_DOUBLEQUOTE; + break; + case "'": + mode = MODE_SINGLEQUOTE; + break; + case "`": + mode = MODE_INTERPOLATION; + break; + case '/': + switch (s[j + 1]) { + case '*': + mode = MODE_BLOCKCOMMENT; + j += 2; + break; + case '/': + mode = MODE_LINECOMMENT; + break; + default: + let r = res.join(''); + res = [r]; + if (this.wantsExpression(r)) mode = MODE_REGEX; + else res.push('/'); // after a self-contained expression: division operator + } + break; + default: + res.push(s[j]); + } + + } + } + return res.join(''); + }, + + checkLastFunction: function() { + var fn = this.syntax.lastFunction; + if (!fn) return false; + var m = fn.toSource().match(/\{([\s\S]*)\}/); + if (!m) return false; + var expr = this.stripLiteralsAndComments(m[1]); + return /=[\s\S]*cookie|\b(?:setter|document|location|(?:inn|out)erHTML|\.\W*src)[\s\S]*=|[\w$\u0080-\uffff\)\]]\s*[\[\(]/.test(expr) || + this.maybeJS(expr); + }, + + _createInvalidRanges: function() { + function x(n) { + return '\\u' + ("0000" + n.toString(16)).slice(-4); + } + + var ret = ""; + var first = -1; + var last = -1; + var cur = 0x7e; + while (cur++ <= 0xffff) { + try { + eval("var _" + String.fromCharCode(cur) + "_=1"); + } catch (e) { + if (!/illegal char/.test(e.message)) continue; + if (first == -1) { + first = last = cur; + ret += x(cur); + continue; + } + if (cur - last == 1) { + last = cur; + continue; + } + + if (last != first) ret += "-" + x(last); + ret += x(cur); + last = first = cur; + } + } + return ret; + }, + + get invalidCharsRx() { + delete this.invalidCharsRx; + return this.invalidCharsRx = new RegExp("^[^\"'`/<>]*[" + this._createInvalidRanges() + "]"); + }, + + checkJSBreak: function InjectionChecker_checkJSBreak(s) { + // Direct script injection breaking JS string literals or comments + + + // cleanup most urlencoded noise and reduce JSON/XML + s = ';' + this.reduceXML(this.reduceJSON(this.collapseChars( + s.replace(/\%\d+[a-z\(]\w*/gi, '§') + .replace(/[\r\n\u2028\u2029]+/g, "\n") + .replace(/[\x01-\x09\x0b-\x20]+/g, ' ') + ))); + + if (s.indexOf("*/") > 0 && /\*\/[\s\S]+\/\*/.test(s)) { // possible scrambled multi-point with comment balancing + s += ';' + s.match(/\*\/[\s\S]+/); + } + + if (!this.maybeJS(s)) return false; + + const MAX_TIME = 8000, + MAX_LOOPS = 1200; + + const logEnabled = this.logEnabled; + + const + invalidCharsRx = /[\u007f-\uffff]/.test(s) && this.invalidCharsRx, + dangerRx = /\(|(?:^|[+-]{2}|[+*/<>~-]+\\s*=)|`[\s\S]*`|\[[^\]]+\]|(?:setter|location|(?:inn|out)erHTML|cookie|on\w{3,}|\.\D)[^&]*=[\s\S]*?(?:\/\/|[\w$\u0080-\uFFFF.[\]})'"-]+)/, + exprMatchRx = /^[\s\S]*?(?:[=\)]|`[\s\S]*`|[+-]{2}|[+*/<>~-]+\\s*=)/, + safeCgiRx = /^(?:(?:[\.\?\w\-\/&:§\[\]]+=[\w \-:\+%#,§\.]*(?:[&\|](?=[^&\|])|$)){2,}|\w+:\/\/\w[\w\-\.]*)/, + // r2l, chained query string parameters, protocol://domain + headRx = /^(?:[^'"\/\[\(]*[\]\)]|[^"'\/]*(?:§|[^&]&[\w\.]+=[^=]))/ + // irrepairable syntax error, such as closed parens in the beginning + ; + + const injectionFinderRx = /(['"`#;>:{}]|[/?=](?![?&=])|&(?![\w-.[\]&!-]*=)|\*\/)(?!\1)/g; + injectionFinderRx.lastIndex = 0; + + const t = Date.now(); + var iterations = 0; + + for (let dangerPos = 0, m; + (m = injectionFinderRx.exec(s));) { + + let startPos = injectionFinderRx.lastIndex; + let subj = s.substring(startPos); + if (startPos > dangerPos) { + dangerRx.lastIndex = startPos; + if (!dangerRx.exec(s)) { + this.log("Can't find any danger in " + s); + return false; + } + dangerPos = dangerRx.lastIndex; + } + + let breakSeq = m[1]; + let quote = breakSeq in this.breakStops ? breakSeq : ''; + + if (!this.maybeJS(quote ? quote + subj : subj)) { + this.log("Fast escape on " + subj, t, iterations); + return false; + } + + let script = this.reduceURLs(subj); + + if (script.length < subj.length) { + if (!this.maybeJS(script)) { + this.log("Skipping to first nested URL in " + subj, t, iterations); + injectionFinderRx.lastIndex += subj.indexOf("://") + 1; + continue; + } + subj = script; + script = this.reduceURLs(subj.substring(0, dangerPos - startPos)); + } else { + script = subj.substring(0, dangerPos - startPos); + } + + let expr = subj.match(exprMatchRx); + + if (expr) { + expr = expr[0]; + if (expr.length < script.length) { + expr = script; + } + } else { + expr = script; + } + + // quickly skip (mis)leading innocuous CGI patterns + if ((m = subj.match(safeCgiRx))) { + + this.log("Skipping CGI pattern in " + subj); + + injectionFinderRx.lastIndex += m[0].length - 1; + continue; + } + + let bs = this.breakStops[quote || 'nq'] + + for (let len = expr.length, moved = false, hunt = !!expr, lastExpr = ''; hunt;) { + + if (Date.now() - t > MAX_TIME) { + this.log("Too long execution time! Assuming DOS... " + (Date.now() - t), t, iterations); + return true; + } + + hunt = expr.length < subj.length; + + if (moved) { + moved = false; + } else if (hunt) { + let pos = subj.substring(len).search(bs); + if (pos < 0) { + expr = subj; + hunt = false; + } else { + len += pos; + if (quote && subj[len] === quote) { + len++; + } else if (subj[len - 1] === '<') { + // invalid JS, and maybe in the middle of XML block + len++; + continue; + } + expr = subj.substring(0, len); + if (pos === 0) len++; + } + } + + if (lastExpr === expr) { + lastExpr = ''; + continue; + } + + lastExpr = expr; + + if (invalidCharsRx && invalidCharsRx.test(expr)) { + this.log("Quick skipping invalid chars"); + break; + } + + + + if (quote) { + if (this.checkNonTrivialJSSyntax(expr)) { + this.log("Non-trivial JS inside quoted string detected", t, iterations); + return true; + } + script = this.syntax.unquote(quote + expr, quote); + if (script && this.maybeJS(script) && + (this.checkNonTrivialJSSyntax(script) || + /'./.test(script) && this.checkNonTrivialJSSyntax("''" + script + "'") || + /"./.test(script) && this.checkNonTrivialJSSyntax('""' + script + '"') + ) && this.checkLastFunction() + ) { + this.log("JS quote Break Injection detected", t, iterations); + return true; + } + script = quote + quote + expr + quote; + } else { + script = expr; + } + + if (headRx.test(script.split("//")[0])) { + let balanced = script.replace(/^[^"'{}(]*\)/, 'P '); + if (balanced !== script && balanced.indexOf('(') > -1) { + script = balanced + ")"; + } else { + this.log("SKIP (head syntax) " + script, t, iterations); + break; // unrepairable syntax error in the head, move left cursor forward + } + } + + if (this.maybeJS(this.reduceQuotes(script))) { + + if (this.checkJSSyntax(script) && this.checkLastFunction()) { + this.log("JS Break Injection detected", t, iterations); + return true; + } + + if (this.checkTemplates(script)) { + this.log("JS template expression injection detected", t, iterations); + return true; + } + + if (++iterations > MAX_LOOPS) { + this.log("Too many syntax checks! Assuming DOS... " + s, t, iterations); + return true; + } + if (this.syntax.lastError) { // could be null if we're here thanks to checkLastFunction() + let errmsg = this.syntax.lastError.message; + if (logEnabled) this.log(errmsg + " --- " + this.syntax.lastScript + " --- ", t, iterations); + if (!quote) { + if (errmsg.indexOf("left-hand") !== -1) { + let m = subj.match(/^([^\]\(\\'"=\?]+?)[\w$\u0080-\uffff\s]+[=\?]/); + if (m) { + injectionFinderRx.lastIndex += m[1].length - 1; + } + break; + } else if (errmsg.indexOf("unterminated string literal") !== -1) { + let quotePos = subj.substring(len).search(/["']/); + if (quotePos > -1) { + expr = subj.substring(0, len += ++quotePos); + moved = true; + } else break; + } else if (errmsg.indexOf("syntax error") !== -1) { + let dblSlashPos = subj.indexOf("//"); + if (dblSlashPos > -1) { + let pos = subj.search(/['"\n\\\(]|\/\*/); + if (pos < 0 || pos > dblSlashPos) + break; + } + if (/^([\w\[\]]*=)?\w*&[\w\[\]]*=/.test(subj)) { // CGI param concatenation + break; + } + } + } else if (errmsg.indexOf("left-hand") !== -1) break; + + if (/invalid .*\bflag\b|missing ; before statement|invalid label|illegal character|identifier starts immediately/.test(errmsg)) { + if (errmsg.indexOf("illegal character") === -1 && /#\d*\s*$/.test(script)) { // sharp vars exceptional behavior + if (!quote) break; + // let's retry without quotes + quote = lastExpr = ''; + hunt = moved = true; + } else break; + } else if ((m = errmsg.match(/\b(?:property id\b|missing ([:\]\)\}]) )/))) { + let char = m[1] || '}'; + let newLen = subj.indexOf(char, len); + let nextParamPos = subj.substring(len).search(/[^&]&(?!&)/) + if (newLen !== -1 && (nextParamPos === -1 || newLen <= len + nextParamPos)) { + this.log("Extending to next " + char); + expr = subj.substring(0, len = ++newLen); + moved = char !== ':'; + } else if (char !== ':') { + let lastChar = expr[expr.length - 1]; + if (lastChar === char && (len > subj.length || lastChar != subj[len - 1])) break; + expr += char; + moved = hunt = true; + len++; + this.log("Balancing " + char, t, iterations); + } else { + break; + } + } else if (/finally without try/.test(errmsg)) { + expr = "try{" + expr; + hunt = moved = true; + } + } + } + } + } + this.log(s, t, iterations); + return false; + }, + + + checkJS: function(s, unescapedUni) { + this.log(s); + + if (/\?name\b[\s\S]*:|[^&?]\bname\b/.test(s)) { + this.nameAssignment = true; + } + + var hasUnicodeEscapes = !unescapedUni && /\\u(?:[0-9a-f]{4}|\{[0-9a-f]+\})/i.test(s); + if (hasUnicodeEscapes && /\\u(?:\{0*|00)[0-7][0-9a-f]/i.test(s)) { + this.escalate("Unicode-escaped lower ASCII"); + return true; + } + + if (/\\x[0-9a-f]{2}[\s\S]*['"]/i.test(s)) { + this.escalate("Obfuscated string literal"); + return true; + } + + if (/`[\s\S]*\$\{[\s\S]+[=(][\s\S]+\}[\s\S]*`/.test(s)) { + this.escalate("ES6 string interpolation"); + return true; + } + + this.syntax.lastFunction = null; + let ret = this.checkAttributes(s) || + (/[\\\(]|=[^=]/.test(s) || this._riskyOperatorsRx.test(s)) && this.checkJSBreak(s) || // MAIN + hasUnicodeEscapes && this.checkJS(this.unescapeJS(s), true); // optional unescaped recursion + if (ret) { + let msg = "JavaScript Injection in " + s; + if (this.syntax.lastFunction) { + msg += "\n" + this.syntax.lastFunction.toSource(); + } + this.escalate(msg); + } + return ret; + }, + + unescapeJS: function(s) { + return s.replace(/\\u([0-9a-f]{4})/gi, function(s, c) { + return String.fromCharCode(parseInt(c, 16)); + }); + }, + unescapeJSLiteral: function(s) { + return s.replace(/\\x([0-9a-f]{2})/gi, function(s, c) { + return String.fromCharCode(parseInt(c, 16)); + }); + }, + + unescapeCSS: function(s) { + // see http://www.w3.org/TR/CSS21/syndata.html#characters + return s.replace(/\\([\da-f]{0,6})\s?/gi, function($0, $1) { + try { + return String.fromCharCode(parseInt($1, 16)); + } catch (e) { + return ""; + } + }); + }, + + reduceDashPlus: function(s) { + // http://forums.mozillazine.org/viewtopic.php?p=5592865#p5592865 + return s.replace(/\-+/g, "-") + .replace(/\++/g, "+") + .replace(/\s+/g, ' ') + .replace(/(?: \-)+/g, ' -') + .replace(/(?:\+\-)+/g, '+-'); + }, + + _rxCheck: function(checker, s) { + var rx = this[checker + "Checker"]; + var ret = rx.exec(s); + if (ret) { + this.escalate(checker + " injection:\n" + ret + "\nmatches " + rx.source); + return true; + } + return false; + }, + + AttributesChecker: new RegExp( + "(?:\\W|^)(?:javascript:(?:[^]+[=\\\\\\(`\\[\\.<]|[^]*(?:\\bname\\b|\\\\[ux]\\d))|" + + "data:(?:(?:[a-z]\\w+/\\w[\\w+-]+\\w)?[;,]|[^]*;[^]*\\b(?:base64|charset=)|[^]*,[^]*<[^]*\\w[^]*>))|@" + + ("import\\W*(?:\\/\\*[^]*)?(?:[\"']|url[^]*\\()" + + "|-moz-binding[^]*:[^]*url[^]*\\(|\\{\\{[^]+\\}\\}") + .replace(/[a-rt-z\-]/g, "\\W*$&"), + "i"), + checkAttributes: function(s) { + s = this.reduceDashPlus(s); + if (this._rxCheck("Attributes", s)) return true; + if (/\\/.test(s) && this._rxCheck("Attributes", this.unescapeCSS(s))) return true; + let dataPos = s.search(/data:\S*\s/i); + if (dataPos !== -1) { + let data = this.urlUnescape(s.substring(dataPos).replace(/\s/g, '')); + if (this.checkHTML(data) || this.checkAttributes(data)) return true; + } + return false; + }, + + GlobalsChecker: /https?:\/\/[\S\s]+["'\s\0](?:id|class|data-\w+)[\s\0]*=[\s\0]*("')?\w{3,}(?:[\s\0]|\1|$)|(?:id|class|data-\w+)[\s\0]*=[\s\0]*("')?\w{3,}(?:[\s\0]|\1)[\s\S]*["'\s\0]href[\s\0]*=[\s\0]*(?:"')?https?:\/\//i, + HTMLChecker: new RegExp("<[^\\w<>]*(?:[^<>\"'\\s]*:)?[^\\w<>]*(?:" + // take in account quirks and namespaces + fuzzify("script|form|style|svg|marquee|(?:link|object|embed|applet|param|i?frame|base|body|meta|ima?ge?|video|audio|bindings|set|isindex|animate|template") + + ")[^>\\w])|['\"\\s\\0/](?:formaction|style|background|src|lowsrc|ping|innerhtml|data-bind|(?:data-)?mv-(?:\\w+[\\w-]*)|" + IC_EVENT_PATTERN + + ")[\\s\\0]*=|<%[^]+[=(][^]+%>", "i"), + + checkHTML(s) { + let links = s.match(/\b(?:href|src|base|(?:form)?action|\w+-\w+)\s*=\s*(?:(["'])[\s\S]*?\1|(?:[^'">][^>\s]*)?[:?\/#][^>\s]*)/ig); + if (links) { + for (let l of links) { + l = l.replace(/[^=]*=\s*/i, '').replace(/[\u0000-\u001f]/g, ''); + l = /^["']/.test(l) ? l.replace(/^(['"])([^]*?)\1[^]*/g, '$2') : l.replace(/[\s>][^]*/, ''); + + if (/^(?:javascript|data):|\[[^]+\]/i.test(l) || /[<'"(]/.test(unescape(l)) && this.checkUrl(l)) return true; + } + } + return this._rxCheck("HTML", s) || this._rxCheck("Globals", s); + }, + + checkNoscript: function(s) { + this.log(s); + return s.indexOf("\x1b(J") !== -1 && this.checkNoscript(s.replace(/\x1b\(J/g, '')) || // ignored in iso-2022-jp + s.indexOf("\x7e\x0a") !== -1 && this.checkNoscript(s.replace(/\x7e\x0a/g, '')) || // ignored in hz-gb-2312 + this.checkHTML(s) || this.checkSQLI(s) || this.checkHeaders(s); + }, + + HeadersChecker: /[\r\n]\s*(?:content-(?:type|encoding))\s*:/i, + checkHeaders: function(s) { + return this._rxCheck("Headers", s); + }, + SQLIChecker: /(?:(?:(?:\b|[^a-z])union[^a-z]|\()[\w\W]*(?:\b|[^a-z])select[^a-z]|(?:updatexml|extractvalue)(?:\b|[^a-z])[\w\W]*\()[\w\W]+(?:(?:0x|x')[0-9a-f]{16}|(?:0b|b')[01]{64}|\(|\|\||\+)/i, + checkSQLI: function(s) { + return this._rxCheck("SQLI", s); + }, + + base64: false, + base64tested: [], + get base64Decoder() { + return Base64; + }, // exposed here just for debugging purposes + + + checkBase64: function(url) { + this.base64 = false; + + const MAX_TIME = 8000; + const DOS_MSG = "Too long execution time, assuming DOS in Base64 checks"; + + this.log(url); + + + var parts = url.split("#"); // check hash + if (parts.length > 1 && this.checkBase64FragEx(unescape(parts[1]))) + return true; + + parts = parts[0].split(/[&;]/); // check query string + if (parts.length > 0 && parts.some(function(p) { + var pos = p.indexOf("="); + if (pos > -1) p = p.substring(pos + 1); + return this.checkBase64FragEx(unescape(p)); + }, this)) + return true; + + url = parts[0]; + parts = Base64.purify(url).split("/"); + if (parts.length > 255) { + this.log("More than 255 base64 slash chunks, assuming DOS"); + return true; + } + + + var t = Date.now(); + if (parts.some(function(p) { + if (Date.now() - t > MAX_TIME) { + this.log(DOS_MSG); + return true; + } + return this.checkBase64Frag(Base64.purify(Base64.alt(p))); + }, this)) + return true; + + + var uparts = Base64.purify(unescape(url)).split("/"); + + t = Date.now(); + while (parts.length) { + if (Date.now() - t > MAX_TIME) { + this.log(DOS_MSG); + return true; + } + if (this.checkBase64Frag(parts.join("/")) || + this.checkBase64Frag(uparts.join("/"))) + return true; + + parts.shift(); + uparts.shift(); + } + + return false; + }, + + + checkBase64Frag: function(f) { + if (this.base64tested.indexOf(f) < 0) { + this.base64tested.push(f); + try { + var s = Base64.decode(f); + if (s && s.replace(/[^\w\(\)]/g, '').length > 7 && + (this.checkHTML(s) || + this.checkAttributes(s)) + // this.checkJS(s) // -- alternate, whose usefulness is doubious but which easily leads to DOS + ) { + this.log("Detected BASE64 encoded injection: " + f + " --- (" + s + ")"); + return this.base64 = true; + } + } catch (e) {} + } + return false; + }, + + checkBase64FragEx: function(f) { + return this.checkBase64Frag(Base64.purify(f)) || this.checkBase64Frag(Base64.purify(Base64.alt(f))); + }, + + + checkUrl(url, skipRx = null) { + if (skipRx) url = url.replace(skipRx, ''); + return this.checkRecursive(url + // assume protocol and host are safe, but keep the leading double slash to keep comments in account + .replace(/^[a-z]+:\/\/.*?(?=\/|$)/, "//") + // Remove outer parenses from ASP.NET cookieless session's AppPathModifier + .replace(/\/\((S\(\w{24}\))\)\//, '/$1/') + ); + }, + + checkPost(formData, skipParams = null) { + let keys = Object.keys(formData); + if (Array.isArray(skipParams)) keys = keys.filter(k => !skipParams.includes(k)) + for (let key of keys) { + let chunk = `${key}=${formData[key].join(`;`)}`; + if (this.checkRecursive(chunk, 2, true)) { + return chunk; + } + } + return null; + }, + + checkRecursive(s, depth = 3, isPost = false) { + this.reset(); + this.isPost = isPost; + + + if (ASPIdiocy.affects(s)) { + if (this.checkRecursive(ASPIdiocy.process(s), depth, isPost)) + return true; + } else if (ASPIdiocy.hasBadPercents(s) && this.checkRecursive(ASPIdiocy.removeBadPercents(s), depth, isPost)) { + return true; + } + if (FlashIdiocy.affects(s)) { + let purged = FlashIdiocy.purgeBadEncodings(s); + if (purged !== s && this.checkRecursive(purged, depth, isPost)) + return true; + let decoded = FlashIdiocy.platformDecode(purged); + if (decoded !== purged && this.checkRecursive(decoded, depth, isPost)) + return true; + } + + if (s.indexOf("coalesced:") !== 0) { + let coalesced = ASPIdiocy.coalesceQuery(s); + if (coalesced !== s && this.checkRecursive("coalesced:" + coalesced, depth, isPost)) + return true; + } + + if (isPost) { + s = this.formUnescape(s); + if (this.checkBase64Frag(Base64.purify(s))) return true; + + if (s.indexOf("<") > -1) { + // remove XML-embedded Base64 binary data + s = s.replace(/<((?:\w+:)?\w+)>[0-9a-zA-Z+\/]+=*<\/\1>/g, ''); + } + + s = "#" + s; + } else { + if (this.checkBase64(s.replace(/^\/{1,3}/, ''))) return true; + } + + if (isPost) s = "#" + s; // allows the string to be JS-checked as a whole + return this._checkRecursive(s, depth); + }, + + _checkRecursive: function(s, depth) { + + if (this.checkHTML(s) || this.checkJS(s) || this.checkSQLI(s) || this.checkHeaders(s)) + return true; + + if (s.indexOf("&") !== -1) { + let unent = Entities.convertAll(s); + if (unent !== s && this._checkRecursive(unent, depth)) return true; + } + + if (--depth <= 0) + return false; + + if (s.indexOf('+') !== -1 && this._checkRecursive(this.formUnescape(s), depth)) + return true; + + var unescaped = this.urlUnescape(s); + let badUTF8 = this.utf8EscapeError; + + if (this._checkOverDecoding(s, unescaped)) + return true; + + if (/[\u0000-\u001f]|&#/.test(unescaped)) { + let unent = Entities.convertAll(unescaped.replace(/[\u0000-\u001f]+/g, '')); + if (unescaped != unent && this._checkRecursive(unent, depth)) { + this.log("Trash-stripped nested URL match!"); + return true; + } + } + + if (/\\x[0-9a-f]/i.test(unescaped)) { + let literal = this.unescapeJSLiteral(unescaped); + if (unescaped !== literal && this._checkRecursive(literal, depth)) { + this.log("Escaped literal match!"); + return true; + } + } + + if (unescaped.indexOf("\x1b(J") !== -1 && this._checkRecursive(unescaped.replace(/\x1b\(J/g, ''), depth) || // ignored in iso-2022-jp + unescaped.indexOf("\x7e\x0a") !== -1 && this._checkRecursive(unescaped.replace(/\x7e\x0a/g, '')) // ignored in hz-gb-2312 + ) { + return true; + } + + if (badUTF8) { + try { + let legacyEscaped = unescape(unescaped); + if (legacyEscaped !== unescaped && this._checkRecursive(unescape(unescaped))) return true; + } catch (e) {} + } + + if (unescaped !== s && this._checkRecursive(unescaped, depth)) { + return true; + } + + s = this.ebayUnescape(unescaped); + if (s != unescaped && this._checkRecursive(s, depth)) + return true; + + return false; + }, + + _checkOverDecoding: function(s, unescaped) { + if (/%[8-9a-f]/i.test(s)) { + const rx = /[<'"]/g; + var m1 = unescape(this.utf8OverDecode(s, false)).match(rx); + if (m1) { + unescaped = unescaped || this.urlUnescape(s); + var m0 = unescaped.match(rx); + if (!m0 || m0.length < m1.length) { + this.log("Potential utf8_decode() exploit!"); + return true; + } + } + } + return false; + }, + + utf8OverDecode: function(url, strict) { + return url.replace(strict ? + /%(?:f0%80%80|e0%80|c0)%[8-b][0-f]/gi : + /%(?:f[a-f0-9](?:%[0-9a-f]0){2}|e0%[4-9a-f]0|c[01])%[a-f0-9]{2}/gi, + function(m) { + var hex = m.replace(/%/g, ''); + if (strict) { + for (var j = 2; j < hex.length; j += 2) { + if ((parseInt(hex.substring(j, j + 2), 16) & 0xc0) != 0x80) return m; + } + } + switch (hex.length) { + case 8: + hex = hex.substring(2); + case 6: + c = (parseInt(hex.substring(0, 2), 16) & 0x3f) << 12 | + (parseInt(hex.substring(2, 4), 16) & 0x3f) << 6 | + parseInt(hex.substring(4, 6), 16) & 0x3f; + break; + default: + c = (parseInt(hex.substring(0, 2), 16) & 0x3f) << 6 | + parseInt(hex.substring(2, 4), 16) & 0x3f; + } + return encodeURIComponent(String.fromCharCode(c & 0x3f)); + } + ); + }, + + utf8EscapeError: true, + urlUnescape: function(url, brutal) { + var od = this.utf8OverDecode(url, !brutal); + this.utf8EscapeError = false; + try { + return decodeURIComponent(od); + } catch (warn) { + this.utf8EscapeError = true; + if (url != od) url += " (" + od + ")"; + this.log("Problem decoding " + url + ", maybe not an UTF-8 encoding? " + warn.message); + return od; + } + }, + + formUnescape: function(s, brutal) { + return this.urlUnescape(s.replace(/\+/g, ' '), brutal); + }, + + ebayUnescape: function(url) { + return url.replace(/Q([\da-fA-F]{2})/g, function(s, c) { + return String.fromCharCode(parseInt(c, 16)); + }); + }, + + checkWindowName(window, url) { + var originalAttempt = window.name; + try { + if (/^https?:\/\/(?:[^/]*\.)?\byimg\.com\/rq\/darla\//.test(url)) { + window.name = "DARLA_JUNK"; + return; + } + + if (/\s*{[\s\S]+}\s*/.test(originalAttempt)) { + try { + JSON.parse(originalAttempt); // fast track for crazy JSON in name like on NYT + return; + } catch (e) {} + } + + if (/[%=\(\\<]/.test(originalAttempt) && InjectionChecker.checkUrl(originalAttempt)) { + window.name = originalAttempt.replace(/[%=\(\\<]/g, " "); + } + + if (originalAttempt.length > 11) { + try { + if ((originalAttempt.length % 4 === 0)) { + var bin = window.atob(window.name); + if (/[%=\(\\]/.test(bin) && InjectionChecker.checkUrl(bin)) { + window.name = "BASE_64_XSS"; + } + } + } catch (e) {} + } + } finally { + if (originalAttempt != window.name) { + log('[NoScript XSS]: sanitized window.name, "' + originalAttempt + '"\nto\n"' + window.name + '"\nURL: ' + url); + log(url + "\n" + window.location.href); + } + } + }, + + }; + // InjectionChecker.logEnabled = true; + return InjectionChecker; +})(); diff --git a/src/xss/XSS.js b/src/xss/XSS.js new file mode 100644 index 0000000..94e33fa --- /dev/null +++ b/src/xss/XSS.js @@ -0,0 +1,246 @@ +'use strict'; + +var XSS = (() => { + + const ABORT = {cancel: true}, ALLOW = {}; + + let promptsMap = new Map(); + + async function getUserResponse(xssReq) { + let {originKey} = xssReq; + await promptsMap.get(originKey); + // promptsMap.delete(originKey); + switch (await XSS.getUserChoice(originKey)) { + case "allow": + return ALLOW; + case "block": + log("Blocking request from %s to %s by previous XSS prompt user choice", + xssReq.srcUrl, xssReq.destUrl); + return ABORT; + } + return null; + } + + async function requestListener(request) { + + if (ns.isEnforced(request.tabId)) { + let {policy} = ns; + let {type} = request; + if (type !== "main_frame") { + if (type === "sub_frame") type = "frame"; + if (!policy.can(request.url, type, request.originUrl)) { + return ALLOW; // it will be blocked by RequestGuard + } + } + } + let xssReq = XSS.parseRequest(request); + if (!xssReq) return null; + let userResponse = await getUserResponse(xssReq); + if (userResponse) return userResponse; + + let data; + let reasons; + try { + reasons = await XSS.maybe(xssReq); + if (!reasons) return ALLOW; + + data = []; + } catch (e) { + error(e, "XSS filter processing %o", xssReq); + reasons = { urlInjection: true }; + data = [e.toString()]; + } + + + + let prompting = (async () => { + userResponse = await getUserResponse(xssReq); + if (userResponse) return userResponse; + + let {srcOrigin, destOrigin, unescapedDest} = xssReq; + let block = !!(reasons.urlInjection || reasons.postInjection) + + if (reasons.protectName) { + RequestUtil.executeOnStart(request, { + file: "/xss/sanitizeName.js", + }); + if (!block) return ALLOW; + } + if (reasons.urlInjection) data.push(`(URL) ${unescapedDest}`); + if (reasons.postInjection) data.push(`(POST) ${reasons.postInjection}`); + + let source = srcOrigin && srcOrigin !== "null" ? srcOrigin : "[...]"; + + let {button, option} = await Prompts.prompt({ + title: _("XSS_promptTitle"), + message: _("XSS_promptMessage", [source, destOrigin, data.join(",")]), + options: [ + {label: _(`XSS_opt${block ? 'Block' : 'Sanitize'}`), checked: true}, // 0 + {label: _("XSS_optAlwaysBlock", [source, destOrigin])}, // 1 + {label: _("XSS_optAllow")}, // 2 + {label: _("XSS_optAlwaysAllow", [source, destOrigin])}, // 3 + ], + + buttons: [_("Ok")], + multiple: "focus", + width: 600, + height: 480, + }); + + if (button === 0 && option >= 2) { + if (option === 3) { // always allow + await XSS.setUserChoice(xssReq.originKey, "allow"); + await XSS.saveUserChoices(); + } + return ALLOW; + } + if (option === 1) { // always block + block = true; + await XSS.setUserChoice(xssReq.originKey, "block"); + await XSS.saveUserChoices(); + } + return block ? ABORT : ALLOW; + })(); + promptsMap.set(xssReq.originKey, prompting); + try { + return await prompting; + } catch (e) { + error(e); + return ABORT; + } + }; + + return { + async start() { + let {onBeforeRequest} = browser.webRequest; + if (onBeforeRequest.hasListener(requestListener)) return; + + await include("/legacy/Legacy.js"); + await include("/xss/Exceptions.js"); + + this._userChoices = (await Storage.get("sync", "xssUserChoices")).xssUserChoices || {}; + + // conver old style whitelist if stored + let oldWhitelist = await XSS.Exceptions.getWhitelist(); + if (oldWhitelist) { + for (let [destOrigin, sources] of Object.entries(oldWhitelist)) { + for (let srcOrigin of sources) { + this._userChoices[`${srcOrigin}>${destOrigin}`] = "allow"; + } + } + XSS.Exceptions.setWhitelist(null); + } + + onBeforeRequest.addListener(requestListener, { + urls: ["*://*/*"], + types: ["main_frame", "sub_frame", "object"] + }, ["blocking", "requestBody"]); + }, + + stop() { + let {onBeforeRequest} = browser.webRequest; + if (onBeforeRequest.hasListener(requestListener)) { + onBeforeRequest.removeListener(requestListener); + } + }, + + + parseRequest(request) { + let { + url: destUrl, + originUrl: srcUrl, + method + } = request; + let destObj; + try { + destObj = new URL(destUrl); + } catch (e) { + error(e, "Cannot create URL object for %s", destUrl); + return null; + } + let srcObj = null; + if (srcUrl) { + try { + srcObj = new URL(srcUrl); + } catch (e) {} + } else { + srcUrl = ""; + } + + let unescapedDest = unescape(destUrl); + let srcOrigin = srcObj ? srcObj.origin : ""; + let destOrigin = destObj.origin; + + let isGet = method === "GET"; + return { + xssUnparsed: request, + srcUrl, + destUrl, + srcObj, + destObj, + srcOrigin, + destOrigin, + get srcDomain() { + delete this.srcDomain; + return this.srcDomain = srcObj && srcObj.hostname && tld.getDomain(srcObj.hostname) || ""; + }, + get destDomain() { + delete this.destDomain; + return this.destDomain = tld.getDomain(destObj.hostname); + }, + get originKey() { + delete this.originKey; + return this.originKey = `${srcOrigin}>${destOrigin}`; + }, + unescapedDest, + isGet, + isPost: !isGet && method === "POST", + } + }, + + async saveUserChoices(xssUserChoices = this._userChoices || {}) { + this._userChoices = xssUserChoices; + await Storage.set("sync", {xssUserChoices}); + }, + getUserChoices() { + return this._userChoices; + }, + setUserChoice(originKey, choice) { + this._userChoices[originKey] = choice; + }, + getUserChoice(originKey) { + return this._userChoices[originKey]; + }, + + async maybe(request) { // return reason or null if everything seems fine + let xssReq = request.xssUnparsed ? request : this.parseRequest(request); + request = xssReq.xssUnparsed; + + if (await this.Exceptions.shouldIgnore(xssReq)) { + return null; + } + + let { + skipParams, + skipRx + } = this.Exceptions.partial(xssReq); + + let {destUrl} = xssReq; + + await include("/xss/InjectionChecker.js"); + let ic = await this.InjectionChecker; + ic.reset(); + + let postInjection = xssReq.isPost && + request.requestBody && request.requestBody.formData && + ic.checkPost(request.requestBody.formData, skipParams); + + let protectName = ic.nameAssignment; + let urlInjection = ic.checkUrl(destUrl, skipRx); + protectName = protectName || ic.nameAssignment; + ic.reset(); + return !(protectName || postInjection || urlInjection) ? null + : { protectName, postInjection, urlInjection }; + } + }; +})(); diff --git a/src/xss/sanitizeName.js b/src/xss/sanitizeName.js new file mode 100644 index 0000000..22185f4 --- /dev/null +++ b/src/xss/sanitizeName.js @@ -0,0 +1,4 @@ +if (/[<"'\`(=:]/.test(window.name)) { + console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL); + window.name = ""; +} |