From 5ffd53ee89767e1ca08d41516e968aab06cf42d3 Mon Sep 17 00:00:00 2001 From: hackademix Date: Mon, 8 Apr 2019 11:44:08 +0200 Subject: Fixed inconsistencies in handling of browser-internal URLs. --- src/bg/ChildPolicies.js | 2 +- src/bg/RequestGuard.js | 6 +++--- src/bg/main.js | 6 ++++-- src/common/Policy.js | 8 +++++--- 4 files changed, 13 insertions(+), 9 deletions(-) diff --git a/src/bg/ChildPolicies.js b/src/bg/ChildPolicies.js index 5727762..e5024e7 100644 --- a/src/bg/ChildPolicies.js +++ b/src/bg/ChildPolicies.js @@ -190,7 +190,7 @@ getForDocument(policy, url, context = null) { return { - permissions: policy.get(url, context).perms.dry(), + permissions: policy && policy.get(url, context).perms.dry(), MARKER: marker }; }, diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 0731b7b..c1771aa 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -256,8 +256,8 @@ var RequestGuard = (() => { }); return redirected; } + const ABORT = {cancel: true}, ALLOW = {}; - const INTERNAL_SCHEME = /^(?:chrome|resource|(?:moz|chrome)-extension|about):/; const listeners = { onBeforeRequest(request) { try { @@ -272,7 +272,7 @@ var RequestGuard = (() => { // some extensions make them both undefined, // see https://github.com/eight04/image-picka/issues/150 ) || - INTERNAL_SCHEME.test(originUrl)) + Sites.isInternal(originUrl)) ) { // livemark request or similar browser-internal, always allow; return ALLOW; @@ -281,7 +281,7 @@ var RequestGuard = (() => { request._dataUrl = url; request.url = url = documentUrl; } - let allowed = INTERNAL_SCHEME.test(url) || + let allowed = Sites.isInternal(url) || !ns.isEnforced(request.tabId) || policy.can(url, policyType, originUrl); Content.reportTo(request, allowed, policyType); diff --git a/src/bg/main.js b/src/bg/main.js index 667be28..5d4f79f 100644 --- a/src/bg/main.js +++ b/src/bg/main.js @@ -142,8 +142,10 @@ }, async fetchChildPolicy({url, contextUrl}, sender) { - return ChildPolicies.getForDocument(ns.policy, - url || sender.url, contextUrl || sender.tab.url); + let {tab} = sender; + if (!url) url = sender.url; + let policy = !Sites.isInternal(url) && ns.isEnforced(tab.id) ? ns.policy : null; + return ChildPolicies.getForDocument(policy, url, contextUrl || tab.url); }, async openStandalonePopup() { diff --git a/src/common/Policy.js b/src/common/Policy.js index 55e9ad1..4fbc4ec 100644 --- a/src/common/Policy.js +++ b/src/common/Policy.js @@ -1,10 +1,9 @@ var {Permissions, Policy, Sites} = (() => { 'use strict'; - const SECURE_DOMAIN_PREFIX = "§:"; const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`); const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i"); - const SKIP_RX = /^(?:(?:about|chrome|resource|moz-.*):|\[System)/; + const INTERNAL_SITE_RX = /^(?:(?:about|chrome|resource|(?:moz|chrome)-.*):|\[System)/; const VALID_SITE_RX = /^(?:(?:(?:(?:http|ftp|ws)s?|file):)(?:(?:\/\/)[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000.](?:$|\/))?|[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000]$)/; let rxQuote = s => s.replace(/[.?*+^$[\]\\(){}|-]/g, "\\$&"); @@ -24,6 +23,9 @@ var {Permissions, Policy, Sites} = (() => { return VALID_SITE_RX.test(site); } + static isInternal(site) { + return INTERNAL_SITE_RX.test(site); + } static originImplies(originKey, site) { return originKey === site || site.startsWith(`${originKey}/`); @@ -116,7 +118,7 @@ var {Permissions, Policy, Sites} = (() => { } set(k, v) { - if (!k || SKIP_RX.test(k) || k === "§:") return this; + if (!k || Sites.isInternal(k) || k === "§:") return this; let [,domain] = DOMAIN_RX.exec(k); if (/[^\u0000-\u007f]/.test(domain)) { k = k.replace(domain, punycode.toASCII(domain)); -- cgit v1.2.3