From eceae7187a6f0e9510bc1165f6977256b87f490f Mon Sep 17 00:00:00 2001 From: hackademix Date: Sun, 1 Jul 2018 01:01:23 +0200 Subject: Initial commit starting at version 10.1.8.3rc4. --- src/content/PlaceHolder.js | 150 ++++++++++++++++++++++++++++++++++++++++ src/content/content.css | 71 +++++++++++++++++++ src/content/content.js | 107 ++++++++++++++++++++++++++++ src/content/media.js | 59 ++++++++++++++++ src/content/onScriptDisabled.js | 74 ++++++++++++++++++++ src/content/webglHook.js | 31 +++++++++ 6 files changed, 492 insertions(+) create mode 100644 src/content/PlaceHolder.js create mode 100644 src/content/content.css create mode 100644 src/content/content.js create mode 100644 src/content/media.js create mode 100644 src/content/onScriptDisabled.js create mode 100644 src/content/webglHook.js (limited to 'src/content') diff --git a/src/content/PlaceHolder.js b/src/content/PlaceHolder.js new file mode 100644 index 0000000..37c0198 --- /dev/null +++ b/src/content/PlaceHolder.js @@ -0,0 +1,150 @@ +var PlaceHolder = (() => { + const HANDLERS = new Map(); + + class Handler { + constructor(type, selector) { + this.type = type; + this.selector = selector; + this.placeHolders = new Map(); + HANDLERS.set(type, this); + } + filter(element, request) { + let url = request.initialUrl || request.url; + return "data" in element ? element.data === url : element.src === url; + } + } + + new Handler("frame", "iframe"); + new Handler("object", "object, embed"); + new Handler("media", "video, audio"); + + function cloneStyle(src, dest, + props = ["width", "height", "position", "*", "margin*"]) { + var suffixes = ["Top", "Right", "Bottom", "Left"]; + for (let i = props.length; i-- > 0;) { + let p = props[i]; + if (p.endsWith("*")) { + let prefix = p.substring(0, p.length - 1); + props.splice(i, 1, ... + (suffixes.map(prefix ? (suffix => prefix + suffix) : + suffix => suffix.toLowerCase()))); + } + }; + + let srcStyle = window.getComputedStyle(src, null); + let destStyle = dest.style; + for (let p of props) { + destStyle[p] = srcStyle[p]; + } + destStyle.display = srcStyle.display !== "block" ? "inline-block" : "block"; + } + + class PlaceHolder { + + static create(policyType, request) { + return new PlaceHolder(policyType, request); + } + static canReplace(policyType) { + return HANDLERS.has(policyType); + } + + static listen() { + PlaceHolder.listen = () => {}; + window.addEventListener("click", ev => { + if (ev.button === 0) { + let replacement = ev.target.closest("a.__NoScript_PlaceHolder__"); + let ph = replacement && ev.isTrusted && replacement._placeHolderObj; + if (ph) { + ev.preventDefault(); + ev.stopPropagation(); + if (ev.target.value === "close") { + ph.close(replacement); + } else { + ph.enable(replacement); + } + } + } + }, true, false); + } + + constructor(policyType, request) { + this.policyType = policyType; + this.request = request; + this.replacements = new Set(); + this.handler = HANDLERS.get(policyType); + if (this.handler) { + [...document.querySelectorAll(this.handler.selector)] + .filter(element => this.handler.filter(element, request)) + .forEach(element => this.replace(element)); + }; + if (this.replacements.size) PlaceHolder.listen(); + } + + replace(element) { + let { + url + } = this.request; + this.origin = new URL(url).origin; + let TYPE = `<${this.policyType.toUpperCase()}>`; + + let replacement = document.createElement("a"); + replacement.className = "__NoScript_PlaceHolder__"; + cloneStyle(element, replacement); + replacement.style.backgroundImage = `url(${ICON_URL})`; + replacement.href = url; + replacement.title = `${TYPE}@${url}`; + + let inner = replacement.appendChild(document.createElement("span")); + inner.className = replacement.className; + + let button = inner.appendChild(document.createElement("button")); + button.className = replacement.className; + button.setAttribute("aria-label", button.title = _("Close")); + button.value = "close"; + button.textContent = "🗙"; + + let description = inner.appendChild(document.createElement("span")); + description.textContent = `${TYPE}@${this.origin}`; + + replacement._placeHolderObj = this; + replacement._placeHolderElement = element; + this.replacements.add(replacement); + + if (element.parentNode) element.parentNode.replaceChild(replacement, element); + else document.body.appendChild(replacement); + } + + async enable(replacement) { + debug("Enabling %o", this.request, this.policyType); + let ok = await browser.runtime.sendMessage({ + type: "enable", + url: this.request.url, + policyType: this.policyType, + documentUrl: document.URL + }); + debug("Received response", ok); + if (!ok) return; + if (this.request.embeddingDocument) { + window.location.reload(); + return; + } + try { + var element = replacement._placeHolderElement; + replacement.parentNode.replaceChild(element, replacement); + this.replacements.delete(replacement); + } catch (e) { + error(e, "While replacing"); + } + } + + close(replacement) { + replacement.classList.add("closing"); + this.replacements.delete(replacement); + window.setTimeout(() => replacement.parentNode.removeChild(replacement), 500); + } + } + + const ICON_URL = ""; + + return PlaceHolder; +})(); diff --git a/src/content/content.css b/src/content/content.css new file mode 100644 index 0000000..015fb2d --- /dev/null +++ b/src/content/content.css @@ -0,0 +1,71 @@ +a.__NoScript_PlaceHolder__ { + outline: 2px solid #048; + color: #048; + text-decoration: none; + text-align: center; + background: rgba(255,250,200, .7) no-repeat center; + background-size: 256px; + visibility: visible !important; + cursor: pointer; + opacity: 0.8; + transition: 1s all; +} + +a.__NoScript_PlaceHolder__:hover { + opacity: 1; + text-decoration: underline; + background-size: 128px; + background-position: top left; +} + +a.__NoScript_PlaceHolder__.closing { + transition: .4s all; + opacity: 0; + transform: scale(0, 0); +} + +a.__NoScript_PlaceHolder__ > span { + display: flex !important; + flex-direction: row; + justify-content: space-around; + align-items: center; + position: relative; + padding: 0; + margin: 0; + width: 100%; + height: 100%; +} + +.__NoScript_PlaceHolder__ button { + appearance: none; + -moz-appearance: none; + border: none; + position: absolute; + top: 0; + right: 0; + display: block; + color: #800; + font-size: 16px; + font-family: sans-serif; + padding: 0 4px; + margin: 0; + background: none; + transition: .2s all; +} +.__NoScript_PlaceHolder__ button:hover { + + color: white; + text-shadow: -2px 0 2px red, 2px 0 2px red; +} + +.__NoScript_PlaceHolder__ > span > span { + display: block; + font-size: 18px; + background: rgba(255, 250, 200, .5); + border-radius: 8px; + padding: 8px; + margin: 0; + font-family: sans-serif; + overflow-wrap: break-word; + word-break: break-all; +} diff --git a/src/content/content.js b/src/content/content.js new file mode 100644 index 0000000..5ba5076 --- /dev/null +++ b/src/content/content.js @@ -0,0 +1,107 @@ +'use strict'; + + // debug = () => {}; // XPI_ONLY + +var _ = browser.i18n.getMessage; + +var canScript = true; + +var embeddingDocument = false; + +var seen = { + _map: new Map(), + _list: null, + record(event) { + let key = event.request.key; + if (this._map.has(key)) return; + this._map.set(key, event); + this._list = null; + }, + get list() { + return this._list || (this._list = [...this._map.values()]); + } +} + +var handlers = { + + seen(event) { + let {allowed, policyType, request, ownFrame} = event; + if (window.top === window) { + seen.record(event); + } + if (ownFrame) { + init(); + if (!allowed && PlaceHolder.canReplace(policyType)) { + request.embeddingDocument = embeddingDocument; + PlaceHolder.create(policyType, request); + } + } + }, + + collect(event) { + let list = seen.list; + debug("COLLECT", list); + return list; + } +}; + +browser.runtime.onMessage.addListener(async event => { + if (event.type in handlers) { + debug("Received message", event); + return handlers[event.type](event); + } +}); + +if (document.readyState !== "complete") { + let pageshown = e => { + removeEventListener("pageshow", pageshown); + init(); + }; + addEventListener("pageshow", pageshown); +} else init(); + +let notifyPage = () => { + if (document.readyState === "complete") { + browser.runtime.sendMessage({type: "pageshow", seen, canScript}); + return true; + } + return false; +} + + +async function init() { + try { + canScript = await browser.runtime.sendMessage({type: "canScript"}); + init = () => {}; + debug("canScript:", canScript); + } catch (e) { + // background script not initialized yet? + setTimeout(() => init(), 100); + return; + } + + if (!canScript) onScriptDisabled(); + seen.record({ + request: { + key: "noscript-probe", + url: document.URL, + documentUrl: document.URL, + type: window === window.top ? "main_frame" : "script", + }, + allowed: canScript + } + ); + + debug(`Loading NoScript in document %s, scripting=%s, content type %s readyState %s`, + document.URL, canScript, document.contentType, document.readyState); + + if (/application|video|audio/.test(document.contentType)) { + debug("Embedding document detected"); + embeddingDocument = true; + window.addEventListener("pageshow", e => { + debug("Active content still in document %s: %o", document.url, document.querySelectorAll("embed,object,video,audio")); + }, true); + // document.write(""); + } + notifyPage() || addEventListener("pageshow", notifyPage); +}; diff --git a/src/content/media.js b/src/content/media.js new file mode 100644 index 0000000..22bf014 --- /dev/null +++ b/src/content/media.js @@ -0,0 +1,59 @@ +console.log("Media Hook", document.documentElement.innerHTML); +try { + (() => { + let unpatched = new Map(); + function patch(obj, methodName, replacement) { + let methods = unpatched.get(obj) || {}; + methods[methodName] = obj[methodName]; + exportFunction(replacement, obj, {defineAs: methodName}); + unpatched.set(obj, methods); + } + patch(window.console, "log", function(s, ...args) { + unpatched.get(window.console).log.call(`PATCHED ${s}`, ...args); + }); + let urlMap = new WeakMap(); + patch(window.URL, "createObjectURL", function(o, ...args) { + let url = unpatched.get(window.URL).createObjectURL.call(this, o, ...args); + if (o instanceof MediaSource) { + let urls = urlMap.get(o); + if (!urls) urlMap.set(o, urls = new Set()); + urls.add(url); + } + return url; + }); + + patch(window.MediaSource.prototype, "addSourceBuffer", function(mime, ...args) { + let ms = this; + let urls = urlMap.get(ms); + let me = Array.from(document.querySelectorAll("video,audio")) + .find(e => e.srcObject === ms || urls && urls.has(e.src)); + let exposedMime = `${mime} (MSE)`; + + let request = { + id: "noscript-media", + type: "media", + url: document.URL, + documentUrl: document.URL, + embeddingDocument: true, + }; + seen.record({policyType: "media", request, allowed: false}); + notifyPage(); + + if (window.mediaBlocker) { + try { + let ph = PlaceHolder.create("media", request); + ph.replace(me); + PlaceHolder.listen(); + } catch (e) { + error(e); + } + throw new Error(`${exposedMime} blocked by NoScript`); + } + + return unpatched.get(window.MediaSource.prototype).addSourceBuffer.call(ms, mime, ...args); + }); + + })(); +} catch (e) { + error(e, "Cannot patch MediaSource"); +} diff --git a/src/content/onScriptDisabled.js b/src/content/onScriptDisabled.js new file mode 100644 index 0000000..e6c754a --- /dev/null +++ b/src/content/onScriptDisabled.js @@ -0,0 +1,74 @@ +function onScriptDisabled() { + for (let noscript of document.querySelectorAll("noscript")) { + // force show NOSCRIPT elements content + let replacement = document.createElement("div"); + replacement.innerHTML = noscript.innerHTML; + noscript.parentNode.replaceChild(replacement, noscript); + // emulate meta-refresh + let meta = replacement.querySelector('meta[http-equiv="refresh"]'); + if (meta) { + let content = meta.getAttribute("content"); + if (content) { + let [secs, url] = content.split(/\s*;\s*url\s*=\s*/i); + if (url) { + try { + let urlObj = new URL(url); + if (!/^https?:/.test(urlObj.protocol)) { + continue; + } + } catch (e) { + } + window.setTimeout(() => location.href = url, (parseInt(secs) || 0) * 1000); + } + } + } + } + + { + let eraser = { + tapped: null, + delKey: false, + }; + + addEventListener("pagehide", ev => { + eraser.tapped = null; + eraser.delKey = false; + }, false); + + addEventListener("keyup", ev => { + let el = eraser.tapped; + if (el && ev.keyCode === 46) { + eraser.tapped = null; + eraser.delKey = true; + let doc = el.ownerDocument; + let w = doc.defaultView; + if (w.getSelection().isCollapsed) { + let root = doc.body || doc.documentElement; + let posRx = /^(?:absolute|fixed)$/; + do { + if (posRx.test(w.getComputedStyle(el, '').position)) { + (eraser.tapped = el.parentNode).removeChild(el); + break; + } + } while ((el = el.parentNode) && el != root); + } + } + }, true); + + addEventListener("mousedown", ev => { + if (ev.button === 0) { + eraser.tapped = ev.target; + eraser.delKey = false; + } + }, true); + + addEventListener("mouseup", ev => { + if (eraser.delKey) { + eraser.delKey = false; + ev.preventDefault(); + ev.stopPropagation(); + } + eraser.tapped = null; + }, true); + } +} diff --git a/src/content/webglHook.js b/src/content/webglHook.js new file mode 100644 index 0000000..ba0d769 --- /dev/null +++ b/src/content/webglHook.js @@ -0,0 +1,31 @@ +console.log("WebGL Hook", document.documentElement.innerHTML); +try { + let proto = HTMLCanvasElement.prototype; + let getContext = proto.getContext; + exportFunction(function(type, ...rest) { + if (type && type.toLowerCase().includes("webgl")) { + let request = { + id: "noscript-webgl", + type: "webgl", + url: document.URL, + documentUrl: document.URL, + embeddingDocument: true, + }; + seen.record({policyType: "webgl", request, allowed: false}); + try { + let ph = PlaceHolder.create("webgl", request); + ph.replace(this); + PlaceHolder.listen(); + } catch (e) { + error(e); + } + notifyPage(); + return {}; + } + return getContext.call(this, type, ...rest); + }, proto, {defineAs: "getContext"}); +} catch (e) { + console.error(e); +} + +null; -- cgit v1.2.3