Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better IPV6 support.

This commit is contained in:
hackademix 2018-09-10 19:10:32 +02:00
parent 2b45fcb9a4
commit 48053d96d4
4 changed files with 38 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/bg/ChildPolicies.js
View File

@ -56,7 +56,7 @@
let protocolRx = /^(\w+):/i; let protocolRx = /^(\w+):/i;
let pathRx = /(?:[^:/]\/|:\/{3})$/; let pathRx = /(?:[^:/]\/|:\/{3})$/;
let portRx = /:\d+(?=\/|$)/; let portRx = /:\d+(?=\/|$)/;
let validMatchPatternRx = /^(?:\*|(?:http|ws|ftp)s?|file):\/\/(?:\*|(?:\*\.)?[\w\u0100-\uf000][\w\u0100-\uf000.-]*)?\/(\*|[^*]*)$/; let validMatchPatternRx = /^(?:\*|(?:http|ws|ftp)s?|file):\/\/(?:\*|(?:\*\.)?[\w\u0100-\uf000][\w\u0100-\uf000.-]*|\[[\w:]+\])?\/(\*|[^*]*)$/;
let validMatchPattern = mp => validMatchPatternRx.test(mp); let validMatchPattern = mp => validMatchPatternRx.test(mp);
@ -67,23 +67,30 @@
mp = Sites.cleanUrl(mp); mp = Sites.cleanUrl(mp);
if (!mp) return false; if (!mp) return false;
} else { } else {
let protocol = Sites.isSecureDomainKey(site) ? "https://" : "*://"; mp = Sites.isSecureDomainKey(site) ? "https://" : "*://";
mp = `${protocol}*`;
let hostname = Sites.toggleSecureDomainKey(site, false).replace(portRx, ''); let hostname = Sites.toggleSecureDomainKey(site, false).replace(portRx, '');
if (hostname && hostname !== ".") { if (hostname && hostname !== ".") {
if (!tld.preserveFQDNs) hostname = tld.normalize(hostname); if (tld.isIp(hostname) || hostname.includes("*")) {
mp += hostname.startsWith(".") ? hostname : `.${hostname}`; mp += hostname;
} else {
if (!tld.preserveFQDNs) hostname = tld.normalize(hostname);
mp += hostname.startsWith(".") ? `*${hostname}` : `*.${hostname}`;
}
} else {
mp += "*";
} }
if (!(hostname && hostname.includes("/"))) mp += "/"; if (!(hostname && hostname.includes("/"))) mp += "/";
} }
return validMatchPatternRx.test(mp) && ( return validMatchPattern(mp) &&
mp.endsWith("/") ? `${mp}*` : [mp, `${mp}?*`, `${mp}#*`]); (mp.endsWith("/") ? `${mp}*` : [mp, `${mp}?*`, `${mp}#*`]);
}; };
let withFQDNs = patterns => { let withFQDNs = patterns => {
return tld.preserveFQDNs ? patterns : patterns.concat( if (tld.preserveFQDNs) return patterns;
patterns.map(p => p.replace(/^(?:\w+|\*):\/\/[^/]*[^.*/]/, '$&.') let rx = /^(?:\w+|\*):\/\/([^/]*[^.*/])/;
return patterns.concat(
patterns.map(p => p.replace(rx, (m, host) => tld.isIp(host) ? m : m + ".")
).filter(validMatchPattern) ).filter(validMatchPattern)
); );
} }

2
src/common/Policy.js
View File

@ -11,7 +11,7 @@ var {Permissions, Policy, Sites} = (() => {
class Sites extends Map { class Sites extends Map {
static secureDomainKey(domain) { static secureDomainKey(domain) {
return domain.includes(":") ? domain : `${SECURE_DOMAIN_PREFIX}${domain}`; return /^[§\w]+:/.test(domain) ? domain : `${SECURE_DOMAIN_PREFIX}${domain}`;
} }
static isSecureDomainKey(domain) { static isSecureDomainKey(domain) {
return domain.startsWith(SECURE_DOMAIN_PREFIX); return domain.startsWith(SECURE_DOMAIN_PREFIX);

8
src/content/content.js
View File

@ -49,15 +49,9 @@ var notifyPage = async () => {
if (document.readyState === "complete") { if (document.readyState === "complete") {
try { try {
if (!("canScript" in ns)) { if (!("canScript" in ns)) {
let childPolicy = await Messages.send("fetchChildPolicy", {url: document.URL}); ns.fetchPolicy();
if (!childPolicy) {
debug(`No answer to fetchChildPolicy message. This should not be happening.`);
return;
}
ns.setup(childPolicy.permissions, childPolicy.MARKER);
return; return;
} }
await Messages.send("pageshow", {seen: seen.list, canScript: ns.canScript}); await Messages.send("pageshow", {seen: seen.list, canScript: ns.canScript});
return true; return true;
} catch (e) { } catch (e) {

21
src/content/staticNS.js
View File

@ -33,7 +33,17 @@
backlog.add(eventName); backlog.add(eventName);
}, },
setup(permissions, MARKER) { async fetchPolicy() {
let policy = await Messages.send("fetchChildPolicy", {url: document.URL});
if (!policy) {
debug(`No answer to fetchChildPolicy message. This should not be happening.`);
return false;
}
this.setup(policy.permissions, policy.MARKER, true);
return true;
},
setup(permissions, MARKER, fetched = false) {
this.config.permissions = permissions; this.config.permissions = permissions;
// ugly hack: since now we use registerContentScript instead of the // ugly hack: since now we use registerContentScript instead of the
@ -75,6 +85,15 @@
this.capabilities = Object.assign( this.capabilities = Object.assign(
new Set(["script"]), { has() { return true; } }); new Set(["script"]), { has() { return true; } });
} else { } else {
if (!fetched) {
let hostname = window.location.hostname;
if (hostname && hostname.startsWith("[")) {
// WebExt match patterns don't seem to support IPV6 (Firefox 63)...
debug("Ignoring child policy setup parameters for IPV6 address %s, forcing IPC...", hostname);
this.fetchPolicy();
return;
}
}
let perms = this.config.permissions; let perms = this.config.permissions;
this.capabilities = new Set(perms.capabilities); this.capabilities = new Set(perms.capabilities);
new DocumentCSP(document).apply(this.capabilities, this.embeddingDocument); new DocumentCSP(document).apply(this.capabilities, this.embeddingDocument);