Better IPV6 support.

2018-09-10 19:10:32 +02:00 · 2018-09-10 19:10:32 +02:00 · 48053d96d4
parent 2b45fcb9a4
commit 48053d96d4
4 changed files with 38 additions and 18 deletions
--- a/src/bg/ChildPolicies.js
+++ b/src/bg/ChildPolicies.js
@ -56,7 +56,7 @@
  let protocolRx = /^(\w+):/i;
  let pathRx = /(?:[^:/]\/|:\/{3})$/;
  let portRx = /:\d+(?=\/|$)/;
-  let validMatchPatternRx = /^(?:\*|(?:http|ws|ftp)s?|file):\/\/(?:\*|(?:\*\.)?[\w\u0100-\uf000][\w\u0100-\uf000.-]*)?\/(\*|[^*]*)$/;
+  let validMatchPatternRx = /^(?:\*|(?:http|ws|ftp)s?|file):\/\/(?:\*|(?:\*\.)?[\w\u0100-\uf000][\w\u0100-\uf000.-]*|\[[\w:]+\])?\/(\*|[^*]*)$/;

  let validMatchPattern = mp => validMatchPatternRx.test(mp);

@ -67,23 +67,30 @@
      mp = Sites.cleanUrl(mp);
      if (!mp) return false;
    } else {
-      let protocol = Sites.isSecureDomainKey(site) ? "https://" : "*://";
-      mp = `${protocol}*`;
+      mp = Sites.isSecureDomainKey(site) ? "https://" : "*://";
      let hostname = Sites.toggleSecureDomainKey(site, false).replace(portRx, '');
      if (hostname && hostname !== ".") {
-        if (!tld.preserveFQDNs) hostname = tld.normalize(hostname);
-        mp += hostname.startsWith(".") ? hostname : `.${hostname}`;
+        if (tld.isIp(hostname) || hostname.includes("*")) {
+          mp += hostname;
+        } else {
+          if (!tld.preserveFQDNs) hostname = tld.normalize(hostname);
+          mp += hostname.startsWith(".") ? `*${hostname}` : `*.${hostname}`;
+        }
+      } else {
+        mp += "*";
      }
      if (!(hostname && hostname.includes("/"))) mp += "/";
    }

-    return validMatchPatternRx.test(mp) && (
-      mp.endsWith("/") ? `${mp}*` : [mp, `${mp}?*`, `${mp}#*`]);
+    return validMatchPattern(mp) &&
+      (mp.endsWith("/") ? `${mp}*` : [mp, `${mp}?*`, `${mp}#*`]);
  };

  let withFQDNs = patterns => {
-    return tld.preserveFQDNs ? patterns : patterns.concat(
-      patterns.map(p => p.replace(/^(?:\w+|\*):\/\/[^/]*[^.*/]/, '$&.')
+    if (tld.preserveFQDNs) return patterns;
+    let rx = /^(?:\w+|\*):\/\/([^/]*[^.*/])/;
+    return patterns.concat(
+      patterns.map(p => p.replace(rx, (m, host) => tld.isIp(host) ? m : m + ".")
        ).filter(validMatchPattern)
      );
  }
--- a/src/common/Policy.js
+++ b/src/common/Policy.js
@ -11,7 +11,7 @@ var {Permissions, Policy, Sites} = (() => {

  class Sites extends Map {
    static secureDomainKey(domain) {
-      return domain.includes(":") ? domain : `${SECURE_DOMAIN_PREFIX}${domain}`;
+      return /^[§\w]+:/.test(domain) ? domain : `${SECURE_DOMAIN_PREFIX}${domain}`;
    }
    static isSecureDomainKey(domain) {
      return domain.startsWith(SECURE_DOMAIN_PREFIX);
--- a/src/content/content.js
+++ b/src/content/content.js
@ -49,15 +49,9 @@ var notifyPage = async () => {
  if (document.readyState === "complete") {
    try {
      if (!("canScript" in ns)) {
-        let childPolicy = await Messages.send("fetchChildPolicy", {url: document.URL});
-        if (!childPolicy) {
-          debug(`No answer to fetchChildPolicy message. This should not be happening.`);
-          return;
-        }
-        ns.setup(childPolicy.permissions, childPolicy.MARKER);
+        ns.fetchPolicy();
        return;
      }
-
      await Messages.send("pageshow", {seen: seen.list, canScript: ns.canScript});
      return true;
    } catch (e) {
--- a/src/content/staticNS.js
+++ b/src/content/staticNS.js
@ -33,7 +33,17 @@
      backlog.add(eventName);
    },

-    setup(permissions, MARKER) {
+    async fetchPolicy() {
+        let policy = await Messages.send("fetchChildPolicy", {url: document.URL});
+        if (!policy) {
+          debug(`No answer to fetchChildPolicy message. This should not be happening.`);
+          return false;
+        }
+        this.setup(policy.permissions, policy.MARKER, true);
+        return true;
+    },
+
+    setup(permissions, MARKER, fetched = false) {
      this.config.permissions = permissions;

      // ugly hack: since now we use registerContentScript instead of the
@ -75,6 +85,15 @@
        this.capabilities =  Object.assign(
          new Set(["script"]), { has() { return true; } });
      } else {
+        if (!fetched) {
+          let hostname = window.location.hostname;
+          if (hostname && hostname.startsWith("[")) {
+            // WebExt match patterns don't seem to support IPV6 (Firefox 63)...
+            debug("Ignoring child policy setup parameters for IPV6 address %s, forcing IPC...", hostname);
+            this.fetchPolicy();
+            return;
+          }
+        }
        let perms = this.config.permissions;
        this.capabilities = new Set(perms.capabilities);
        new DocumentCSP(document).apply(this.capabilities, this.embeddingDocument);