Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Uniformed indexed directory Firefox UI emulation to prevent a script blocking bypass on file:// resources (thanks RyotaK for reporting).

This commit is contained in:
hackademix 2022-12-31 18:12:13 +01:00
parent ee876f67c8
commit 4921db70d6
No known key found for this signature in database
GPG Key ID: 231A83AFDA9C2434
3 changed files with 7 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/content/ftp.js
View File

@ -19,13 +19,13 @@
*/ */
if (UA.isMozilla) (() => { if (UA.isMozilla) (() => {
// see https://dxr.mozilla.org/mozilla-central/rev/d03b538b6b417ba892d0a92fd693945b741246e1/netwerk/streamconv/converters/nsIndexedToHTML.cpp#381 // see https://searchfox.org/mozilla-central/rev/76c1ff5f0de23366fe952ab228610ee695a56e68/netwerk/streamconv/converters/nsIndexedToHTML.cpp#334
'use strict'; 'use strict';
var gTable, gOrderBy, gTBody, gRows, gUI_showHidden; var gTable, gOrderBy, gTBody, gRows, gUI_showHidden;
document.addEventListener("DOMContentLoaded", function() { document.addEventListener("DOMContentLoaded", function() {
if ("gUI_showHidden" in window.wrappedJSObject || // scripts are enabled if ("gUI_showHidden" in window.wrappedJSObject || // scripts are enabled
!(document.scripts[0] && !(document.scripts[0] &&
/\bgUI_showHidden\b/.test(document.scripts[0].textContent)) // not a FTP dir listing /\bgUI_showHidden\b/.test(document.scripts[0].textContent)) // not a FTP / file:// dir listing
) { ) {
return; return;
} }

6
src/content/staticNS.js
View File

@ -152,8 +152,10 @@
new Set(["script"]), { has() { return true; } }); new Set(["script"]), { has() { return true; } });
} else { } else {
let perms = policy.permissions; let perms = policy.permissions;
if (!perms.capabilities.includes("script") && /^file:\/\/\/(?:[^#?]+\/)?$/.test(document.URL)) { if (!(UA.isMozilla || perms.capabilities.includes("script")) &&
// allow browser UI scripts for directory navigation /^file:\/\/\/(?:[^#?]+\/)?$/.test(document.URL)) {
// Allow Chromium browser UI scripts for directory navigation
// (for Firefox we rely on emulation in content/ftp.js).
perms.capabilities.push("script"); perms.capabilities.push("script");
} }
this.capabilities = new Set(perms.capabilities); this.capabilities = new Set(perms.capabilities);

8
src/manifest.json
View File

@ -112,18 +112,12 @@
"content/content.js" "content/content.js"
] ]
}, },
{
"run_at": "document_start",
"matches": ["ftp://*/*"],
"js": [
"content/ftp.js"
]
},
{ {
"run_at": "document_start", "run_at": "document_start",
"matches": ["file://*/*", "ftp://*/*"], "matches": ["file://*/*", "ftp://*/*"],
"all_frames": true, "all_frames": true,
"js": [ "js": [
"content/ftp.js",
"lib/DocumentFreezer.js", "lib/DocumentFreezer.js",
"content/syncFetchPolicy.js" "content/syncFetchPolicy.js"
] ]