Uniformed indexed directory Firefox UI emulation to prevent a script blocking bypass on file:// resources (thanks RyotaK for reporting).

2022-12-31 18:12:13 +01:00 · 2022-12-31 18:12:13 +01:00 · 4921db70d6
parent ee876f67c8
commit 4921db70d6
3 changed files with 7 additions and 11 deletions
--- a/src/content/ftp.js
+++ b/src/content/ftp.js
@ -19,13 +19,13 @@
 */

 if (UA.isMozilla) (() => {
-  // see https://dxr.mozilla.org/mozilla-central/rev/d03b538b6b417ba892d0a92fd693945b741246e1/netwerk/streamconv/converters/nsIndexedToHTML.cpp#381
+  // see https://searchfox.org/mozilla-central/rev/76c1ff5f0de23366fe952ab228610ee695a56e68/netwerk/streamconv/converters/nsIndexedToHTML.cpp#334
  'use strict';
  var gTable, gOrderBy, gTBody, gRows, gUI_showHidden;
  document.addEventListener("DOMContentLoaded", function() {
    if ("gUI_showHidden" in window.wrappedJSObject || // scripts are enabled
        !(document.scripts[0] &&
-          /\bgUI_showHidden\b/.test(document.scripts[0].textContent)) // not a FTP dir listing
+          /\bgUI_showHidden\b/.test(document.scripts[0].textContent)) // not a FTP / file:// dir listing
    ) {
      return;
    }
--- a/src/content/staticNS.js
+++ b/src/content/staticNS.js
@ -152,8 +152,10 @@
          new Set(["script"]), { has() { return true; } });
      } else {
        let perms = policy.permissions;
-        if (!perms.capabilities.includes("script") && /^file:\/\/\/(?:[^#?]+\/)?$/.test(document.URL)) {
-          // allow browser UI scripts for directory navigation
+        if (!(UA.isMozilla || perms.capabilities.includes("script")) &&
+          /^file:\/\/\/(?:[^#?]+\/)?$/.test(document.URL)) {
+          // Allow Chromium browser UI scripts for directory navigation
+          // (for Firefox we rely on emulation in content/ftp.js).
          perms.capabilities.push("script");
        }
        this.capabilities = new Set(perms.capabilities);
--- a/src/manifest.json
+++ b/src/manifest.json
@ -112,18 +112,12 @@
        "content/content.js"
      ]
    },
-    {
-      "run_at": "document_start",
-      "matches": ["ftp://*/*"],
-      "js": [
-        "content/ftp.js"
-      ]
-    },
    {
      "run_at": "document_start",
      "matches": ["file://*/*", "ftp://*/*"],
      "all_frames": true,
      "js": [
+        "content/ftp.js",
        "lib/DocumentFreezer.js",
        "content/syncFetchPolicy.js"
      ]