Fixed inconsistencies in handling of browser-internal URLs.

This commit is contained in:
hackademix 2019-04-08 11:44:08 +02:00
parent 9493978473
commit 5ffd53ee89
4 changed files with 13 additions and 9 deletions

View File

@ -190,7 +190,7 @@
getForDocument(policy, url, context = null) {
return {
permissions: policy.get(url, context).perms.dry(),
permissions: policy && policy.get(url, context).perms.dry(),
MARKER: marker
};
},

View File

@ -256,8 +256,8 @@ var RequestGuard = (() => {
});
return redirected;
}
const ABORT = {cancel: true}, ALLOW = {};
const INTERNAL_SCHEME = /^(?:chrome|resource|(?:moz|chrome)-extension|about):/;
const listeners = {
onBeforeRequest(request) {
try {
@ -272,7 +272,7 @@ var RequestGuard = (() => {
// some extensions make them both undefined,
// see https://github.com/eight04/image-picka/issues/150
) ||
INTERNAL_SCHEME.test(originUrl))
Sites.isInternal(originUrl))
) {
// livemark request or similar browser-internal, always allow;
return ALLOW;
@ -281,7 +281,7 @@ var RequestGuard = (() => {
request._dataUrl = url;
request.url = url = documentUrl;
}
let allowed = INTERNAL_SCHEME.test(url) ||
let allowed = Sites.isInternal(url) ||
!ns.isEnforced(request.tabId) ||
policy.can(url, policyType, originUrl);
Content.reportTo(request, allowed, policyType);

View File

@ -142,8 +142,10 @@
},
async fetchChildPolicy({url, contextUrl}, sender) {
return ChildPolicies.getForDocument(ns.policy,
url || sender.url, contextUrl || sender.tab.url);
let {tab} = sender;
if (!url) url = sender.url;
let policy = !Sites.isInternal(url) && ns.isEnforced(tab.id) ? ns.policy : null;
return ChildPolicies.getForDocument(policy, url, contextUrl || tab.url);
},
async openStandalonePopup() {

View File

@ -1,10 +1,9 @@
var {Permissions, Policy, Sites} = (() => {
'use strict';
const SECURE_DOMAIN_PREFIX = "§:";
const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`);
const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i");
const SKIP_RX = /^(?:(?:about|chrome|resource|moz-.*):|\[System)/;
const INTERNAL_SITE_RX = /^(?:(?:about|chrome|resource|(?:moz|chrome)-.*):|\[System)/;
const VALID_SITE_RX = /^(?:(?:(?:(?:http|ftp|ws)s?|file):)(?:(?:\/\/)[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000.](?:$|\/))?|[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000]$)/;
let rxQuote = s => s.replace(/[.?*+^$[\]\\(){}|-]/g, "\\$&");
@ -24,6 +23,9 @@ var {Permissions, Policy, Sites} = (() => {
return VALID_SITE_RX.test(site);
}
static isInternal(site) {
return INTERNAL_SITE_RX.test(site);
}
static originImplies(originKey, site) {
return originKey === site || site.startsWith(`${originKey}/`);
@ -116,7 +118,7 @@ var {Permissions, Policy, Sites} = (() => {
}
set(k, v) {
if (!k || SKIP_RX.test(k) || k === "§:") return this;
if (!k || Sites.isInternal(k) || k === "§:") return this;
let [,domain] = DOMAIN_RX.exec(k);
if (/[^\u0000-\u007f]/.test(domain)) {
k = k.replace(domain, punycode.toASCII(domain));