Initial commit starting at version 10.1.8.3rc4.
|
@ -0,0 +1,340 @@
|
||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
Version 2, June 1991
|
||||||
|
|
||||||
|
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
|
||||||
|
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
Everyone is permitted to copy and distribute verbatim copies
|
||||||
|
of this license document, but changing it is not allowed.
|
||||||
|
|
||||||
|
Preamble
|
||||||
|
|
||||||
|
The licenses for most software are designed to take away your
|
||||||
|
freedom to share and change it. By contrast, the GNU General Public
|
||||||
|
License is intended to guarantee your freedom to share and change free
|
||||||
|
software--to make sure the software is free for all its users. This
|
||||||
|
General Public License applies to most of the Free Software
|
||||||
|
Foundation's software and to any other program whose authors commit to
|
||||||
|
using it. (Some other Free Software Foundation software is covered by
|
||||||
|
the GNU Library General Public License instead.) You can apply it to
|
||||||
|
your programs, too.
|
||||||
|
|
||||||
|
When we speak of free software, we are referring to freedom, not
|
||||||
|
price. Our General Public Licenses are designed to make sure that you
|
||||||
|
have the freedom to distribute copies of free software (and charge for
|
||||||
|
this service if you wish), that you receive source code or can get it
|
||||||
|
if you want it, that you can change the software or use pieces of it
|
||||||
|
in new free programs; and that you know you can do these things.
|
||||||
|
|
||||||
|
To protect your rights, we need to make restrictions that forbid
|
||||||
|
anyone to deny you these rights or to ask you to surrender the rights.
|
||||||
|
These restrictions translate to certain responsibilities for you if you
|
||||||
|
distribute copies of the software, or if you modify it.
|
||||||
|
|
||||||
|
For example, if you distribute copies of such a program, whether
|
||||||
|
gratis or for a fee, you must give the recipients all the rights that
|
||||||
|
you have. You must make sure that they, too, receive or can get the
|
||||||
|
source code. And you must show them these terms so they know their
|
||||||
|
rights.
|
||||||
|
|
||||||
|
We protect your rights with two steps: (1) copyright the software, and
|
||||||
|
(2) offer you this license which gives you legal permission to copy,
|
||||||
|
distribute and/or modify the software.
|
||||||
|
|
||||||
|
Also, for each author's protection and ours, we want to make certain
|
||||||
|
that everyone understands that there is no warranty for this free
|
||||||
|
software. If the software is modified by someone else and passed on, we
|
||||||
|
want its recipients to know that what they have is not the original, so
|
||||||
|
that any problems introduced by others will not reflect on the original
|
||||||
|
authors' reputations.
|
||||||
|
|
||||||
|
Finally, any free program is threatened constantly by software
|
||||||
|
patents. We wish to avoid the danger that redistributors of a free
|
||||||
|
program will individually obtain patent licenses, in effect making the
|
||||||
|
program proprietary. To prevent this, we have made it clear that any
|
||||||
|
patent must be licensed for everyone's free use or not licensed at all.
|
||||||
|
|
||||||
|
The precise terms and conditions for copying, distribution and
|
||||||
|
modification follow.
|
||||||
|
|
||||||
|
GNU GENERAL PUBLIC LICENSE
|
||||||
|
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
|
||||||
|
|
||||||
|
0. This License applies to any program or other work which contains
|
||||||
|
a notice placed by the copyright holder saying it may be distributed
|
||||||
|
under the terms of this General Public License. The "Program", below,
|
||||||
|
refers to any such program or work, and a "work based on the Program"
|
||||||
|
means either the Program or any derivative work under copyright law:
|
||||||
|
that is to say, a work containing the Program or a portion of it,
|
||||||
|
either verbatim or with modifications and/or translated into another
|
||||||
|
language. (Hereinafter, translation is included without limitation in
|
||||||
|
the term "modification".) Each licensee is addressed as "you".
|
||||||
|
|
||||||
|
Activities other than copying, distribution and modification are not
|
||||||
|
covered by this License; they are outside its scope. The act of
|
||||||
|
running the Program is not restricted, and the output from the Program
|
||||||
|
is covered only if its contents constitute a work based on the
|
||||||
|
Program (independent of having been made by running the Program).
|
||||||
|
Whether that is true depends on what the Program does.
|
||||||
|
|
||||||
|
1. You may copy and distribute verbatim copies of the Program's
|
||||||
|
source code as you receive it, in any medium, provided that you
|
||||||
|
conspicuously and appropriately publish on each copy an appropriate
|
||||||
|
copyright notice and disclaimer of warranty; keep intact all the
|
||||||
|
notices that refer to this License and to the absence of any warranty;
|
||||||
|
and give any other recipients of the Program a copy of this License
|
||||||
|
along with the Program.
|
||||||
|
|
||||||
|
You may charge a fee for the physical act of transferring a copy, and
|
||||||
|
you may at your option offer warranty protection in exchange for a fee.
|
||||||
|
|
||||||
|
2. You may modify your copy or copies of the Program or any portion
|
||||||
|
of it, thus forming a work based on the Program, and copy and
|
||||||
|
distribute such modifications or work under the terms of Section 1
|
||||||
|
above, provided that you also meet all of these conditions:
|
||||||
|
|
||||||
|
a) You must cause the modified files to carry prominent notices
|
||||||
|
stating that you changed the files and the date of any change.
|
||||||
|
|
||||||
|
b) You must cause any work that you distribute or publish, that in
|
||||||
|
whole or in part contains or is derived from the Program or any
|
||||||
|
part thereof, to be licensed as a whole at no charge to all third
|
||||||
|
parties under the terms of this License.
|
||||||
|
|
||||||
|
c) If the modified program normally reads commands interactively
|
||||||
|
when run, you must cause it, when started running for such
|
||||||
|
interactive use in the most ordinary way, to print or display an
|
||||||
|
announcement including an appropriate copyright notice and a
|
||||||
|
notice that there is no warranty (or else, saying that you provide
|
||||||
|
a warranty) and that users may redistribute the program under
|
||||||
|
these conditions, and telling the user how to view a copy of this
|
||||||
|
License. (Exception: if the Program itself is interactive but
|
||||||
|
does not normally print such an announcement, your work based on
|
||||||
|
the Program is not required to print an announcement.)
|
||||||
|
|
||||||
|
These requirements apply to the modified work as a whole. If
|
||||||
|
identifiable sections of that work are not derived from the Program,
|
||||||
|
and can be reasonably considered independent and separate works in
|
||||||
|
themselves, then this License, and its terms, do not apply to those
|
||||||
|
sections when you distribute them as separate works. But when you
|
||||||
|
distribute the same sections as part of a whole which is a work based
|
||||||
|
on the Program, the distribution of the whole must be on the terms of
|
||||||
|
this License, whose permissions for other licensees extend to the
|
||||||
|
entire whole, and thus to each and every part regardless of who wrote it.
|
||||||
|
|
||||||
|
Thus, it is not the intent of this section to claim rights or contest
|
||||||
|
your rights to work written entirely by you; rather, the intent is to
|
||||||
|
exercise the right to control the distribution of derivative or
|
||||||
|
collective works based on the Program.
|
||||||
|
|
||||||
|
In addition, mere aggregation of another work not based on the Program
|
||||||
|
with the Program (or with a work based on the Program) on a volume of
|
||||||
|
a storage or distribution medium does not bring the other work under
|
||||||
|
the scope of this License.
|
||||||
|
|
||||||
|
3. You may copy and distribute the Program (or a work based on it,
|
||||||
|
under Section 2) in object code or executable form under the terms of
|
||||||
|
Sections 1 and 2 above provided that you also do one of the following:
|
||||||
|
|
||||||
|
a) Accompany it with the complete corresponding machine-readable
|
||||||
|
source code, which must be distributed under the terms of Sections
|
||||||
|
1 and 2 above on a medium customarily used for software interchange; or,
|
||||||
|
|
||||||
|
b) Accompany it with a written offer, valid for at least three
|
||||||
|
years, to give any third party, for a charge no more than your
|
||||||
|
cost of physically performing source distribution, a complete
|
||||||
|
machine-readable copy of the corresponding source code, to be
|
||||||
|
distributed under the terms of Sections 1 and 2 above on a medium
|
||||||
|
customarily used for software interchange; or,
|
||||||
|
|
||||||
|
c) Accompany it with the information you received as to the offer
|
||||||
|
to distribute corresponding source code. (This alternative is
|
||||||
|
allowed only for noncommercial distribution and only if you
|
||||||
|
received the program in object code or executable form with such
|
||||||
|
an offer, in accord with Subsection b above.)
|
||||||
|
|
||||||
|
The source code for a work means the preferred form of the work for
|
||||||
|
making modifications to it. For an executable work, complete source
|
||||||
|
code means all the source code for all modules it contains, plus any
|
||||||
|
associated interface definition files, plus the scripts used to
|
||||||
|
control compilation and installation of the executable. However, as a
|
||||||
|
special exception, the source code distributed need not include
|
||||||
|
anything that is normally distributed (in either source or binary
|
||||||
|
form) with the major components (compiler, kernel, and so on) of the
|
||||||
|
operating system on which the executable runs, unless that component
|
||||||
|
itself accompanies the executable.
|
||||||
|
|
||||||
|
If distribution of executable or object code is made by offering
|
||||||
|
access to copy from a designated place, then offering equivalent
|
||||||
|
access to copy the source code from the same place counts as
|
||||||
|
distribution of the source code, even though third parties are not
|
||||||
|
compelled to copy the source along with the object code.
|
||||||
|
|
||||||
|
4. You may not copy, modify, sublicense, or distribute the Program
|
||||||
|
except as expressly provided under this License. Any attempt
|
||||||
|
otherwise to copy, modify, sublicense or distribute the Program is
|
||||||
|
void, and will automatically terminate your rights under this License.
|
||||||
|
However, parties who have received copies, or rights, from you under
|
||||||
|
this License will not have their licenses terminated so long as such
|
||||||
|
parties remain in full compliance.
|
||||||
|
|
||||||
|
5. You are not required to accept this License, since you have not
|
||||||
|
signed it. However, nothing else grants you permission to modify or
|
||||||
|
distribute the Program or its derivative works. These actions are
|
||||||
|
prohibited by law if you do not accept this License. Therefore, by
|
||||||
|
modifying or distributing the Program (or any work based on the
|
||||||
|
Program), you indicate your acceptance of this License to do so, and
|
||||||
|
all its terms and conditions for copying, distributing or modifying
|
||||||
|
the Program or works based on it.
|
||||||
|
|
||||||
|
6. Each time you redistribute the Program (or any work based on the
|
||||||
|
Program), the recipient automatically receives a license from the
|
||||||
|
original licensor to copy, distribute or modify the Program subject to
|
||||||
|
these terms and conditions. You may not impose any further
|
||||||
|
restrictions on the recipients' exercise of the rights granted herein.
|
||||||
|
You are not responsible for enforcing compliance by third parties to
|
||||||
|
this License.
|
||||||
|
|
||||||
|
7. If, as a consequence of a court judgment or allegation of patent
|
||||||
|
infringement or for any other reason (not limited to patent issues),
|
||||||
|
conditions are imposed on you (whether by court order, agreement or
|
||||||
|
otherwise) that contradict the conditions of this License, they do not
|
||||||
|
excuse you from the conditions of this License. If you cannot
|
||||||
|
distribute so as to satisfy simultaneously your obligations under this
|
||||||
|
License and any other pertinent obligations, then as a consequence you
|
||||||
|
may not distribute the Program at all. For example, if a patent
|
||||||
|
license would not permit royalty-free redistribution of the Program by
|
||||||
|
all those who receive copies directly or indirectly through you, then
|
||||||
|
the only way you could satisfy both it and this License would be to
|
||||||
|
refrain entirely from distribution of the Program.
|
||||||
|
|
||||||
|
If any portion of this section is held invalid or unenforceable under
|
||||||
|
any particular circumstance, the balance of the section is intended to
|
||||||
|
apply and the section as a whole is intended to apply in other
|
||||||
|
circumstances.
|
||||||
|
|
||||||
|
It is not the purpose of this section to induce you to infringe any
|
||||||
|
patents or other property right claims or to contest validity of any
|
||||||
|
such claims; this section has the sole purpose of protecting the
|
||||||
|
integrity of the free software distribution system, which is
|
||||||
|
implemented by public license practices. Many people have made
|
||||||
|
generous contributions to the wide range of software distributed
|
||||||
|
through that system in reliance on consistent application of that
|
||||||
|
system; it is up to the author/donor to decide if he or she is willing
|
||||||
|
to distribute software through any other system and a licensee cannot
|
||||||
|
impose that choice.
|
||||||
|
|
||||||
|
This section is intended to make thoroughly clear what is believed to
|
||||||
|
be a consequence of the rest of this License.
|
||||||
|
|
||||||
|
8. If the distribution and/or use of the Program is restricted in
|
||||||
|
certain countries either by patents or by copyrighted interfaces, the
|
||||||
|
original copyright holder who places the Program under this License
|
||||||
|
may add an explicit geographical distribution limitation excluding
|
||||||
|
those countries, so that distribution is permitted only in or among
|
||||||
|
countries not thus excluded. In such case, this License incorporates
|
||||||
|
the limitation as if written in the body of this License.
|
||||||
|
|
||||||
|
9. The Free Software Foundation may publish revised and/or new versions
|
||||||
|
of the General Public License from time to time. Such new versions will
|
||||||
|
be similar in spirit to the present version, but may differ in detail to
|
||||||
|
address new problems or concerns.
|
||||||
|
|
||||||
|
Each version is given a distinguishing version number. If the Program
|
||||||
|
specifies a version number of this License which applies to it and "any
|
||||||
|
later version", you have the option of following the terms and conditions
|
||||||
|
either of that version or of any later version published by the Free
|
||||||
|
Software Foundation. If the Program does not specify a version number of
|
||||||
|
this License, you may choose any version ever published by the Free Software
|
||||||
|
Foundation.
|
||||||
|
|
||||||
|
10. If you wish to incorporate parts of the Program into other free
|
||||||
|
programs whose distribution conditions are different, write to the author
|
||||||
|
to ask for permission. For software which is copyrighted by the Free
|
||||||
|
Software Foundation, write to the Free Software Foundation; we sometimes
|
||||||
|
make exceptions for this. Our decision will be guided by the two goals
|
||||||
|
of preserving the free status of all derivatives of our free software and
|
||||||
|
of promoting the sharing and reuse of software generally.
|
||||||
|
|
||||||
|
NO WARRANTY
|
||||||
|
|
||||||
|
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
|
||||||
|
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
|
||||||
|
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
|
||||||
|
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
|
||||||
|
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||||
|
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
|
||||||
|
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
|
||||||
|
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
|
||||||
|
REPAIR OR CORRECTION.
|
||||||
|
|
||||||
|
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
|
||||||
|
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
|
||||||
|
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
|
||||||
|
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
|
||||||
|
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
|
||||||
|
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
|
||||||
|
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
|
||||||
|
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
|
||||||
|
POSSIBILITY OF SUCH DAMAGES.
|
||||||
|
|
||||||
|
END OF TERMS AND CONDITIONS
|
||||||
|
|
||||||
|
How to Apply These Terms to Your New Programs
|
||||||
|
|
||||||
|
If you develop a new program, and you want it to be of the greatest
|
||||||
|
possible use to the public, the best way to achieve this is to make it
|
||||||
|
free software which everyone can redistribute and change under these terms.
|
||||||
|
|
||||||
|
To do so, attach the following notices to the program. It is safest
|
||||||
|
to attach them to the start of each source file to most effectively
|
||||||
|
convey the exclusion of warranty; and each file should have at least
|
||||||
|
the "copyright" line and a pointer to where the full notice is found.
|
||||||
|
|
||||||
|
<one line to give the program's name and a brief idea of what it does.>
|
||||||
|
Copyright (C) <year> <name of author>
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||||
|
|
||||||
|
|
||||||
|
Also add information on how to contact you by electronic and paper mail.
|
||||||
|
|
||||||
|
If the program is interactive, make it output a short notice like this
|
||||||
|
when it starts in an interactive mode:
|
||||||
|
|
||||||
|
Gnomovision version 69, Copyright (C) year name of author
|
||||||
|
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
|
||||||
|
This is free software, and you are welcome to redistribute it
|
||||||
|
under certain conditions; type `show c' for details.
|
||||||
|
|
||||||
|
The hypothetical commands `show w' and `show c' should show the appropriate
|
||||||
|
parts of the General Public License. Of course, the commands you use may
|
||||||
|
be called something other than `show w' and `show c'; they could even be
|
||||||
|
mouse-clicks or menu items--whatever suits your program.
|
||||||
|
|
||||||
|
You should also get your employer (if you work as a programmer) or your
|
||||||
|
school, if any, to sign a "copyright disclaimer" for the program, if
|
||||||
|
necessary. Here is a sample; alter the names:
|
||||||
|
|
||||||
|
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
|
||||||
|
`Gnomovision' (which makes passes at compilers) written by James Hacker.
|
||||||
|
|
||||||
|
<signature of Ty Coon>, 1 April 1989
|
||||||
|
Ty Coon, President of Vice
|
||||||
|
|
||||||
|
This General Public License does not permit incorporating your program into
|
||||||
|
proprietary programs. If your program is a subroutine library, you may
|
||||||
|
consider it more useful to permit linking proprietary applications with the
|
||||||
|
library. If this is what you want to do, use the GNU Library General
|
||||||
|
Public License instead of this License.
|
|
@ -0,0 +1,16 @@
|
||||||
|
NoScript - a Firefox extension for whitelist driven safe JavaScript execution
|
||||||
|
Copyright (C) 2004-2007 Giorgio Maone - g.maone@informaction.com
|
||||||
|
|
||||||
|
This program is free software; you can redistribute it and/or modify
|
||||||
|
it under the terms of the GNU General Public License as published by
|
||||||
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
|
(at your option) any later version.
|
||||||
|
|
||||||
|
This program is distributed in the hope that it will be useful,
|
||||||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
GNU General Public License for more details.
|
||||||
|
|
||||||
|
You should have received a copy of the GNU General Public License
|
||||||
|
along with this program; if not, write to the Free Software
|
||||||
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
@ -0,0 +1,24 @@
|
||||||
|
#NoScript Security Suite
|
||||||
|
|
||||||
|
The best security you can get in a web browser!
|
||||||
|
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks, "Spectre", "Meltdown" and other JavaScript exploits.
|
||||||
|
Fx52? <a href="https://noscript.net/getit">https://noscript.net/getit</a>
|
||||||
|
|
||||||
|
<b>IMPORTANT</b>
|
||||||
|
<a href="https://forums.informaction.com/viewtopic.php?f=7&t=23974&p=94778">A Basic <b>NoScript 10 Guide</b></a>
|
||||||
|
|
||||||
|
Still confused by NoScript 10's new UI?
|
||||||
|
Check this <a href="https://blog.jeaye.com/2017/11/30/noscript/">user-contributed NoScript 10 primer</a>.
|
||||||
|
and this <a href="https://hackademix.net/2017/12/04/noscript-quantum-vs-legacy-in-a-nutshell-2/">NoScript 10 "Quantum" vs NoScript 5 "Classic" (or "Legacy") comparison</a>.
|
||||||
|
|
||||||
|
Winner of the "PC World World Class Award" and bundled with the Tor Browser, NoScript gives you with the best available protection on the web.
|
||||||
|
|
||||||
|
It allows JavaScript, Flash, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking site, mitigating remotely exploitable vulnerabilities including Spectre and Meltdown.
|
||||||
|
|
||||||
|
It protects your "trust boundaries" against cross-site scripting attacks (XSS), cross-zone DNS rebinding / CSRF attacks (router hacking), and Clickjacking attempts, thanks to its unique ClearClick technology.
|
||||||
|
|
||||||
|
Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality where you need it.
|
||||||
|
Experts do agree: Firefox is really safer with NoScript ;-)
|
||||||
|
|
||||||
|
FAQ: <a href="https://noscript.net/faq">https://noscript.net/faq</a>
|
||||||
|
Forum: <a href="https://noscript.net/forum">https://noscript.net/forum</a>
|
|
@ -0,0 +1,52 @@
|
||||||
|
#!/usr/bin/perl -w
|
||||||
|
# use strict;
|
||||||
|
use open ':utf8';
|
||||||
|
use Regexp::Assemble;
|
||||||
|
$dat="public_suffix_list.dat";
|
||||||
|
die(".dat file $dat not found!") unless -f "$dat";
|
||||||
|
|
||||||
|
sub generate {
|
||||||
|
my $src = "./tld_template.js";
|
||||||
|
my $dst = "./tld.js";
|
||||||
|
my (@rx, @ex, $rx, $ex);
|
||||||
|
open(DAT, $dat) || die("Cannot open $dat");
|
||||||
|
while(<DAT>) {
|
||||||
|
s/\./\\\./g;
|
||||||
|
s/\s+utf.*//;
|
||||||
|
s/\n//;
|
||||||
|
if(/^!/) {
|
||||||
|
s/^!//;
|
||||||
|
push(@ex, lc($_));
|
||||||
|
} elsif (!/^(\/\/|[ \n\r]|$)/) {
|
||||||
|
s/\*\\\./[^\\.]+\\./;
|
||||||
|
push(@rx, lc($_));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
close(DAT);
|
||||||
|
|
||||||
|
#$o = Regexp::Optimizer->new;
|
||||||
|
#$o = Regexp::List->new;
|
||||||
|
$o = Regexp::Assemble->new;
|
||||||
|
$_ = $o->add(@rx)->as_string();
|
||||||
|
s/\(\?-xism:(.*)\)/$1/;
|
||||||
|
$rx = $_;
|
||||||
|
@rx = NULL;
|
||||||
|
|
||||||
|
$o = Regexp::Assemble->new;
|
||||||
|
$_ = $o->add(@ex)->as_string();
|
||||||
|
s/\(\?-xism:(.*)\)/$1/;
|
||||||
|
$ex = $_;
|
||||||
|
@ex = NULL;
|
||||||
|
|
||||||
|
open(SRC, $src) || die("Cannot open $src");
|
||||||
|
open(DST, ">$dst") || die("Cannot open $dst");
|
||||||
|
while(<SRC>) {
|
||||||
|
s/%tld_rx%/$rx/g;
|
||||||
|
s/%tld_ex%/$ex/g;
|
||||||
|
print DST;
|
||||||
|
print;
|
||||||
|
}
|
||||||
|
close(SRC);
|
||||||
|
close(DST);
|
||||||
|
}
|
||||||
|
generate();
|
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/bash
|
||||||
|
BASE=$(dirname "$0")
|
||||||
|
pushd "$BASE"
|
||||||
|
fname=public_suffix_list.dat
|
||||||
|
nflag=""
|
||||||
|
if [ -f $fname ]; then
|
||||||
|
nflag="-z $fname"
|
||||||
|
fi
|
||||||
|
URL=https://publicsuffix.org/list/$fname
|
||||||
|
curl -O $nflag "$URL"
|
||||||
|
|
||||||
|
if ! grep 'com' $fname >/dev/null; then
|
||||||
|
echo >&2 "$fname empty or corrupt!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
./generate.pl
|
||||||
|
popd
|
|
@ -0,0 +1 @@
|
||||||
|
congresodelalengua3\.ar|educ\.ar|gobiernoelectronico\.ar|mecon\.ar|nacion\.ar|nic\.ar|promocion\.ar|retina\.ar|uba\.ar|metro\.tokyo\.jp|pref\.aichi\.jp|pref\.akita\.jp|pref\.aomori\.jp|pref\.chiba\.jp|pref\.ehime\.jp|pref\.fukui\.jp|pref\.fukuoka\.jp|pref\.fukushima\.jp|pref\.gifu\.jp|pref\.gunma\.jp|pref\.hiroshima\.jp|pref\.hokkaido\.jp|pref\.hyogo\.jp|pref\.ibaraki\.jp|pref\.ishikawa\.jp|pref\.iwate\.jp|pref\.kagawa\.jp|pref\.kagoshima\.jp|pref\.kanagawa\.jp|pref\.kochi\.jp|pref\.kumamoto\.jp|pref\.kyoto\.jp|pref\.mie\.jp|pref\.miyagi\.jp|pref\.miyazaki\.jp|pref\.nagano\.jp|pref\.nagasaki\.jp|pref\.nara\.jp|pref\.niigata\.jp|pref\.oita\.jp|pref\.okayama\.jp|pref\.okinawa\.jp|pref\.osaka\.jp|pref\.saga\.jp|pref\.saitama\.jp|pref\.shiga\.jp|pref\.shimane\.jp|pref\.shizuoka\.jp|pref\.tochigi\.jp|pref\.tokushima\.jp|pref\.tottori\.jp|pref\.toyama\.jp|pref\.wakayama\.jp|pref\.yamagata\.jp|pref\.yamaguchi\.jp|pref\.yamanashi\.jp|city\.chiba\.jp|city\.fukuoka\.jp|city\.hiroshima\.jp|city\.kawasaki\.jp|city\.kitakyushu\.jp|city\.kobe\.jp|city\.kyoto\.jp|city\.nagoya\.jp|city\.osaka\.jp|city\.saitama\.jp|city\.sapporo\.jp|city\.sendai\.jp|city\.shizuoka\.jp|city\.yokohama\.jp|bl\.uk|british-library\.uk|icnet\.uk|jet\.uk|nel\.uk|nls\.uk|national-library-scotland\.uk|parliament\.uk|
|
|
@ -0,0 +1,46 @@
|
||||||
|
var tld = {
|
||||||
|
normalize(d) { return d; },
|
||||||
|
|
||||||
|
isIp(d) { return this._ipRx.test(d); },
|
||||||
|
|
||||||
|
getDomain(domain) {
|
||||||
|
if (domain === "localhost" || this.isIp(domain)) return domain;
|
||||||
|
|
||||||
|
domain = this.normalize(domain);
|
||||||
|
var pos = domain.search(this._tldEx);
|
||||||
|
if(pos === -1 ) {
|
||||||
|
pos = domain.search(this._tldRx);
|
||||||
|
if (pos === -1) {
|
||||||
|
// TLD not in the public suffix list, fall back to the "one-dot rule"
|
||||||
|
pos = domain.lastIndexOf(".");
|
||||||
|
if (pos === -1) {
|
||||||
|
return "";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
pos = domain.lastIndexOf(".", pos - 1) + 1;
|
||||||
|
} else if(domain[pos] == ".") {
|
||||||
|
++pos;
|
||||||
|
}
|
||||||
|
return pos <= 0 ? domain : domain.substring(pos);
|
||||||
|
},
|
||||||
|
|
||||||
|
getPublicSuffix(domain) {
|
||||||
|
if (this.isIp(domain)) return "";
|
||||||
|
|
||||||
|
domain = this.normalize(domain);
|
||||||
|
var pos = domain.search(this._tldEx);
|
||||||
|
if(pos < 0) {
|
||||||
|
pos = domain.search(this._tldRx);
|
||||||
|
if(pos >= 0 && domain[pos] == ".") pos++;
|
||||||
|
} else {
|
||||||
|
pos = domain.indexOf(".", pos + 1) + 1;
|
||||||
|
}
|
||||||
|
return pos < 0 ? "" : domain.substring(pos);
|
||||||
|
},
|
||||||
|
|
||||||
|
_ipRx: /^(?:0\.|[1-9]\d{0,2}\.){3}(?:0|[1-9]\d{0,2})$|:.*:/i,
|
||||||
|
|
||||||
|
_tldRx: /(?:\.|^)%tld_rx%$/
|
||||||
|
,
|
||||||
|
_tldEx: /(?:\.|^)%tld_ex%$/
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
perl -ne 'if (! /^(\/\/|!|[ \n\r])/) { s/\n/\|/; s/\./\\\./g ; s/\*\\\./[^\\.]+\\./; s/\s+utf.*/|/; print }' *.dat > tld_rx.txt
|
||||||
|
perl -ne 'if (/^!/) { s/\n/\|/; s/\./\\\./g ; s/^!//; s/\s+utf.*/|/; print }' *.dat > tld_ex.txt
|
|
@ -0,0 +1,60 @@
|
||||||
|
#!/bin/bash
|
||||||
|
BASE=$PWD
|
||||||
|
SRC="$BASE/src"
|
||||||
|
BUILD="$BASE/build"
|
||||||
|
MANIFEST_IN="$SRC/manifest.json"
|
||||||
|
MANIFEST_OUT="$BUILD/manifest.json"
|
||||||
|
|
||||||
|
VER=$(grep '"version":' "$SRC/manifest.json" | sed -re 's/.*": "(.*?)".*/\1/')
|
||||||
|
XPI_DIR="$BASE/xpi"
|
||||||
|
XPI="$XPI_DIR/noscript-$VER"
|
||||||
|
LIB="$SRC/lib"
|
||||||
|
TLD="$BASE/TLD"
|
||||||
|
|
||||||
|
if ! [ $(date -r "$LIB/tld.js" +'%Y%m%d') -ge $(date +'%Y%m%d') ] && "$TLD/generate.sh"; then
|
||||||
|
cp -u "$TLD/tld.js" $LIB
|
||||||
|
fi
|
||||||
|
|
||||||
|
./html5_events.pl
|
||||||
|
|
||||||
|
rm -rf $BUILD $XPI
|
||||||
|
cp -pR $SRC $BUILD
|
||||||
|
|
||||||
|
|
||||||
|
if [[ $VER == *rc* ]]; then
|
||||||
|
sed -re 's/^(\s+)"strict_min_version":.*$/\1"update_url": "https:\/\/secure.informaction.com\/update\/?v='$VER'",\n\0/' \
|
||||||
|
"$MANIFEST_IN" > "$MANIFEST_OUT"
|
||||||
|
else
|
||||||
|
grep -v '"update_url":' "$MANIFEST_IN" > "$MANIFEST_OUT"
|
||||||
|
fi
|
||||||
|
if ! grep '"id":' "$MANIFEST_OUT" >/dev/null; then
|
||||||
|
echo >&2 "Cannot build manifest.json"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
sed -re 's/\/\/\s*(.*)\s*\/\/ XPI_ONLY/\1/' $SRC/content/content.js > $BUILD/content/content.js
|
||||||
|
|
||||||
|
if [ "$1" == "sign" ]; then
|
||||||
|
BUILD_CMD="$BASE/../../we-sign"
|
||||||
|
BUILD_OPTS=""
|
||||||
|
else
|
||||||
|
BUILD_CMD="web-ext"
|
||||||
|
BUILD_OPTS="build"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Creating $XPI.xpi..."
|
||||||
|
mkdir -p $XPI_DIR
|
||||||
|
|
||||||
|
"$BUILD_CMD" $BUILD_OPTS --source-dir=$(cygpath -w $BUILD) --artifacts-dir=$(cygpath -w $XPI_DIR) --ignore-files=test/XSS_test.js
|
||||||
|
SIGNED="$XPI_DIR/noscript_security_suite-$VER-an+fx.xpi"
|
||||||
|
if [ -f "$SIGNED" ]; then
|
||||||
|
mv "$SIGNED" "$XPI.xpi"
|
||||||
|
elif [ -f "$XPI.zip" ]; then
|
||||||
|
mv "$XPI.zip" "$XPI.xpi"
|
||||||
|
else
|
||||||
|
echo >&2 "ERROR: Could not create $XPI.xpi!"
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
echo "Created $XPI.xpi"
|
||||||
|
|
||||||
|
rm -rf "$BUILD"
|
|
@ -0,0 +1,99 @@
|
||||||
|
#!/usr/bin/perl
|
||||||
|
use strict;
|
||||||
|
|
||||||
|
require LWP::UserAgent;
|
||||||
|
use LWP::Simple;
|
||||||
|
use RegExp::List;
|
||||||
|
use File::stat;
|
||||||
|
use File::Basename;
|
||||||
|
use List::MoreUtils qw(uniq);
|
||||||
|
|
||||||
|
my $HTML5_URL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/parser/html/nsHtml5AtomList.h";
|
||||||
|
my $GECKO_URL = "https://hg.mozilla.org/mozilla-central/raw-file/tip/xpcom/ds/nsGkAtomList.h";
|
||||||
|
|
||||||
|
my $HERE = dirname($0);
|
||||||
|
my $SOURCE_FILE = $HERE . '/src/xss/InjectionChecker.js';
|
||||||
|
|
||||||
|
sub create_re
|
||||||
|
{
|
||||||
|
my $cache = "$HERE/html5_events.re";
|
||||||
|
my $sb = stat($cache);
|
||||||
|
|
||||||
|
if ($sb && time() - $sb->mtime < 86400)
|
||||||
|
{
|
||||||
|
open IN, "<$cache";
|
||||||
|
my @content = <IN>;
|
||||||
|
close IN;
|
||||||
|
return $content[0];
|
||||||
|
}
|
||||||
|
|
||||||
|
sub fetch_url
|
||||||
|
{
|
||||||
|
my $url = shift(@_);
|
||||||
|
my $ua = LWP::UserAgent->new;
|
||||||
|
$ua->agent('Mozilla/5.0');
|
||||||
|
$ua->ssl_opts('verify_hostname' => 0);
|
||||||
|
my $res = $ua->get($url);
|
||||||
|
if ($res->is_success)
|
||||||
|
{
|
||||||
|
return $res->decoded_content;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
my $err = $res->content;
|
||||||
|
my $ca_file = $ua->ssl_opts('SSL_ca_file');
|
||||||
|
die ("Could not fetch $url: $err\n$ca_file");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
my $content = # fetch_url($HTML5_URL) .
|
||||||
|
fetch_url($GECKO_URL);
|
||||||
|
|
||||||
|
$content = join("\n", grep(/^(?:HTML5|GK)_ATOM.*"on\w+"/, split(/[\n\r]/, $content)));
|
||||||
|
|
||||||
|
$content =~ s/.*"(on\w+)".*/$1 /g;
|
||||||
|
$content =~ s/\s+/ /g;
|
||||||
|
$content =~ s/^\s+|\s+$//g;
|
||||||
|
|
||||||
|
my $l = Regexp::List->new;
|
||||||
|
my $re = $l->list2re(uniq(split(' ', $content)));
|
||||||
|
$re =~ s/\(\?[-^]\w+:(.*)\)/$1/;
|
||||||
|
open (OUT, ">$cache");
|
||||||
|
print OUT $re;
|
||||||
|
close OUT;
|
||||||
|
$re;
|
||||||
|
}
|
||||||
|
|
||||||
|
sub patch
|
||||||
|
{
|
||||||
|
my $src = shift;
|
||||||
|
my $dst = "$src.tmp";
|
||||||
|
my $re = create_re();
|
||||||
|
my $must_replace = 0;
|
||||||
|
print "Patching $src...\n";
|
||||||
|
open IN, "<$src" or die ("Can't open $src!");
|
||||||
|
open OUT, ">$dst" or die ("Can't open $dst!");
|
||||||
|
|
||||||
|
while (<IN>)
|
||||||
|
{
|
||||||
|
my $line = $_;
|
||||||
|
$must_replace = $line ne $_ if s/^(\s*const IC_EVENT_PATTERN\s*=\s*")([^"]+)/$1$re/;
|
||||||
|
|
||||||
|
print OUT $_;
|
||||||
|
}
|
||||||
|
close IN;
|
||||||
|
close OUT;
|
||||||
|
|
||||||
|
if ($must_replace) {
|
||||||
|
rename $dst, $src;
|
||||||
|
print "Patched.\n";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
unlink $dst;
|
||||||
|
print "Nothing to do.\n";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
patch($SOURCE_FILE);
|
|
@ -0,0 +1 @@
|
||||||
|
on(?:p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n)|positioned)|state))|a(?:ge(?:hide|show)|(?:st|us)e)|ush(?:subscriptionchange)?|ro(?:cessorerror|gress)|lay(?:ing)?|hoto)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|m(?:o(?:z(?:pointerlock(?:change|error)|fullscreen(?:change|error)|key(?:down|up)onplugin|accesskeynotfound|orientationchange)|use(?:l(?:ongtap|eave)|o(?:ver|ut)|enter|wheel|down|move|up))|(?:idimessag|ut)e|essage(?:error)?|ark)|c(?:o(?:m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|n(?:t(?:rollerchange|extmenu)|nect(?:ionavailable)?)|py)|h(?:(?:arging(?:time)?ch)?ange|ecking)|a(?:n(?:play(?:through)?|cel)|ched)|u(?:echange|t)|l(?:ick|ose))|s(?:ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|t)|h(?:ipping(?:address|option)change|ow)|t(?:a(?:techange|lled|rt)|o(?:rage|p))|u(?:ccess|spend|bmit)|peech(?:start|end)|croll)|d(?:r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|leave|start|drop|over)?|in)|op)|evice(?:(?:orienta|mo)tion|proximity|change|light)|(?:ischargingtime|uration)change|ata(?:available)?|ownloading|blclick)|a(?:nimation(?:iteration|cancel|start|end)|u(?:dio(?:process|start|end)|xclick)|b(?:solutedeviceorientation|ort)|fter(?:scriptexecute|print)|dd(?:sourcebuffer|track)|ppinstalled|ctivate)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|r(?:e(?:s(?:ourcetimingbufferfull|ponseprogress|u(?:lt|me)|ize|et)|move(?:sourcebuffer|track)|adystatechange|pea(?:tEven)?t|questprogress)|atechange)|w(?:ebkit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|a(?:iting(?:forkey)?|rning)|heel)|v(?:rdisplay(?:(?:presentchang|activat)e|d(?:eactivate|isconnect)|connect)|o(?:iceschanged|lumechange)|(?:isibility|ersion)change)|b(?:e(?:fore(?:p(?:aste|rint)|scriptexecute|c(?:opy|ut)|unload)|gin(?:Event)?)|ufferedamountlow|l(?:ocked|ur)|roadcast|oundary)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ransition(?:cancel|start|end|run)|ime(?:update|out)|e(?:rminate|xt)|ypechange)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|stpointercapture)|(?:anguage|evel)change|y)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|n(?:derflow|load|mute)|serproximity)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|otpointercapture|et)|o(?:(?:rientationchang|(?:ff|n)lin|bsolet)e|verflow|pen)|e(?:n(?:d(?:Event|ed)?|crypted|ter)|mptied|rror|xit)|f(?:ullscreen(?:change|error)|ocus(?:out|in)?|inish)|no(?:tificationcl(?:ick|ose)|update|match)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:statuseschange|press|down|up)|(?:CheckboxStateC|hashc)hange|R(?:adioStateChange|equest)|in(?:stall|valid|put)|AppCommand|zoom)
|
|
@ -0,0 +1,675 @@
|
||||||
|
{
|
||||||
|
"Add": {
|
||||||
|
"message": "Add"
|
||||||
|
},
|
||||||
|
"Add_accesskey": {
|
||||||
|
"message": "A"
|
||||||
|
},
|
||||||
|
"AdditionalPermissions": {
|
||||||
|
"message": "Additional permissions for trusted sites"
|
||||||
|
},
|
||||||
|
"AdditionalRestrictions": {
|
||||||
|
"message": "Additional restrictions for untrusted sites"
|
||||||
|
},
|
||||||
|
"SectionAdvanced": {
|
||||||
|
"message": "Advanced"
|
||||||
|
},
|
||||||
|
"Allow": {
|
||||||
|
"message": "Allow"
|
||||||
|
},
|
||||||
|
"Allow_accesskey": {
|
||||||
|
"message": "l"
|
||||||
|
},
|
||||||
|
"AllowBookmarks": {
|
||||||
|
"message": "Allow sites opened through bookmarks"
|
||||||
|
},
|
||||||
|
"AllowClipboard": {
|
||||||
|
"message": "Allow rich text copy and paste from external clipboard"
|
||||||
|
},
|
||||||
|
"AllowLocalLinks": {
|
||||||
|
"message": "Allow local links"
|
||||||
|
},
|
||||||
|
"AllowPage": {
|
||||||
|
"message": "Allow all this page"
|
||||||
|
},
|
||||||
|
"AllowPage_accesskey": {
|
||||||
|
"message": "A"
|
||||||
|
},
|
||||||
|
"AllowPing": {
|
||||||
|
"message": "Allow <A PING…>"
|
||||||
|
},
|
||||||
|
"AllowViaBookmarks": {
|
||||||
|
"message": "Allow sites opened through bookmarks"
|
||||||
|
},
|
||||||
|
"AlwaysBlockUntrustedContent": {
|
||||||
|
"message": "Block every object coming from a site marked as untrusted"
|
||||||
|
},
|
||||||
|
"SectionAppearance": {
|
||||||
|
"message": "Appearance"
|
||||||
|
},
|
||||||
|
"AutoAllowTopLevel": {
|
||||||
|
"message": "Temporarily set top-level sites to TRUSTED"
|
||||||
|
},
|
||||||
|
"AutoReload": {
|
||||||
|
"message": "Automatically reload affected pages when permissions change"
|
||||||
|
},
|
||||||
|
"AutoReload_currentTab": {
|
||||||
|
"message": "Reload the current tab only"
|
||||||
|
},
|
||||||
|
"BaseDom": {
|
||||||
|
"message": "Base 2nd level Domains (noscript.net)"
|
||||||
|
},
|
||||||
|
"BlockedItems": {
|
||||||
|
"message": "Blocked $1 of $2 items."
|
||||||
|
},
|
||||||
|
"BlockedObjects": {
|
||||||
|
"message": "NoScript Blocked Objects"
|
||||||
|
},
|
||||||
|
"BookmarkSync": {
|
||||||
|
"message": "Backup NoScript configuration in a bookmark for easy synchronization"
|
||||||
|
},
|
||||||
|
"Cancel": {
|
||||||
|
"message": "Cancel"
|
||||||
|
},
|
||||||
|
"CascadePermissions": {
|
||||||
|
"message": "Cascade top document's permissions to 3rd party scripts"
|
||||||
|
},
|
||||||
|
"ClearClickDescription": {
|
||||||
|
"message": "NoScript intercepted a mouse or keyboard interaction with a partially hidden element. Click on the image below to cycle between the obstructed and the clear version."
|
||||||
|
},
|
||||||
|
"ClearClickHeader": {
|
||||||
|
"message": "Potential Clickjacking / UI Redressing Attempt!"
|
||||||
|
},
|
||||||
|
"ClearClickOpt": {
|
||||||
|
"message": "ClearClick protection on pages…"
|
||||||
|
},
|
||||||
|
"ClearClickReport": {
|
||||||
|
"message": "Report"
|
||||||
|
},
|
||||||
|
"ClearClickReport_accesskey": {
|
||||||
|
"message": "R"
|
||||||
|
},
|
||||||
|
"ClearClickReportId": {
|
||||||
|
"message": "Report ID:"
|
||||||
|
},
|
||||||
|
"ClearClickTitle": {
|
||||||
|
"message": "ClearClick Warning"
|
||||||
|
},
|
||||||
|
"Close": {
|
||||||
|
"message": "Close"
|
||||||
|
},
|
||||||
|
"CollapseBlockedObjects": {
|
||||||
|
"message": "Collapse blocked objects"
|
||||||
|
},
|
||||||
|
"ConfirmUnblock": {
|
||||||
|
"message": "Ask for confirmation before temporarily unblocking an object"
|
||||||
|
},
|
||||||
|
"ContentBlocker": {
|
||||||
|
"message": "Apply these restrictions to whitelisted sites too"
|
||||||
|
},
|
||||||
|
"CtxMenu": {
|
||||||
|
"message": "Contextual menu"
|
||||||
|
},
|
||||||
|
"Custom": {
|
||||||
|
"message": "Custom"
|
||||||
|
},
|
||||||
|
"CustomizePresets": {
|
||||||
|
"message": "Preset customization (for all the sites sharing a preset)"
|
||||||
|
},
|
||||||
|
"Default": {
|
||||||
|
"message": "Default"
|
||||||
|
},
|
||||||
|
"DefaultPolicies": {
|
||||||
|
"message": "Default Policies"
|
||||||
|
},
|
||||||
|
"Description": {
|
||||||
|
"message": "Extra protection for your Firefox: NoScript allows JavaScript, Flash (and other plugins) only for trusted domains of your choice (e.g. your home-banking web site). This whitelist based pre-emptive blocking approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality… Experts will agree: Firefox is really safer with NoScript :-)"
|
||||||
|
},
|
||||||
|
"Donate": {
|
||||||
|
"message": "Donate"
|
||||||
|
},
|
||||||
|
"Donate_accesskey": {
|
||||||
|
"message": "o"
|
||||||
|
},
|
||||||
|
"Embeddings": {
|
||||||
|
"message": "Embeddings"
|
||||||
|
},
|
||||||
|
"Exceptions": {
|
||||||
|
"message": "Exceptions…"
|
||||||
|
},
|
||||||
|
"Export": {
|
||||||
|
"message": "Export"
|
||||||
|
},
|
||||||
|
"Export_accesskey": {
|
||||||
|
"message": "E"
|
||||||
|
},
|
||||||
|
"FixLinks": {
|
||||||
|
"message": "Attempt to fix JavaScript links"
|
||||||
|
},
|
||||||
|
"Hider": {
|
||||||
|
"message": "Drop here to hide."
|
||||||
|
},
|
||||||
|
"Reveal": {
|
||||||
|
"message": "Click here to retrieve missing buttons…"
|
||||||
|
},
|
||||||
|
"ShowFullAddresses": {
|
||||||
|
"message": "List full addresses in the permissions popup (https://www.noscript.net)"
|
||||||
|
},
|
||||||
|
|
||||||
|
"SectionGeneral": {
|
||||||
|
"message": "General"
|
||||||
|
},
|
||||||
|
"GlobalHttpsWhitelist": {
|
||||||
|
"message": "Allow HTTPS scripts globally on HTTPS documents"
|
||||||
|
},
|
||||||
|
"NotEnforced": {
|
||||||
|
"message": "Restrictions disabled"
|
||||||
|
},
|
||||||
|
"NoEnforcement": {
|
||||||
|
"message": "Disable restrictions globally (dangerous)"
|
||||||
|
},
|
||||||
|
"Enforce": {
|
||||||
|
"message": "Enable restrictions globally"
|
||||||
|
},
|
||||||
|
"NoEnforcementForTab": {
|
||||||
|
"message": "Disable restrictions for this tab"
|
||||||
|
},
|
||||||
|
"EnforceForTab": {
|
||||||
|
"message": "Enable restrictions for this tab"
|
||||||
|
},
|
||||||
|
"httpsOnly": {
|
||||||
|
"message": "Match HTTPS content only"
|
||||||
|
},
|
||||||
|
"Https": {
|
||||||
|
"message": "HTTPS"
|
||||||
|
},
|
||||||
|
"Https_always": {
|
||||||
|
"message": "Always"
|
||||||
|
},
|
||||||
|
"Https_behavior": {
|
||||||
|
"message": "Behavior"
|
||||||
|
},
|
||||||
|
"Https_cookies": {
|
||||||
|
"message": "Cookies"
|
||||||
|
},
|
||||||
|
"Https_description": {
|
||||||
|
"message": "Forbid active web content unless it comes from a secure (HTTPS) connection:"
|
||||||
|
},
|
||||||
|
"Https_never": {
|
||||||
|
"message": "Never"
|
||||||
|
},
|
||||||
|
"Https_proxy": {
|
||||||
|
"message": "When using a proxy (recommended with Tor)"
|
||||||
|
},
|
||||||
|
"HttpsFaq": {
|
||||||
|
"message": "HTTPS FAQ…"
|
||||||
|
},
|
||||||
|
"HttpsFaq_accesskey": {
|
||||||
|
"message": "Q"
|
||||||
|
},
|
||||||
|
"HttpsForced": {
|
||||||
|
"message": "Force the following sites to use secure (HTTPS) connections:"
|
||||||
|
},
|
||||||
|
"HttpsForcedExceptions": {
|
||||||
|
"message": "Never force secure (HTTPS) connections for the following sites:"
|
||||||
|
},
|
||||||
|
"Import": {
|
||||||
|
"message": "Import"
|
||||||
|
},
|
||||||
|
"Import_accesskey": {
|
||||||
|
"message": "I"
|
||||||
|
},
|
||||||
|
"KeepLocked": {
|
||||||
|
"message": "Keep this element locked (recommended)"
|
||||||
|
},
|
||||||
|
"MatchSample": {
|
||||||
|
"message": "Pattern matching sample:"
|
||||||
|
},
|
||||||
|
"Next": {
|
||||||
|
"message": "Next"
|
||||||
|
},
|
||||||
|
"NoUntrustedPlaceholder": {
|
||||||
|
"message": "No placeholder for objects coming from sites marked as untrusted"
|
||||||
|
},
|
||||||
|
"Notifications": {
|
||||||
|
"message": "Notifications"
|
||||||
|
},
|
||||||
|
"Notify": {
|
||||||
|
"message": "Show message about blocked scripts"
|
||||||
|
},
|
||||||
|
"Notify_bottom": {
|
||||||
|
"message": "Place message at the bottom"
|
||||||
|
},
|
||||||
|
"NotifyMeta": {
|
||||||
|
"message": "Show message about blocked META redirections"
|
||||||
|
},
|
||||||
|
"NotifyMeta_accesskey": {
|
||||||
|
"message": "R"
|
||||||
|
},
|
||||||
|
"NselForce": {
|
||||||
|
"message": "Show the <NOSCRIPT> element which follows a blocked <SCRIPT>"
|
||||||
|
},
|
||||||
|
"NselNever": {
|
||||||
|
"message": "Hide <NOSCRIPT> elements"
|
||||||
|
},
|
||||||
|
"OK": {
|
||||||
|
"message": "OK"
|
||||||
|
},
|
||||||
|
"OptBlockCssScanners": {
|
||||||
|
"message": "Block CSS-based scanners"
|
||||||
|
},
|
||||||
|
"OptFilterXGet": {
|
||||||
|
"message": "Sanitize cross-site suspicious requests"
|
||||||
|
},
|
||||||
|
"OptFilterXPost": {
|
||||||
|
"message": "Turn cross-site POST requests into data-less GET requests"
|
||||||
|
},
|
||||||
|
"Options": {
|
||||||
|
"message": "Options…"
|
||||||
|
},
|
||||||
|
"Options_accesskey": {
|
||||||
|
"message": "O"
|
||||||
|
},
|
||||||
|
"OptionsLong": {
|
||||||
|
"message": "NoScript Options"
|
||||||
|
},
|
||||||
|
"OptionsWidth": {
|
||||||
|
"message": "40em"
|
||||||
|
},
|
||||||
|
"PermanentInPrivate": {
|
||||||
|
"message": "Permanent \"Allow\" commands in private windows"
|
||||||
|
},
|
||||||
|
"SectionSitePermissions": {
|
||||||
|
"message": "Per-site Permissions"
|
||||||
|
},
|
||||||
|
"PermissionsText": {
|
||||||
|
"message": "You can specify which web sites are allowed to execute scripts. Type the address or the domain (e.g. \"http://www.site.com\" or \"site.com\") of the site you want to allow and then click Allow."
|
||||||
|
},
|
||||||
|
"Plugins": {
|
||||||
|
"message": "Plugins"
|
||||||
|
},
|
||||||
|
"Policies": {
|
||||||
|
"message": "Policies"
|
||||||
|
},
|
||||||
|
"Preset": {
|
||||||
|
"message": "Security Level"
|
||||||
|
},
|
||||||
|
"Preset_high": {
|
||||||
|
"message": "Fortress (Full lockdown)"
|
||||||
|
},
|
||||||
|
"Preset_low": {
|
||||||
|
"message": "Easy going (Blacklist + Web Security)"
|
||||||
|
},
|
||||||
|
"Preset_medium": {
|
||||||
|
"message": "Classic (Whitelist + Web Security)"
|
||||||
|
},
|
||||||
|
"Preset_off": {
|
||||||
|
"message": "Off (are you serious?!)"
|
||||||
|
},
|
||||||
|
"Prev": {
|
||||||
|
"message": "Previous"
|
||||||
|
},
|
||||||
|
"RecentBlocked": {
|
||||||
|
"message": "Recently blocked sites"
|
||||||
|
},
|
||||||
|
"Refresh": {
|
||||||
|
"message": "Refresh"
|
||||||
|
},
|
||||||
|
|
||||||
|
"ReloadWarn": {
|
||||||
|
"message": "These options will take effect on new or (manually) reloaded pages"
|
||||||
|
},
|
||||||
|
"RemoveSelected": {
|
||||||
|
"message": "Remove Selected Sites"
|
||||||
|
},
|
||||||
|
"Reset": {
|
||||||
|
"message": "Reset"
|
||||||
|
},
|
||||||
|
"Reset_accesskey": {
|
||||||
|
"message": "s"
|
||||||
|
},
|
||||||
|
"ResetDef": {
|
||||||
|
"message": "Reset to Default"
|
||||||
|
},
|
||||||
|
"ResetDef_accesskey": {
|
||||||
|
"message": "D"
|
||||||
|
},
|
||||||
|
"RestrictSubdocScripting": {
|
||||||
|
"message": "Block scripting in whitelisted subdocuments of non-whitelisted pages"
|
||||||
|
},
|
||||||
|
"RevokeTemp": {
|
||||||
|
"message": "Revoke Temporary Permissions"
|
||||||
|
},
|
||||||
|
"RevokeTemp_accesskey": {
|
||||||
|
"message": "R"
|
||||||
|
},
|
||||||
|
"SecureCookies": {
|
||||||
|
"message": "Enable Automatic Secure Cookies Management"
|
||||||
|
},
|
||||||
|
"SecureCookiesExceptions": {
|
||||||
|
"message": "Ignore unsafe cookies set over HTTPS by the following sites:"
|
||||||
|
},
|
||||||
|
"SecureCookiesForced": {
|
||||||
|
"message": "Force encryption for all the cookies set over HTTPS by the following sites:"
|
||||||
|
},
|
||||||
|
"SecurityManager": {
|
||||||
|
"message": "Security Manager"
|
||||||
|
},
|
||||||
|
"Show": {
|
||||||
|
"message": "Show…"
|
||||||
|
},
|
||||||
|
"ShowConsole": {
|
||||||
|
"message": "Show Console…"
|
||||||
|
},
|
||||||
|
"ShowConsole_accesskey": {
|
||||||
|
"message": "S"
|
||||||
|
},
|
||||||
|
"ShowPlaceholder": {
|
||||||
|
"message": "Show placeholder icon"
|
||||||
|
},
|
||||||
|
"ShowReleaseNotes": {
|
||||||
|
"message": "Display the release notes on updates"
|
||||||
|
},
|
||||||
|
"ShowCtxMenuItem": {
|
||||||
|
"message": "Show NoScript contextual menu item"
|
||||||
|
},
|
||||||
|
"ShowCountBadge": {
|
||||||
|
"message": "Display script count badge"
|
||||||
|
},
|
||||||
|
"SitePermissions": {
|
||||||
|
"message": "Site Permissions"
|
||||||
|
},
|
||||||
|
"SitePermissions_accessKey": {
|
||||||
|
"message": "S"
|
||||||
|
},
|
||||||
|
"SitePolicies": {
|
||||||
|
"message": "Site Specific Policies"
|
||||||
|
},
|
||||||
|
"TempTrustPage": {
|
||||||
|
"message": "Set all on this page to Temporarily TRUSTED"
|
||||||
|
},
|
||||||
|
"TempTrustPage_accesskey": {
|
||||||
|
"message": "T"
|
||||||
|
},
|
||||||
|
"TempToPerm": {
|
||||||
|
"message": "Make page permissions permanent"
|
||||||
|
},
|
||||||
|
"TempToPerm_accesskey": {
|
||||||
|
"message": "M"
|
||||||
|
},
|
||||||
|
|
||||||
|
"Trust": {
|
||||||
|
"message": "Mark as Trusted"
|
||||||
|
},
|
||||||
|
"Trust_accesskey": {
|
||||||
|
"message": "T"
|
||||||
|
},
|
||||||
|
"Trusted": {
|
||||||
|
"message": "Trusted"
|
||||||
|
},
|
||||||
|
"Trusted_temporary": {
|
||||||
|
"message": "Temp. TRUSTED"
|
||||||
|
},
|
||||||
|
"Trusted_permanent": {
|
||||||
|
"message": "TRUSTED"
|
||||||
|
},
|
||||||
|
"TrustedPagesAdj": {
|
||||||
|
"message": "trusted"
|
||||||
|
},
|
||||||
|
"Uninstall": {
|
||||||
|
"message": "Uninstall"
|
||||||
|
},
|
||||||
|
"Unknown": {
|
||||||
|
"message": "Unknown"
|
||||||
|
},
|
||||||
|
"UnsafeReload": {
|
||||||
|
"message": "Unsafe Reload"
|
||||||
|
},
|
||||||
|
"UnsafeReload_accesskey": {
|
||||||
|
"message": "R"
|
||||||
|
},
|
||||||
|
"Untrust": {
|
||||||
|
"message": "Mark as Untrusted"
|
||||||
|
},
|
||||||
|
"Untrust_accesskey": {
|
||||||
|
"message": "U"
|
||||||
|
},
|
||||||
|
"Untrusted": {
|
||||||
|
"message": "Untrusted"
|
||||||
|
},
|
||||||
|
"UntrustedPagesAdj": {
|
||||||
|
"message": "untrusted"
|
||||||
|
},
|
||||||
|
"WebAddress": {
|
||||||
|
"message": "Search or add a web site:"
|
||||||
|
},
|
||||||
|
"WebAddress_accesskey": {
|
||||||
|
"message": "w"
|
||||||
|
},
|
||||||
|
"Whitelist": {
|
||||||
|
"message": "Whitelist"
|
||||||
|
},
|
||||||
|
"XSS_notify": {
|
||||||
|
"message": "Show XSS notifications"
|
||||||
|
},
|
||||||
|
"XSS_clearUserChoices": {
|
||||||
|
"message": "Clear XSS Choices"
|
||||||
|
},
|
||||||
|
"XSS_promptTitle": {
|
||||||
|
"message": "NoScript XSS Warning"
|
||||||
|
},
|
||||||
|
"XSS_promptMessage": {
|
||||||
|
"message": "NoScript detected a potential Cross-Site Scripting attack\nfrom $1 to $2.\nSuspicious data:\n$3"
|
||||||
|
},
|
||||||
|
"XSS_optBlock": {
|
||||||
|
"message": "Block this request"
|
||||||
|
},
|
||||||
|
"XSS_optSanitize": {
|
||||||
|
"message": "Sanitize this request"
|
||||||
|
},
|
||||||
|
"XSS_optAllow": {
|
||||||
|
"message": "Allow this request"
|
||||||
|
},
|
||||||
|
"XSS_optAlwaysAllow": {
|
||||||
|
"message": "Always allow document requests from $1 to $2"
|
||||||
|
},
|
||||||
|
"XSS_optAlwaysBlock": {
|
||||||
|
"message": "Always block document requests from $1 to $2"
|
||||||
|
},
|
||||||
|
"Xss": {
|
||||||
|
"message": "XSS"
|
||||||
|
},
|
||||||
|
"Xss_accesskey": {
|
||||||
|
"message": "X"
|
||||||
|
},
|
||||||
|
"XssExceptions": {
|
||||||
|
"message": "Anti-XSS Protection Exceptions"
|
||||||
|
},
|
||||||
|
"XssExceptions_description": {
|
||||||
|
"message": "Destinations matching these regular expressions will NOT be protected against XSS."
|
||||||
|
},
|
||||||
|
"XssFaq": {
|
||||||
|
"message": "XSS FAQ…"
|
||||||
|
},
|
||||||
|
"XssFaq_accesskey": {
|
||||||
|
"message": "Q"
|
||||||
|
},
|
||||||
|
"about": {
|
||||||
|
"message": "About $1"
|
||||||
|
},
|
||||||
|
"allowFrom": {
|
||||||
|
"message": "Allow all from $1"
|
||||||
|
},
|
||||||
|
"allowGlobal": {
|
||||||
|
"message": "Disable all the permissions checks (dangerous)"
|
||||||
|
},
|
||||||
|
"allowLocal": {
|
||||||
|
"message": "Allow $1"
|
||||||
|
},
|
||||||
|
"allowTemp": {
|
||||||
|
"message": "Temporarily allow $1"
|
||||||
|
},
|
||||||
|
"allowTempFrom": {
|
||||||
|
"message": "Temporarily allow all from $1"
|
||||||
|
},
|
||||||
|
|
||||||
|
"allowed_no": {
|
||||||
|
"message": "Scripts Currently Forbidden"
|
||||||
|
},
|
||||||
|
"allowed_prt": {
|
||||||
|
"message": "Scripts Partially Allowed"
|
||||||
|
},
|
||||||
|
"allowed_yes": {
|
||||||
|
"message": "Scripts Currently Allowed"
|
||||||
|
},
|
||||||
|
"alwaysAsk": {
|
||||||
|
"message": "Always ask for confirmation"
|
||||||
|
},
|
||||||
|
"audio_samples": {
|
||||||
|
"message": "Audio samples"
|
||||||
|
},
|
||||||
|
"bookmarkSync_confirm": {
|
||||||
|
"message": "NoScript has found a configuration bookmark seemingly saved on\n$1.\nDo you really want to overwrite your local NoScript configuration with this bookmark's content?"
|
||||||
|
},
|
||||||
|
"bookmarkSync_message": {
|
||||||
|
"message": "This bookmark is NOT meant to be opened, but to be synchronized using a service such as Weave or the XMarks extension."
|
||||||
|
},
|
||||||
|
"bookmarkSync_title": {
|
||||||
|
"message": "NoScript Configuration Bookmark"
|
||||||
|
},
|
||||||
|
"cap_script": {
|
||||||
|
"message": "script"
|
||||||
|
},
|
||||||
|
"cap_frame": {
|
||||||
|
"message": "frame"
|
||||||
|
},
|
||||||
|
"cap_object": {
|
||||||
|
"message": "object"
|
||||||
|
},
|
||||||
|
"cap_media": {
|
||||||
|
"message": "media"
|
||||||
|
},
|
||||||
|
"cap_font": {
|
||||||
|
"message": "font"
|
||||||
|
},
|
||||||
|
"cap_webgl": {
|
||||||
|
"message": "webgl"
|
||||||
|
},
|
||||||
|
"cap_fetch": {
|
||||||
|
"message": "fetch"
|
||||||
|
},
|
||||||
|
"cap_other": {
|
||||||
|
"message": "other"
|
||||||
|
},
|
||||||
|
"changelog": {
|
||||||
|
"message": "Changelog"
|
||||||
|
},
|
||||||
|
"changelog_tip": {
|
||||||
|
"message": "Show changelog"
|
||||||
|
},
|
||||||
|
"confirm": {
|
||||||
|
"message": "Are you sure?"
|
||||||
|
},
|
||||||
|
"disable": {
|
||||||
|
"message": "Disable $1"
|
||||||
|
},
|
||||||
|
"disable_accessKey": {
|
||||||
|
"message": "D"
|
||||||
|
},
|
||||||
|
"distrust": {
|
||||||
|
"message": "Mark $1 as Untrusted"
|
||||||
|
},
|
||||||
|
"extensionContributors": {
|
||||||
|
"message": "Contributors:"
|
||||||
|
},
|
||||||
|
"extensionContributors_tip": {
|
||||||
|
"message": "People you should thank for this extension"
|
||||||
|
},
|
||||||
|
"extensionCreator_tip": {
|
||||||
|
"message": "Visit author home page"
|
||||||
|
},
|
||||||
|
"extensionCreatorLabel": {
|
||||||
|
"message": "Author:"
|
||||||
|
},
|
||||||
|
"extensionHomepage_tip": {
|
||||||
|
"message": "Visit extension home page"
|
||||||
|
},
|
||||||
|
"forbidGlobal": {
|
||||||
|
"message": "Forbid Scripts Globally (advised)"
|
||||||
|
},
|
||||||
|
"forbidLocal": {
|
||||||
|
"message": "Forbid $1"
|
||||||
|
},
|
||||||
|
"freshInstallReload": {
|
||||||
|
"message": "In order to operate on this tab, NoScript needs to reload it.\nProceed?"
|
||||||
|
},
|
||||||
|
|
||||||
|
"privilegedPage": {
|
||||||
|
"message": "This is a privileged page, whose permissions cannot be configured."
|
||||||
|
},
|
||||||
|
|
||||||
|
"incompatibleOptions": {
|
||||||
|
"message": "\"$1\"\nis incompatible with \"$2\".\nDo you want to enable the former and disable the latter?"
|
||||||
|
},
|
||||||
|
"incompatibleOptions_title": {
|
||||||
|
"message": "Incompatible Options Warning"
|
||||||
|
},
|
||||||
|
"informaction_tip": {
|
||||||
|
"message": "Visit InformAction home page"
|
||||||
|
},
|
||||||
|
"license": {
|
||||||
|
"message": "License"
|
||||||
|
},
|
||||||
|
"license_tip": {
|
||||||
|
"message": "Read end-user license"
|
||||||
|
},
|
||||||
|
"logo_tip": {
|
||||||
|
"message": "Visit extension home page"
|
||||||
|
},
|
||||||
|
"metaRefresh_notify": {
|
||||||
|
"message": "NoScript blocked a <META> redirection inside a <NOSCRIPT> element: $1 in $2 seconds."
|
||||||
|
},
|
||||||
|
|
||||||
|
"Reload": {
|
||||||
|
"message": "Reload"
|
||||||
|
},
|
||||||
|
"removal_message": {
|
||||||
|
"message": "By disabling or uninstalling NoScript, you give up ALL the protections provided by NoScript.\n\nIf you're just tired of handling script permissions site by site, there's a safer choice.\n\nNoScript can stop blocking scripts, except those you mark as untrusted, while still protecting you with the most advanced security countermeasures against XSS, Clickjacking, CSRF and other web threats.\n\nDo you really want to remove ALL the NoScript protections?\n"
|
||||||
|
},
|
||||||
|
"removal_no": {
|
||||||
|
"message": "No, just stop blocking scripts"
|
||||||
|
},
|
||||||
|
"removal_title": {
|
||||||
|
"message": "Security Downgrade Warning"
|
||||||
|
},
|
||||||
|
"removal_yes": {
|
||||||
|
"message": "Yes, remove ALL protections"
|
||||||
|
},
|
||||||
|
"reset_title": {
|
||||||
|
"message": "NoScript Reset"
|
||||||
|
},
|
||||||
|
"reset_warning": {
|
||||||
|
"message": "ALL the NoScript preferences and site permissions will be reset to their default values immediately.\nThis action cannot be reverted.\nDo you want to continue?"
|
||||||
|
},
|
||||||
|
"siteInfo_confirm": {
|
||||||
|
"message": "You're about to ask for information about the \"$1\" site\nby submitting a query to $2.\nDo you want to continue?"
|
||||||
|
},
|
||||||
|
"siteInfo_tooltip": {
|
||||||
|
"message": "Middle-click or shift+click for site info..."
|
||||||
|
},
|
||||||
|
"sponsor_tip": {
|
||||||
|
"message": "Visit sponsor home page"
|
||||||
|
},
|
||||||
|
"unsafeReload_warning": {
|
||||||
|
"message": "UNSAFELY reloading a suspicious\n\n$1 [$2]\n\nFROM [$3]\n\nNoScript will NOT protect this request!\n"
|
||||||
|
},
|
||||||
|
"untrustedOrigin": {
|
||||||
|
"message": "an untrusted origin"
|
||||||
|
},
|
||||||
|
"version": {
|
||||||
|
"message": "Version $1"
|
||||||
|
},
|
||||||
|
"versionShort": {
|
||||||
|
"message": "v $1"
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,549 @@
|
||||||
|
var RequestGuard = (() => {
|
||||||
|
'use strict';
|
||||||
|
const VERSION_LABEL = `NoScript ${browser.runtime.getManifest().version}`;
|
||||||
|
browser.browserAction.setTitle({title: VERSION_LABEL});
|
||||||
|
const REPORT_URI = "https://noscript-csp.invalid/__NoScript_Probe__/";
|
||||||
|
const REPORT_GROUP = "NoScript-Endpoint";
|
||||||
|
const REPORT_TO = {
|
||||||
|
name: "Report-To",
|
||||||
|
value: JSON.stringify({ "url": REPORT_URI,
|
||||||
|
"group": REPORT_GROUP,
|
||||||
|
"max-age": 10886400 }),
|
||||||
|
};
|
||||||
|
const CSP = {
|
||||||
|
name: "content-security-policy",
|
||||||
|
start: `report-uri ${REPORT_URI};`,
|
||||||
|
end: `;report-to ${REPORT_URI};`,
|
||||||
|
isMine(header) {
|
||||||
|
let {name, value} = header;
|
||||||
|
if (name.toLowerCase() !== CSP.name) return false;
|
||||||
|
let startIdx = value.indexOf(this.start);
|
||||||
|
return startIdx > -1 && startIdx < value.lastIndexOf(this.end);
|
||||||
|
},
|
||||||
|
inject(headerValue, mine) {
|
||||||
|
let startIdx = headerValue.indexOf(this.start);
|
||||||
|
if (startIdx < 0) return `${headerValue};${mine}`;
|
||||||
|
let endIdx = headerValue.lastIndexOf(this.end);
|
||||||
|
let retValue = `${headerValue.substring(0, startIdx)}${mine}`;
|
||||||
|
|
||||||
|
return endIdx < 0 ? retValue : `${retValue}${headerValue.substring(endIdx + this.end.length + 1)}`;
|
||||||
|
},
|
||||||
|
create(...directives) {
|
||||||
|
return `${this.start}${directives.join(';')}${this.end}`;
|
||||||
|
},
|
||||||
|
createBlocker(...types) {
|
||||||
|
return this.create(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`)));
|
||||||
|
},
|
||||||
|
blocks(header, type) {
|
||||||
|
return header.includes(`;${type}-src 'none';`)
|
||||||
|
},
|
||||||
|
types: ["script", "object", "media"],
|
||||||
|
};
|
||||||
|
|
||||||
|
const policyTypesMap = {
|
||||||
|
main_frame: "",
|
||||||
|
sub_frame: "frame",
|
||||||
|
script: "script",
|
||||||
|
xslt: "script",
|
||||||
|
xbl: "script",
|
||||||
|
font: "font",
|
||||||
|
object: "object",
|
||||||
|
object_subrequest: "fetch",
|
||||||
|
xmlhttprequest: "fetch",
|
||||||
|
ping: "ping",
|
||||||
|
beacon: "ping",
|
||||||
|
media: "media",
|
||||||
|
other: "",
|
||||||
|
};
|
||||||
|
const allTypes = Object.keys(policyTypesMap);
|
||||||
|
Object.assign(policyTypesMap, {"webgl": "webgl"}); // fake types
|
||||||
|
|
||||||
|
const FORBID_DATAURI_TYPES = ["font", "media", "object"];
|
||||||
|
|
||||||
|
const TabStatus = {
|
||||||
|
map: new Map(),
|
||||||
|
types: ["script", "object", "media", "frame", "font"],
|
||||||
|
newRecords() {
|
||||||
|
return {
|
||||||
|
allowed: {},
|
||||||
|
blocked: {},
|
||||||
|
noscriptFrames: {},
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
initTab(tabId, records = this.newRecords()) {
|
||||||
|
this.map.set(tabId, records);
|
||||||
|
return records;
|
||||||
|
},
|
||||||
|
|
||||||
|
_record(request, what, optValue) {
|
||||||
|
let {tabId, frameId, type, url, documentUrl} = request;
|
||||||
|
let policyType = policyTypesMap[type] || type;
|
||||||
|
let requestKey = Policy.requestKey(url, documentUrl, policyType);
|
||||||
|
let map = this.map;
|
||||||
|
let records;
|
||||||
|
if (map.has(tabId)) {
|
||||||
|
records = map.get(tabId);
|
||||||
|
} else {
|
||||||
|
records = this.initTab(tabId);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (what === "noscriptFrame") {
|
||||||
|
let nsf = records.noscriptFrames;
|
||||||
|
if (frameId in nsf) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
nsf[frameId] = optValue;
|
||||||
|
what = optValue ? "blocked" : "allowed";
|
||||||
|
if (frameId === 0) {
|
||||||
|
request.type = type = "main_frame";
|
||||||
|
Content.reportTo(request, optValue, type);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let collection = records[what];
|
||||||
|
if (type in collection) {
|
||||||
|
if (!collection[type].includes(requestKey)) {
|
||||||
|
collection[type].push(requestKey);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
collection[type] = [requestKey];
|
||||||
|
}
|
||||||
|
return records;
|
||||||
|
},
|
||||||
|
|
||||||
|
record(request, what, optValue) {
|
||||||
|
let records = this._record(request, what, optValue);
|
||||||
|
if (records) {
|
||||||
|
this.updateTab(request.tabId);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
_pendingTabs: new Set(),
|
||||||
|
|
||||||
|
updateTab(tabId) {
|
||||||
|
if (this._pendingTabs.size === 0) {
|
||||||
|
window.setTimeout(() => { // clamp UI updates
|
||||||
|
for (let tabId of this._pendingTabs) {
|
||||||
|
this._updateTabNow(tabId);
|
||||||
|
}
|
||||||
|
this._pendingTabs.clear();
|
||||||
|
}, 200);
|
||||||
|
}
|
||||||
|
this._pendingTabs.add(tabId);
|
||||||
|
},
|
||||||
|
_updateTabNow(tabId) {
|
||||||
|
this._pendingTabs.delete(tabId);
|
||||||
|
let records = this.map.get(tabId) || this.initTab(tabId);
|
||||||
|
let {allowed, blocked, noscriptFrames} = records;
|
||||||
|
let topAllowed = !(noscriptFrames && noscriptFrames[0]);
|
||||||
|
|
||||||
|
let numAllowed = 0, numBlocked = 0, sum = 0;
|
||||||
|
let report = this.types.map(t => {
|
||||||
|
let a = allowed[t] && allowed[t].length || 0, b = blocked[t] && blocked[t].length || 0, s = a + b;
|
||||||
|
numAllowed+= a, numBlocked += b, sum += s;
|
||||||
|
return s && `<${t === "sub_frame" ? "frame" : t}>: ${b}/${s}`;
|
||||||
|
}).filter(s => s).join("\n");
|
||||||
|
|
||||||
|
let enforced = ns.isEnforced(tabId);
|
||||||
|
|
||||||
|
let icon = topAllowed ?
|
||||||
|
(numBlocked ? "part"
|
||||||
|
: enforced ? "yes" : "global")
|
||||||
|
: (numAllowed ? "sub" : "no");
|
||||||
|
let showBadge = ns.local.showCountBadge && numBlocked > 0;
|
||||||
|
|
||||||
|
let browserAction = browser.browserAction;
|
||||||
|
browserAction.setIcon({tabId, path: {64: `/img/ui-${icon}64.png`}});
|
||||||
|
browserAction.setBadgeText({tabId, text: showBadge ? numBlocked.toString() : ""});
|
||||||
|
browserAction.setBadgeBackgroundColor({tabId, color: [255, 0, 0, 128]});
|
||||||
|
browserAction.setTitle({tabId,
|
||||||
|
title: `${VERSION_LABEL} \n${enforced ?
|
||||||
|
_("BlockedItems", [numBlocked, numAllowed + numBlocked]) + ` \n${report}`
|
||||||
|
: _("NotEnforced")}`
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
totalize(sum, value) {
|
||||||
|
return sum + value;
|
||||||
|
},
|
||||||
|
|
||||||
|
async probe(tabId) {
|
||||||
|
if (tabId === undefined) {
|
||||||
|
(await browser.tabs.query({})).forEach(tab => TabStatus.probe(tab.id));
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
TabStatus.recordAll(tabId, await ns.collectSeen(tabId));
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
recordAll(tabId, seen) {
|
||||||
|
if (seen) {
|
||||||
|
let records = TabStatus.map.get(tabId);
|
||||||
|
if (records) {
|
||||||
|
records.allowed = {};
|
||||||
|
records.blocked = {};
|
||||||
|
}
|
||||||
|
for (let thing of seen) {
|
||||||
|
thing.request.tabId = tabId;
|
||||||
|
TabStatus._record(thing.request, thing.allowed ? "allowed" : "blocked");
|
||||||
|
}
|
||||||
|
this._updateTabNow(tabId);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
async onActivatedTab(info) {
|
||||||
|
let {tabId} = info;
|
||||||
|
let seen = await ns.collectSeen(tabId);
|
||||||
|
|
||||||
|
TabStatus.recordAll(tabId, seen);
|
||||||
|
},
|
||||||
|
onRemovedTab(tabId) {
|
||||||
|
TabStatus.map.delete(tabId);
|
||||||
|
},
|
||||||
|
}
|
||||||
|
browser.tabs.onActivated.addListener(TabStatus.onActivatedTab);
|
||||||
|
browser.tabs.onRemoved.addListener(TabStatus.onRemovedTab);
|
||||||
|
|
||||||
|
if (!("setIcon" in browser.browserAction)) { // unsupported on Android
|
||||||
|
TabStatus._updateTabNow = TabStatus.updateTab = () => {};
|
||||||
|
}
|
||||||
|
|
||||||
|
const Content = {
|
||||||
|
|
||||||
|
|
||||||
|
async hearFrom(message, sender) {
|
||||||
|
debug("Received message from content", message, sender);
|
||||||
|
switch (message.type) {
|
||||||
|
case "pageshow":
|
||||||
|
TabStatus.recordAll(sender.tab.id, message.seen);
|
||||||
|
return true;
|
||||||
|
case "enable":
|
||||||
|
let {url, documentUrl, policyType} = message;
|
||||||
|
let TAG = `<${policyType.toUpperCase()}>`;
|
||||||
|
let origin = Sites.origin(url);
|
||||||
|
let {siteKey} = Sites.parse(url);
|
||||||
|
let options;
|
||||||
|
if (siteKey === origin) {
|
||||||
|
TAG += `@${siteKey}`;
|
||||||
|
} else {
|
||||||
|
options = [
|
||||||
|
{label: _("allowLocal", siteKey), checked: true},
|
||||||
|
{label: _("allowLocal", origin)}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
// let parsedDoc = Sites.parse(documentUrl);
|
||||||
|
let t = u => `${TAG}@${u}`;
|
||||||
|
let ret = await Prompts.prompt({
|
||||||
|
title: _("BlockedObjects"),
|
||||||
|
message: _("allowLocal", TAG),
|
||||||
|
options});
|
||||||
|
debug(`Prompt returned %o`);
|
||||||
|
if (ret.button !== 0) return;
|
||||||
|
let key = [siteKey, origin][ret.option || 0];
|
||||||
|
if (!key) return;
|
||||||
|
let {siteMatch, contextMatch, perms} = ns.policy.get(key, documentUrl);
|
||||||
|
let {capabilities} = perms;
|
||||||
|
if (!capabilities.has(policyType)) {
|
||||||
|
perms = new Permissions(new Set(capabilities), false);
|
||||||
|
perms.capabilities.add(policyType);
|
||||||
|
|
||||||
|
/* TODO: handle contextual permissions
|
||||||
|
if (documentUrl) {
|
||||||
|
let context = new URL(documentUrl).origin;
|
||||||
|
let contextualSites = new Sites([context, perms]);
|
||||||
|
perms = new Permissions(new Set(capabilities), false, contextualSites);
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
ns.policy.set(key, perms);
|
||||||
|
ns.savePolicy();
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
case "canScript":
|
||||||
|
let records = TabStatus.map.get(sender.tab.id);
|
||||||
|
debug("Records.noscriptFrames %o, canScript: %s", records && records.noscriptFrames, !(records && records.noscriptFrames[sender.frameId]));
|
||||||
|
return !(records && records.noscriptFrames[sender.frameId]);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
async reportTo(request, allowed, policyType) {
|
||||||
|
let {requestId, tabId, frameId, type, url, documentUrl, originUrl} = request;
|
||||||
|
let pending = pendingRequests.get(requestId); // null if from a CSP report
|
||||||
|
let initialUrl = pending ? pending.initialUrl : request.url;
|
||||||
|
request = {
|
||||||
|
key: Policy.requestKey(url, type, documentUrl || "", /^(media|object|frame)$/.test(type)),
|
||||||
|
type, url, documentUrl, originUrl
|
||||||
|
};
|
||||||
|
if (tabId < 0) return;
|
||||||
|
if (pending) request.initialUrl = pending.initialUrl;
|
||||||
|
try {
|
||||||
|
browser.tabs.sendMessage(
|
||||||
|
tabId,
|
||||||
|
{type: "seen", request, allowed, policyType, ownFrame: true},
|
||||||
|
{frameId}
|
||||||
|
);
|
||||||
|
} catch (e) {
|
||||||
|
debug(`Couldn't deliver "seen" message for ${type}@${url} ${allowed ? "A" : "F" } to document ${documentUrl} (${frameId}/${tabId}`, e);
|
||||||
|
}
|
||||||
|
if (frameId === 0) return;
|
||||||
|
try {
|
||||||
|
browser.tabs.sendMessage(
|
||||||
|
tabId,
|
||||||
|
{type: "seen", request, allowed, policyType},
|
||||||
|
{frameId: 0}
|
||||||
|
);
|
||||||
|
} catch (e) {
|
||||||
|
debug(`Couldn't deliver "seen" message to top frame containing ${documentUrl} (${frameId}/${tabId}`, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
browser.runtime.onMessage.addListener(Content.hearFrom);
|
||||||
|
|
||||||
|
const pendingRequests = new Map();
|
||||||
|
function initPendingRequest(request) {
|
||||||
|
let {requestId, url} = request;
|
||||||
|
let redirected = pendingRequests.get(requestId);
|
||||||
|
let initialUrl = redirected ? redirected.initialUrl : url;
|
||||||
|
pendingRequests.set(requestId, {
|
||||||
|
url, redirected,
|
||||||
|
onCompleted: new Set(),
|
||||||
|
});
|
||||||
|
return redirected;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
const ABORT = {cancel: true}, ALLOW = {};
|
||||||
|
const listeners = {
|
||||||
|
onBeforeRequest(request) {
|
||||||
|
try {
|
||||||
|
let redirected = initPendingRequest(request);
|
||||||
|
let {policy} = ns;
|
||||||
|
let policyType = policyTypesMap[request.type];
|
||||||
|
if (policyType) {
|
||||||
|
let {url, originUrl, documentUrl} = request;
|
||||||
|
if (("fetch" === policyType || "frame" === policyType) &&
|
||||||
|
(url === originUrl && originUrl === documentUrl ||
|
||||||
|
/^(?:chrome|resource|moz-extension|about):/.test(originUrl))
|
||||||
|
) {
|
||||||
|
// livemark request or similar browser-internal, always allow;
|
||||||
|
return ALLOW;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^(?:data|blob):/.test(url)) {
|
||||||
|
request._dataUrl = url;
|
||||||
|
request.url = url = documentUrl;
|
||||||
|
}
|
||||||
|
let allowed = !ns.isEnforced(request.tabId) ||
|
||||||
|
policy.can(url, policyType, originUrl);
|
||||||
|
Content.reportTo(request, allowed, policyType);
|
||||||
|
|
||||||
|
if (!allowed) {
|
||||||
|
debug(`Blocking ${policyType}`, request);
|
||||||
|
TabStatus.record(request, "blocked");
|
||||||
|
return ABORT;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ALLOW;
|
||||||
|
},
|
||||||
|
|
||||||
|
async onHeadersReceived(request) {
|
||||||
|
// called for main_frame, sub_frame and object
|
||||||
|
debug("onHeadersReceived", request);
|
||||||
|
|
||||||
|
try {
|
||||||
|
let header, blocker;
|
||||||
|
let responseHeaders = request.responseHeaders;
|
||||||
|
let content = {}
|
||||||
|
for (let h of responseHeaders) {
|
||||||
|
if (CSP.isMine(h)) {
|
||||||
|
header = h;
|
||||||
|
h.value = CSP.inject(h.value, "");
|
||||||
|
} else if (/^\s*Content-(Type|Disposition)\s*$/i.test(h.name)) {
|
||||||
|
content[h.name.split("-")[1].trim().toLowerCase()] = h.value;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
if (ns.isEnforced(request.tabId)) {
|
||||||
|
let policy = ns.policy;
|
||||||
|
let perms = policy.get(request.url, request.documentUrl).perms;
|
||||||
|
if (policy.autoAllowTop && request.frameId === 0 && perms === policy.DEFAULT) {
|
||||||
|
policy.set(Sites.optimalKey(request.url), perms = policy.TRUSTED.tempTwin);
|
||||||
|
}
|
||||||
|
|
||||||
|
let {capabilities} = perms;
|
||||||
|
let canScript = capabilities.has("script");
|
||||||
|
|
||||||
|
let blockedTypes;
|
||||||
|
let forbidData = FORBID_DATAURI_TYPES.filter(t => !capabilities.has(t));
|
||||||
|
if (!content.disposition &&
|
||||||
|
(!content.type || /^\s*(?:video|audio|application)\//.test(content.type))) {
|
||||||
|
debug(`Suspicious content type "%s" in request %o with capabilities %o`,
|
||||||
|
content.type, request, capabilities);
|
||||||
|
blockedTypes = CSP.types.filter(t => !capabilities.has(t));
|
||||||
|
} else if(!canScript) {
|
||||||
|
blockedTypes = ["script"];
|
||||||
|
forbidData.push("object"); // data: URIs loaded in objects may run scripts
|
||||||
|
}
|
||||||
|
|
||||||
|
for (let type of forbidData) { // object, font, media
|
||||||
|
// HTTP is blocked in onBeforeRequest, let's allow it only and block
|
||||||
|
// for instance data: and blob: URIs
|
||||||
|
let dataBlocker = {name: type, value: "http: https:"};
|
||||||
|
if (blockedTypes) blockedTypes.push(dataBlocker)
|
||||||
|
else blockedTypes = [dataBlocker];
|
||||||
|
}
|
||||||
|
|
||||||
|
debug("Blocked types", blockedTypes);
|
||||||
|
if (blockedTypes && blockedTypes.length) {
|
||||||
|
blocker = CSP.createBlocker(...blockedTypes);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (canScript) {
|
||||||
|
if (!capabilities.has("webgl")) {
|
||||||
|
await RequestUtil.executeOnStart(request, {
|
||||||
|
file: "/content/webglHook.js"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
if (!capabilities.has("media")) {
|
||||||
|
await RequestUtil.executeOnStart(request, {
|
||||||
|
code: "window.mediaBlocker = true;"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
await RequestUtil.executeOnStart(request, {
|
||||||
|
file: "content/media.js"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
debug(`CSP blocker:`, blocker);
|
||||||
|
if (blocker) {
|
||||||
|
if (header) {
|
||||||
|
header.value = CSP.inject(header.value, blocker);
|
||||||
|
} else {
|
||||||
|
header = {name: CSP.name, value: blocker};
|
||||||
|
responseHeaders.push(header);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (header) return {responseHeaders};
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Error in onHeadersReceived", uneval(request));
|
||||||
|
}
|
||||||
|
return ALLOW;
|
||||||
|
},
|
||||||
|
|
||||||
|
onResponseStarted(request) {
|
||||||
|
if (request.type === "main_frame") {
|
||||||
|
TabStatus.initTab(request.tabId);
|
||||||
|
}
|
||||||
|
let scriptBlocked = request.responseHeaders.some(
|
||||||
|
h => CSP.isMine(h) && CSP.blocks(h.value, "script")
|
||||||
|
);
|
||||||
|
debug("%s scriptBlocked=%s setting noscriptFrame on ", request.url, scriptBlocked, request.tabId, request.frameId);
|
||||||
|
TabStatus.record(request, "noscriptFrame", scriptBlocked);
|
||||||
|
pendingRequests.get(request.requestId).scriptBlocked = scriptBlocked;
|
||||||
|
},
|
||||||
|
|
||||||
|
onCompleted(request) {
|
||||||
|
let {requestId} = request;
|
||||||
|
if (pendingRequests.has(requestId)) {
|
||||||
|
let r = pendingRequests.get(requestId);
|
||||||
|
pendingRequests.delete(requestId);
|
||||||
|
for (let callback of r.onCompleted) {
|
||||||
|
try {
|
||||||
|
callback(request, r);
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
onErrorOccurred(request) {
|
||||||
|
pendingRequests.delete(request.requestId);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
function fakeRequestFromCSP(report, request) {
|
||||||
|
let type = report["violated-directive"].split("-", 1)[0]; // e.g. script-src 'none' => script
|
||||||
|
if (type === "frame") type = "sub_frame";
|
||||||
|
let url = report['blocked-uri'];
|
||||||
|
if (url === 'self') url = request.documentUrl;
|
||||||
|
return Object.assign({}, request, {
|
||||||
|
url,
|
||||||
|
type,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
async function onViolationReport(request) {
|
||||||
|
try {
|
||||||
|
let decoder = new TextDecoder("UTF-8");
|
||||||
|
const report = JSON.parse(decoder.decode(request.requestBody.raw[0].bytes))['csp-report'];
|
||||||
|
let csp = report["original-policy"]
|
||||||
|
debug("CSP report", report);
|
||||||
|
if (report['blocked-uri'] !== 'self') {
|
||||||
|
let r = fakeRequestFromCSP(report, request);
|
||||||
|
Content.reportTo(r, false, policyTypesMap[r.type]);
|
||||||
|
TabStatus.record(r, "blocked");
|
||||||
|
} else if (report["violated-directive"] === "script-src 'none'") {
|
||||||
|
let r = fakeRequestFromCSP(report, request);
|
||||||
|
TabStatus.record(r, "noscriptFrame", true);
|
||||||
|
}
|
||||||
|
} catch(e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
return ABORT;
|
||||||
|
}
|
||||||
|
|
||||||
|
const RequestGuard = {
|
||||||
|
async start() {
|
||||||
|
let wr = browser.webRequest;
|
||||||
|
let listen = (what, ...args) => wr[what].addListener(listeners[what], ...args);
|
||||||
|
|
||||||
|
let allUrls = ["<all_urls>"];
|
||||||
|
let docTypes = ["main_frame", "sub_frame", "object"];
|
||||||
|
|
||||||
|
listen("onBeforeRequest",
|
||||||
|
{urls: allUrls, types: allTypes},
|
||||||
|
["blocking"]
|
||||||
|
);
|
||||||
|
listen("onHeadersReceived",
|
||||||
|
{urls: allUrls, types: docTypes},
|
||||||
|
["blocking", "responseHeaders"]
|
||||||
|
);
|
||||||
|
listen("onResponseStarted",
|
||||||
|
{urls: allUrls, types: docTypes},
|
||||||
|
["responseHeaders"]
|
||||||
|
);
|
||||||
|
listen("onCompleted",
|
||||||
|
{urls: allUrls, types: allTypes},
|
||||||
|
);
|
||||||
|
listen("onErrorOccurred",
|
||||||
|
{urls: allUrls, types: allTypes},
|
||||||
|
);
|
||||||
|
|
||||||
|
|
||||||
|
wr.onBeforeRequest.addListener(onViolationReport,
|
||||||
|
{urls: [REPORT_URI], types: ["csp_report"]}, ["blocking", "requestBody"]);
|
||||||
|
|
||||||
|
TabStatus.probe();
|
||||||
|
},
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
let wr = browser.webRequest;
|
||||||
|
for (let [name, listener] of Object.entries(this.listeners)) {
|
||||||
|
wr[name].removeListener(listener);
|
||||||
|
}
|
||||||
|
wr.onBeforeRequest.removeListener(onViolationReport);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
return RequestGuard;
|
||||||
|
})();
|
|
@ -0,0 +1,130 @@
|
||||||
|
'use strict';
|
||||||
|
{
|
||||||
|
let runningScripts = new Map();
|
||||||
|
|
||||||
|
var RequestUtil = {
|
||||||
|
async executeOnStart(request, details) {
|
||||||
|
let {requestId, tabId, frameId} = request;
|
||||||
|
details = Object.assign({
|
||||||
|
runAt: "document_start",
|
||||||
|
frameId,
|
||||||
|
}, details);
|
||||||
|
browser.tabs.executeScript(tabId, details);
|
||||||
|
return;
|
||||||
|
let filter = browser.webRequest.filterResponseData(requestId);
|
||||||
|
filter.onstart = event => {
|
||||||
|
browser.tabs.executeScript(tabId, details);
|
||||||
|
debug("Execute on start", details);
|
||||||
|
filter.write(new Uint8Array());
|
||||||
|
};
|
||||||
|
filter.ondata = event => {
|
||||||
|
filter.write(event.data);
|
||||||
|
filter.disconnect();
|
||||||
|
|
||||||
|
}
|
||||||
|
},
|
||||||
|
async executeOnStartCS(request, details) {
|
||||||
|
let {url, requestId, tabId, frameId} = request;
|
||||||
|
|
||||||
|
let urlObj = new URL(url);
|
||||||
|
if (urlObj.hash || urlObj.port || urlObj.username) {
|
||||||
|
urlObj.hash = urlObj.port = urlObj.username = "";
|
||||||
|
url = urlObj.toString();
|
||||||
|
}
|
||||||
|
let wr = browser.webRequest;
|
||||||
|
let filter = {
|
||||||
|
urls: [`${urlObj.origin}/*`],
|
||||||
|
types: ["main_frame", "sub_frame", "object"]
|
||||||
|
};
|
||||||
|
let finalize;
|
||||||
|
let cleanup = r => {
|
||||||
|
if (cleanup && r.requestId === requestId) {
|
||||||
|
wr.onCompleted.removeListener(cleanup);
|
||||||
|
wr.onErrorOccurred.removeListener(cleanup);
|
||||||
|
cleanup = null;
|
||||||
|
if (finalize) {
|
||||||
|
finalize();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
wr.onCompleted.addListener(cleanup, filter);
|
||||||
|
wr.onErrorOccurred.addListener(cleanup, filter);
|
||||||
|
|
||||||
|
details = Object.assign({
|
||||||
|
runAt: "document_start",
|
||||||
|
frameId,
|
||||||
|
}, details);
|
||||||
|
|
||||||
|
if (browser.contentScripts) {
|
||||||
|
let js = [{}];
|
||||||
|
if (details.file) js[0].file = details.file;
|
||||||
|
else if (details.code) js[0].code = details.code;
|
||||||
|
let settings = {
|
||||||
|
"runAt": details.runAt,
|
||||||
|
js,
|
||||||
|
matches: [url],
|
||||||
|
allFrames: frameId !== 0,
|
||||||
|
}
|
||||||
|
// let's try to avoid duplicates
|
||||||
|
let key = JSON.stringify(settings);
|
||||||
|
if (runningScripts.has(key)) {
|
||||||
|
let scriptRef = runningScripts.get(key);
|
||||||
|
scriptRef.count++;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (settings.allFrames) {
|
||||||
|
// let's check whether the same script is registered for top frames:
|
||||||
|
// if it is, let's unregister it first to avoid duplicates
|
||||||
|
settings.allFrames = false;
|
||||||
|
let topKey = JSON.stringify(settings);
|
||||||
|
settings.allFrames = true;
|
||||||
|
if (runningScripts.has(topKey)) {
|
||||||
|
let topScript = runningScripts.get(topKey);
|
||||||
|
try {
|
||||||
|
topScript.unregister();
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
} finally {
|
||||||
|
runningScripts.delete(topKey);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let script = await browser.contentScripts.register(settings);
|
||||||
|
debug("Content script %o registered.", settings);
|
||||||
|
finalize = () => {
|
||||||
|
debug("Finalizing content script %o...", settings);
|
||||||
|
try {
|
||||||
|
script.unregister();
|
||||||
|
runningScripts.delete(key);
|
||||||
|
debug("Content script %o unregistered!", settings);
|
||||||
|
} finally {
|
||||||
|
finalize = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
runningScripts.set(key, script);
|
||||||
|
if (!cleanup) { // the request has already been interrupted
|
||||||
|
finalize();
|
||||||
|
}
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
function listener(r) {
|
||||||
|
if (r.requestId === requestId) {
|
||||||
|
browser.tabs.executeScript(tabId, details);
|
||||||
|
finalize();
|
||||||
|
finalize = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
finalize = () => {
|
||||||
|
wr.onResponseStarted.removeListener(listener);
|
||||||
|
}
|
||||||
|
wr.onResponseStarted.addListener(listener, filter);
|
||||||
|
debug("Executing %o", details);
|
||||||
|
|
||||||
|
},
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,125 @@
|
||||||
|
var Settings = {
|
||||||
|
|
||||||
|
async import(data) {
|
||||||
|
|
||||||
|
// figure out whether it's just a whitelist, a legacy backup or a "Quantum" export
|
||||||
|
try {
|
||||||
|
let json = JSON.parse(data);
|
||||||
|
if (json.whitelist) {
|
||||||
|
return await this.importLegacy(json);
|
||||||
|
}
|
||||||
|
if (json.trusted) {
|
||||||
|
return await this.importPolicy(json);
|
||||||
|
}
|
||||||
|
if (json.policy) {
|
||||||
|
return await this.importSettings(json);
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
return await this.importLists(data);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
async importLegacy(json) {
|
||||||
|
await include("/legacy/Legacy.js");
|
||||||
|
if (await Legacy.import(json)) {
|
||||||
|
try {
|
||||||
|
ns.policy = Legacy.migratePolicy();
|
||||||
|
await ns.savePolicy();
|
||||||
|
await Legacy.persist();
|
||||||
|
return true;
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Importing legacy settings");
|
||||||
|
Legacy.migrated = Legacy.undo;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
},
|
||||||
|
|
||||||
|
async importLists(data) {
|
||||||
|
await include("/legacy/Legacy.js");
|
||||||
|
try {
|
||||||
|
let [trusted, untrusted] = Legacy.extractLists(data.split("[UNTRUSTED]"));
|
||||||
|
let policy = ns.policy;
|
||||||
|
for (let site of trusted) {
|
||||||
|
policy.set(site, policy.TRUSTED);
|
||||||
|
}
|
||||||
|
for (let site of untrusted) {
|
||||||
|
policy.set(site, policy.UNTRUSTED, true);
|
||||||
|
}
|
||||||
|
await ns.savePolicy();
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Importing white/black lists %s", data);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
},
|
||||||
|
|
||||||
|
async importPolicy(json) {
|
||||||
|
try {
|
||||||
|
ns.policy = new Policy(json);
|
||||||
|
await ns.savePolicy();
|
||||||
|
return true;
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Importing policy %o", json);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
async importSettings(json) {
|
||||||
|
try {
|
||||||
|
await this.update(json);
|
||||||
|
return true;
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Importing settings %o", json);
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
},
|
||||||
|
|
||||||
|
async update(settings) {
|
||||||
|
let {
|
||||||
|
policy,
|
||||||
|
xssUserChoices,
|
||||||
|
tabId,
|
||||||
|
unrestrictedTab,
|
||||||
|
reloadAffected,
|
||||||
|
} = settings;
|
||||||
|
if (xssUserChoices) await XSS.saveUserChoices(xssUserChoices);
|
||||||
|
if (policy) {
|
||||||
|
ns.policy = new Policy(policy);
|
||||||
|
await ns.savePolicy();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (typeof unrestrictedTab === "boolean") {
|
||||||
|
ns.unrestrictedTabs[settings.unrestrictedTab ? "add" : "delete"](tabId);
|
||||||
|
}
|
||||||
|
if (reloadAffected) {
|
||||||
|
browser.tabs.reload(tabId);
|
||||||
|
}
|
||||||
|
|
||||||
|
let oldDebug = ns.local.debug;
|
||||||
|
await Promise.all(["local", "sync"].map(
|
||||||
|
storage => (settings[storage] || // changed or...
|
||||||
|
settings[storage] === null // ... needs reset to default
|
||||||
|
) && ns.save(
|
||||||
|
ns[storage] = settings[storage] || ns.defaults[storage])
|
||||||
|
));
|
||||||
|
if (ns.local.debug !== oldDebug) {
|
||||||
|
await include("/lib/log.js");
|
||||||
|
if (oldDebug) debug = () => {};
|
||||||
|
}
|
||||||
|
if (ns.sync.xss) {
|
||||||
|
XSS.start();
|
||||||
|
} else {
|
||||||
|
XSS.stop();
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
export() {
|
||||||
|
return JSON.stringify({
|
||||||
|
policy: ns.policy.dry(),
|
||||||
|
local: ns.local,
|
||||||
|
sync: ns.sync,
|
||||||
|
xssUserChoices: XSS.getUserChoices(),
|
||||||
|
}, null, 2);
|
||||||
|
},
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,37 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
ns.defaults = (async () => {
|
||||||
|
let defaults = {
|
||||||
|
local: {
|
||||||
|
debug: false,
|
||||||
|
showCtxMenuItem: true,
|
||||||
|
showCountBadge: true,
|
||||||
|
showFullAddresses: false,
|
||||||
|
},
|
||||||
|
sync: {
|
||||||
|
"global": false,
|
||||||
|
"xss": true,
|
||||||
|
"clearclick": true
|
||||||
|
}
|
||||||
|
};
|
||||||
|
let defaultsClone = JSON.parse(JSON.stringify(defaults));
|
||||||
|
|
||||||
|
for (let [k, v] of Object.entries(defaults)) {
|
||||||
|
let store = await Storage.get(k, k);
|
||||||
|
if (k in store) {
|
||||||
|
Object.assign(v, store[k]);
|
||||||
|
}
|
||||||
|
v.storage = k;
|
||||||
|
}
|
||||||
|
|
||||||
|
Object.assign(ns, defaults);
|
||||||
|
|
||||||
|
// dynamic settings
|
||||||
|
if (!ns.local.uuid) {
|
||||||
|
await include("/lib/uuid.js");
|
||||||
|
ns.local.uuid = uuid();
|
||||||
|
await ns.save(ns.local);
|
||||||
|
}
|
||||||
|
|
||||||
|
return ns.defaults = defaultsClone;
|
||||||
|
})();
|
|
@ -0,0 +1,282 @@
|
||||||
|
var ns = (() => {
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
const popupURL = browser.extension.getURL("/ui/popup.html");
|
||||||
|
let popupFor = tabId => `${popupURL}#tab${tabId}`;
|
||||||
|
|
||||||
|
let ctxMenuId = "noscript-ctx-menu";
|
||||||
|
|
||||||
|
async function toggleCtxMenuItem(show = ns.local.showCtxMenuItem) {
|
||||||
|
if (!"contextMenus" in browser) return;
|
||||||
|
let id = ctxMenuId;
|
||||||
|
try {
|
||||||
|
await browser.contextMenus.remove(id);
|
||||||
|
} catch (e) {}
|
||||||
|
|
||||||
|
if (show) {
|
||||||
|
browser.contextMenus.create({
|
||||||
|
id,
|
||||||
|
title: "NoScript",
|
||||||
|
contexts: ["all"]
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async function init() {
|
||||||
|
let policyData = (await Storage.get("sync", "policy")).policy;
|
||||||
|
if (policyData && policyData.DEFAULT) {
|
||||||
|
ns.policy = new Policy(policyData);
|
||||||
|
} else {
|
||||||
|
await include("/legacy/Legacy.js");
|
||||||
|
ns.policy = await Legacy.createOrMigratePolicy();
|
||||||
|
ns.savePolicy();
|
||||||
|
}
|
||||||
|
|
||||||
|
await include("/bg/defaults.js");
|
||||||
|
await ns.defaults;
|
||||||
|
await include(["/bg/RequestGuard.js", "/bg/RequestUtil.js"]);
|
||||||
|
await RequestGuard.start();
|
||||||
|
await XSS.start(); // we must start it anyway to initialize sub-objects
|
||||||
|
if (!ns.sync.xss) {
|
||||||
|
XSS.stop();
|
||||||
|
}
|
||||||
|
Commands.install();
|
||||||
|
};
|
||||||
|
|
||||||
|
var Commands = {
|
||||||
|
openPageUI() {
|
||||||
|
try {
|
||||||
|
browser.browserAction.openPopup();
|
||||||
|
return;
|
||||||
|
} catch (e) {
|
||||||
|
debug(e);
|
||||||
|
}
|
||||||
|
browser.windows.create({
|
||||||
|
url: popupURL,
|
||||||
|
width: 800,
|
||||||
|
height: 600,
|
||||||
|
type: "panel"
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
togglePermissions() {},
|
||||||
|
install() {
|
||||||
|
|
||||||
|
|
||||||
|
if ("command" in browser) {
|
||||||
|
// keyboard shortcuts
|
||||||
|
browser.commands.onCommand.addListener(cmd => {
|
||||||
|
if (cmd in Commands) {
|
||||||
|
Commands[cmd]();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
if ("contextMenus" in browser) {
|
||||||
|
toggleCtxMenuItem();
|
||||||
|
browser.contextMenus.onClicked.addListener((info, tab) => {
|
||||||
|
if (info.menuItemId == ctxMenuId) {
|
||||||
|
this.openPageUI();
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
// wiring main UI
|
||||||
|
let ba = browser.browserAction;
|
||||||
|
if ("setIcon" in ba) {
|
||||||
|
//desktop
|
||||||
|
ba.setPopup({
|
||||||
|
popup: popupURL
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
// mobile
|
||||||
|
ba.onClicked.addListener(async tab => {
|
||||||
|
try {
|
||||||
|
await browser.tabs.remove(await browser.tabs.query({
|
||||||
|
url: popupURL
|
||||||
|
}));
|
||||||
|
} catch (e) {}
|
||||||
|
await browser.tabs.create({
|
||||||
|
url: popupFor(tab.id)
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var MessageHandler = {
|
||||||
|
responders: {
|
||||||
|
|
||||||
|
async updateSettings(settings, sender) {
|
||||||
|
await Settings.update(settings);
|
||||||
|
toggleCtxMenuItem();
|
||||||
|
},
|
||||||
|
async broadcastSettings({
|
||||||
|
tabId = -1
|
||||||
|
}) {
|
||||||
|
let policy = ns.policy.dry(true);
|
||||||
|
let seen = tabId !== -1 ? await ns.collectSeen(tabId) : null;
|
||||||
|
let xssUserChoices = await XSS.getUserChoices();
|
||||||
|
browser.runtime.sendMessage({
|
||||||
|
type: "settings",
|
||||||
|
policy,
|
||||||
|
seen,
|
||||||
|
xssUserChoices,
|
||||||
|
local: ns.local,
|
||||||
|
sync: ns.sync,
|
||||||
|
unrestrictedTab: ns.unrestrictedTabs.has(tabId),
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
exportSettings(m, sender, sendResponse) {
|
||||||
|
sendResponse(Settings.export());
|
||||||
|
return false;
|
||||||
|
},
|
||||||
|
|
||||||
|
async importSettings({
|
||||||
|
data
|
||||||
|
}) {
|
||||||
|
return await Settings.import(data);
|
||||||
|
},
|
||||||
|
|
||||||
|
async openStandalonePopup() {
|
||||||
|
let win = await browser.windows.getLastFocused({
|
||||||
|
windowTypes: ["normal"]
|
||||||
|
});
|
||||||
|
let [tab] = (await browser.tabs.query({
|
||||||
|
lastFocusedWindow: true,
|
||||||
|
active: true
|
||||||
|
}));
|
||||||
|
|
||||||
|
if (!tab || tab.id === -1) {
|
||||||
|
log("No tab found to open the UI for");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
browser.windows.create({
|
||||||
|
url: popupFor(tab.id),
|
||||||
|
width: 800,
|
||||||
|
height: 600,
|
||||||
|
top: win.top + 48,
|
||||||
|
left: win.left + 48,
|
||||||
|
type: "panel"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
},
|
||||||
|
onMessage(m, sender, sendResponse) {
|
||||||
|
let {
|
||||||
|
type
|
||||||
|
} = m;
|
||||||
|
let {
|
||||||
|
responders
|
||||||
|
} = MessageHandler;
|
||||||
|
|
||||||
|
|
||||||
|
if (type && (type = type.replace(/^NoScript\./, '')) in responders) {
|
||||||
|
return responders[type](m, sender, sendResponse);
|
||||||
|
} else {
|
||||||
|
debug("Received unkown message", m, sender);
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
},
|
||||||
|
|
||||||
|
listen() {
|
||||||
|
browser.runtime.onMessage.addListener(this.onMessage);
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
return {
|
||||||
|
running: false,
|
||||||
|
policy: null,
|
||||||
|
local: null,
|
||||||
|
sync: null,
|
||||||
|
unrestrictedTabs: new Set(),
|
||||||
|
isEnforced(tabId = -1) {
|
||||||
|
return this.policy.enforced && (tabId === -1 || !this.unrestrictedTabs.has(tabId));
|
||||||
|
},
|
||||||
|
|
||||||
|
async start() {
|
||||||
|
if (this.running) return;
|
||||||
|
this.running = true;
|
||||||
|
|
||||||
|
let initializing = init();
|
||||||
|
let wr = browser.webRequest;
|
||||||
|
let waitForPolicy = async r => {
|
||||||
|
try {
|
||||||
|
await initializing;
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
wr.onBeforeRequest.addListener(waitForPolicy, {
|
||||||
|
urls: ["<all_urls>"]
|
||||||
|
}, ["blocking"]);
|
||||||
|
await initializing;
|
||||||
|
wr.onBeforeRequest.removeListener(waitForPolicy);
|
||||||
|
|
||||||
|
await include("/bg/Settings.js");
|
||||||
|
MessageHandler.listen();
|
||||||
|
|
||||||
|
log("STARTED");
|
||||||
|
|
||||||
|
this.devMode = (await browser.management.getSelf()).installType === "development";
|
||||||
|
if (this.local.debug) {
|
||||||
|
if (this.devMode) {
|
||||||
|
include("/test/run.js");
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
debug = () => {}; // suppress verbosity
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
if (!this.running) return;
|
||||||
|
this.running = false;
|
||||||
|
RequestGuard.stop();
|
||||||
|
log("STOPPED");
|
||||||
|
},
|
||||||
|
|
||||||
|
async savePolicy() {
|
||||||
|
if (this.policy) {
|
||||||
|
await Storage.set("sync", {
|
||||||
|
policy: this.policy.dry()
|
||||||
|
});
|
||||||
|
await browser.webRequest.handlerBehaviorChanged()
|
||||||
|
}
|
||||||
|
return this.policy;
|
||||||
|
},
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
async save(obj) {
|
||||||
|
if (obj && obj.storage) {
|
||||||
|
let toBeSaved = {
|
||||||
|
[obj.storage]: obj
|
||||||
|
};
|
||||||
|
Storage.set(obj.storage, toBeSaved);
|
||||||
|
}
|
||||||
|
return obj;
|
||||||
|
},
|
||||||
|
|
||||||
|
async collectSeen(tabId) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
let seen = Array.from(await browser.tabs.sendMessage(tabId, {
|
||||||
|
type: "collect"
|
||||||
|
}, {
|
||||||
|
frameId: 0
|
||||||
|
}));
|
||||||
|
debug("Collected seen", seen);
|
||||||
|
return seen;
|
||||||
|
} catch (e) {
|
||||||
|
// probably a page where content scripts cannot run, let's open the options instead
|
||||||
|
error(e, "Cannot collect noscript activity data");
|
||||||
|
}
|
||||||
|
|
||||||
|
return null;
|
||||||
|
},
|
||||||
|
};
|
||||||
|
})();
|
||||||
|
|
||||||
|
ns.start();
|
|
@ -0,0 +1,30 @@
|
||||||
|
var Entities = {
|
||||||
|
get htmlNode() {
|
||||||
|
delete this.htmlNode;
|
||||||
|
return this.htmlNode = document.implementation.createHTMLDocument("")
|
||||||
|
.createElement("body");
|
||||||
|
},
|
||||||
|
convert: function(e) {
|
||||||
|
try {
|
||||||
|
this.htmlNode.innerHTML = e;
|
||||||
|
var child = this.htmlNode.firstChild || null;
|
||||||
|
return child && child.nodeValue || e;
|
||||||
|
} catch(ex) {
|
||||||
|
return e;
|
||||||
|
}
|
||||||
|
},
|
||||||
|
convertAll: function(s) {
|
||||||
|
return s.replace(/[\\&][^<>]+/g, function(e) { return Entities.convert(e) });
|
||||||
|
},
|
||||||
|
convertDeep: function(s) {
|
||||||
|
for (var prev = null; (s = this.convertAll(s)) !== prev || (s = unescape(s)) !== prev; prev = s);
|
||||||
|
return s;
|
||||||
|
},
|
||||||
|
neutralize: function(e, whitelist) {
|
||||||
|
var c = this.convert(e);
|
||||||
|
return (c == e) ? c : (whitelist && whitelist.test(c) ? e : e.replace(";", ","));
|
||||||
|
},
|
||||||
|
neutralizeAll: function(s, whitelist) {
|
||||||
|
return s.replace(/&[\w#-]*?;/g, function(e) { return Entities.neutralize(e, whitelist || null); });
|
||||||
|
}
|
||||||
|
};
|
|
@ -0,0 +1,390 @@
|
||||||
|
var {Permissions, Policy, Sites} = (() => {
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
const SECURE_DOMAIN_PREFIX = "§:";
|
||||||
|
const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`);
|
||||||
|
const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i");
|
||||||
|
const SKIP_RX = /^(?:(?:about|chrome|resource|moz-.*):|\[System)/;
|
||||||
|
|
||||||
|
class Sites extends Map {
|
||||||
|
static secureDomainKey(domain) {
|
||||||
|
return domain.includes(":") ? domain : `${SECURE_DOMAIN_PREFIX}${domain}`;
|
||||||
|
}
|
||||||
|
static isSecureDomainKey(domain) {
|
||||||
|
return domain.startsWith(SECURE_DOMAIN_PREFIX);
|
||||||
|
}
|
||||||
|
static toggleSecureDomainKey(domain, b = !Sites.isSecureDomainKey(domain)) {
|
||||||
|
return b ? Sites.secureDomainKey(domain) : domain.replace(SECURE_DOMAIN_RX, '');
|
||||||
|
}
|
||||||
|
|
||||||
|
static isValid(site) {
|
||||||
|
return /^(?:https?:(?:\/\/)?)?([\w\u0100-\uf000][\w\u0100-\uf000.-]*)?[\w\u0100-\uf000](?::\d+)?$/.test(site);
|
||||||
|
}
|
||||||
|
|
||||||
|
static parse(site) {
|
||||||
|
let url, siteKey = "";
|
||||||
|
if (site instanceof URL) {
|
||||||
|
url = site;
|
||||||
|
} else {
|
||||||
|
try {
|
||||||
|
url = new URL(site);
|
||||||
|
} catch (e) {
|
||||||
|
siteKey = typeof site === "string" ? site : site.toString();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (url) {
|
||||||
|
let path = url.pathname;
|
||||||
|
siteKey = url.origin;
|
||||||
|
if (path !== '/') siteKey += path;
|
||||||
|
}
|
||||||
|
return {url, siteKey};
|
||||||
|
}
|
||||||
|
|
||||||
|
static optimalKey(site) {
|
||||||
|
let {url, siteKey} = Sites.parse(site);
|
||||||
|
if (url && url.protocol === "https:") return Sites.secureDomainKey(tld.getDomain(url.hostname));
|
||||||
|
return url && url.origin || siteKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
static origin(site) {
|
||||||
|
try {
|
||||||
|
return new URL(site).origin;
|
||||||
|
} catch (e) {};
|
||||||
|
return site;
|
||||||
|
}
|
||||||
|
|
||||||
|
static toExternal(url) { // domains are stored in punycode internally
|
||||||
|
let s = typeof url === "string" ? url : url && url.toString() || "";
|
||||||
|
if (s.startsWith(SECURE_DOMAIN_PREFIX)) s = s.substring(SECURE_DOMAIN_PREFIX.length);
|
||||||
|
let [,domain] = DOMAIN_RX.exec(s);
|
||||||
|
return domain.startsWith("xn--") ?
|
||||||
|
s.replace(domain, punycode.toUnicode(domain))
|
||||||
|
: s;
|
||||||
|
}
|
||||||
|
|
||||||
|
set(k, v) {
|
||||||
|
if (!k || SKIP_RX.test(k)) return this;
|
||||||
|
let [,domain] = DOMAIN_RX.exec(k);
|
||||||
|
if (/[^\u0000-\u007f]/.test(domain)) {
|
||||||
|
k = k.replace(domain, punycode.toASCII(domain));
|
||||||
|
}
|
||||||
|
return super.set(k, v);
|
||||||
|
}
|
||||||
|
|
||||||
|
match(site) {
|
||||||
|
if (site && this.size) {
|
||||||
|
if (this.has(site)) return site;
|
||||||
|
|
||||||
|
let {url, siteKey} = Sites.parse(site);
|
||||||
|
|
||||||
|
if (site !== siteKey && this.has(siteKey)) {
|
||||||
|
return siteKey;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (url) {
|
||||||
|
let {origin} = url;
|
||||||
|
if (origin && origin !== "null" && origin < siteKey && this.has(origin)) {
|
||||||
|
return origin;
|
||||||
|
}
|
||||||
|
let domain = this.domainMatch(url);
|
||||||
|
if (domain) return domain;
|
||||||
|
let protocol = url.protocol;
|
||||||
|
if (this.has(protocol)) {
|
||||||
|
return protocol;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
domainMatch(url) {
|
||||||
|
let {protocol, hostname} = url;
|
||||||
|
if (!hostname) return null;
|
||||||
|
|
||||||
|
let secure = protocol === "https:";
|
||||||
|
for (let domain = hostname;;) {
|
||||||
|
if (this.has(domain)) {
|
||||||
|
return domain;
|
||||||
|
}
|
||||||
|
if (secure) {
|
||||||
|
let ssDomain = Sites.secureDomainKey(domain);
|
||||||
|
if (this.has(ssDomain)) {
|
||||||
|
return ssDomain;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let dotPos = domain.indexOf(".");
|
||||||
|
if (dotPos === -1) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
domain = domain.substring(dotPos + 1); // sub
|
||||||
|
if (!domain) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
dry() {
|
||||||
|
let dry;
|
||||||
|
if (this.size) {
|
||||||
|
dry = Object.create(null);
|
||||||
|
for (let [key, perms] of this) {
|
||||||
|
dry[key] = perms.dry();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return dry;
|
||||||
|
}
|
||||||
|
|
||||||
|
static hydrate(dry, obj = new Sites()) {
|
||||||
|
if (dry) {
|
||||||
|
for (let [key, dryPerms] of Object.entries(dry)) {
|
||||||
|
obj.set(key, Permissions.hydrate(dryPerms));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return obj;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class Permissions {
|
||||||
|
|
||||||
|
constructor(capabilities, temp = false, contextual = null) {
|
||||||
|
this.capabilities = new Set(capabilities);
|
||||||
|
this.temp = temp;
|
||||||
|
this.contextual = contextual instanceof Sites ? contextual : new Sites(contextual);
|
||||||
|
}
|
||||||
|
|
||||||
|
dry() {
|
||||||
|
return {capabilities: [...this.capabilities], contextual: this.contextual.dry(), temp: this.temp};
|
||||||
|
}
|
||||||
|
|
||||||
|
static hydrate(dry = {}, obj = null) {
|
||||||
|
let capabilities = new Set(dry.capabilities);
|
||||||
|
let contextual = Sites.hydrate(dry.contextual);
|
||||||
|
let temp = dry.temp;
|
||||||
|
return obj ? Object.assign(obj, {capabilities, temp, contextual, _tempTwin: undefined})
|
||||||
|
: new Permissions(capabilities, temp, contextual);
|
||||||
|
}
|
||||||
|
|
||||||
|
static typed(capability, type) {
|
||||||
|
let [capName] = capability.split(":");
|
||||||
|
return `${capName}:${type}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
allowing(capability) {
|
||||||
|
return this.capabilities.has(capability);
|
||||||
|
}
|
||||||
|
|
||||||
|
set(capability, enabled = true) {
|
||||||
|
if (enabled) {
|
||||||
|
this.capabilities.add(capability);
|
||||||
|
} else {
|
||||||
|
this.capabilities.delete(capability);
|
||||||
|
}
|
||||||
|
return enabled;
|
||||||
|
}
|
||||||
|
|
||||||
|
get tempTwin() {
|
||||||
|
return this._tempTwin || (this._tempTwin = new Permissions(this.capabilities, true, this.contextual));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Permissions.ALL = ["script", "object", "media", "frame", "font", "webgl", "fetch", "other"];
|
||||||
|
Permissions.IMMUTABLE = {
|
||||||
|
UNTRUSTED: {
|
||||||
|
"script": false,
|
||||||
|
"object": false,
|
||||||
|
"webgl": false,
|
||||||
|
"fetch": false,
|
||||||
|
"other": false,
|
||||||
|
},
|
||||||
|
TRUSTED: {
|
||||||
|
"script": true,
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
Object.freeze(Permissions.ALL);
|
||||||
|
|
||||||
|
function defaultOptions() {
|
||||||
|
return {
|
||||||
|
sites:{
|
||||||
|
trusted: `addons.mozilla.org
|
||||||
|
afx.ms ajax.aspnetcdn.com
|
||||||
|
ajax.googleapis.com bootstrapcdn.com
|
||||||
|
code.jquery.com firstdata.com firstdata.lv gfx.ms
|
||||||
|
google.com googlevideo.com gstatic.com
|
||||||
|
hotmail.com live.com live.net
|
||||||
|
maps.googleapis.com mozilla.net
|
||||||
|
netflix.com nflxext.com nflximg.com nflxvideo.net
|
||||||
|
noscript.net
|
||||||
|
outlook.com passport.com passport.net passportimages.com
|
||||||
|
paypal.com paypalobjects.com
|
||||||
|
securecode.com securesuite.net sfx.ms tinymce.cachefly.net
|
||||||
|
wlxrs.com
|
||||||
|
yahoo.com yahooapis.com
|
||||||
|
yimg.com youtube.com ytimg.com`.split(/\s+/).map(Sites.secureDomainKey),
|
||||||
|
untrusted: [],
|
||||||
|
custom: {},
|
||||||
|
},
|
||||||
|
DEFAULT: new Permissions(["frame", "fetch", "other"]),
|
||||||
|
TRUSTED: new Permissions(Permissions.ALL),
|
||||||
|
UNTRUSTED: new Permissions(),
|
||||||
|
enforced: true,
|
||||||
|
autoAllowTop: false,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
function normalizePolicyOptions(dry) {
|
||||||
|
let options = Object.assign({}, dry);
|
||||||
|
for (let p of ["DEFAULT", "TRUSTED", "UNTRUSTED"]) {
|
||||||
|
options[p] = dry[p] instanceof Permissions ? dry[p] : Permissions.hydrate(dry[p]);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) {
|
||||||
|
let {trusted, untrusted, temp, custom} = dry.sites;
|
||||||
|
let sites = Sites.hydrate(custom);
|
||||||
|
for (let key of trusted) sites.set(key, options.TRUSTED);
|
||||||
|
for (let key of untrusted) sites.set(key, options.UNTRUSTED);
|
||||||
|
if (temp) {
|
||||||
|
let tempPreset = options.TRUSTED.tempTwin;
|
||||||
|
for (let key of temp) sites.set(key, tempPreset);
|
||||||
|
}
|
||||||
|
options.sites = sites;
|
||||||
|
}
|
||||||
|
enforceImmutable(options);
|
||||||
|
return options;
|
||||||
|
}
|
||||||
|
|
||||||
|
function enforceImmutable(policy) {
|
||||||
|
for (let [preset, filter] of Object.entries(Permissions.IMMUTABLE)) {
|
||||||
|
let presetCaps = policy[preset].capabilities;
|
||||||
|
for (let [cap, value] of Object.entries(filter)) {
|
||||||
|
if (value) presetCaps.add(cap);
|
||||||
|
else presetCaps.delete(cap);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class Policy {
|
||||||
|
|
||||||
|
constructor(options = defaultOptions()) {
|
||||||
|
Object.assign(this, normalizePolicyOptions(options));
|
||||||
|
}
|
||||||
|
|
||||||
|
static hydrate(dry, policyObj) {
|
||||||
|
return policyObj ? Object.assign(policyObj, normalizePolicyOptions(dry))
|
||||||
|
: new Policy(dry);
|
||||||
|
}
|
||||||
|
|
||||||
|
dry(includeTemp = false) {
|
||||||
|
let trusted = [],
|
||||||
|
temp = [],
|
||||||
|
untrusted = [],
|
||||||
|
custom = Object.create(null);
|
||||||
|
|
||||||
|
const {DEFAULT, TRUSTED, UNTRUSTED} = this;
|
||||||
|
for(let [key, perms] of this.sites) {
|
||||||
|
if (!includeTemp && perms.temp) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
switch(perms) {
|
||||||
|
case TRUSTED:
|
||||||
|
trusted.push(key);
|
||||||
|
break;
|
||||||
|
case TRUSTED.tempTwin:
|
||||||
|
temp.push(key);
|
||||||
|
break;
|
||||||
|
case UNTRUSTED:
|
||||||
|
untrusted.push(key);
|
||||||
|
break;
|
||||||
|
case DEFAULT:
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
custom[key] = perms.dry();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let sites = {
|
||||||
|
trusted,
|
||||||
|
untrusted,
|
||||||
|
custom
|
||||||
|
};
|
||||||
|
if (includeTemp) {
|
||||||
|
sites.temp = temp;
|
||||||
|
}
|
||||||
|
enforceImmutable(this);
|
||||||
|
return {
|
||||||
|
DEFAULT: DEFAULT.dry(),
|
||||||
|
TRUSTED: TRUSTED.dry(),
|
||||||
|
UNTRUSTED: UNTRUSTED.dry(),
|
||||||
|
sites,
|
||||||
|
enforced: this.enforced,
|
||||||
|
autoAllowTop: this.autoAllowTop,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
static requestKey(url, type, documentUrl, includePath = false) {
|
||||||
|
url = includePath ? Sites.parse(url).siteKey : Sites.origin(url);
|
||||||
|
return `${type}@${url}<${Sites.origin(documentUrl)}`;
|
||||||
|
}
|
||||||
|
|
||||||
|
static explodeKey(requestKey) {
|
||||||
|
let [, type, url, documentUrl] = /(\w+)@([^<]+)<(.*)/.exec(requestKey);
|
||||||
|
return {url, type, documentUrl};
|
||||||
|
}
|
||||||
|
|
||||||
|
set(site, perms, cascade = false) {
|
||||||
|
let sites = this.sites;
|
||||||
|
let {url, siteKey} = Sites.parse(site);
|
||||||
|
|
||||||
|
sites.delete(siteKey);
|
||||||
|
|
||||||
|
if (perms === this.UNTRUSTED) {
|
||||||
|
cascade = true;
|
||||||
|
Sites.toggleSecureDomainKey(siteKey, false);
|
||||||
|
}
|
||||||
|
if (cascade && !url) {
|
||||||
|
for (let subMatch; (subMatch = sites.match(siteKey));) {
|
||||||
|
sites.delete(subMatch);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!perms || perms === this.DEFAULT) {
|
||||||
|
perms = this.DEFAULT;
|
||||||
|
} else {
|
||||||
|
sites.set(siteKey, perms);
|
||||||
|
}
|
||||||
|
return {siteKey, perms};
|
||||||
|
}
|
||||||
|
|
||||||
|
get(site, ctx = null) {
|
||||||
|
let perms, contextMatch;
|
||||||
|
let siteMatch = !(this.onlySecure && /^\w+tp:/i.test(site)) && this.sites.match(site);
|
||||||
|
if (siteMatch) {
|
||||||
|
perms = this.sites.get(siteMatch);
|
||||||
|
if (ctx) {
|
||||||
|
contextMatch = perms.contextual.match(ctx);
|
||||||
|
if (contextMatch) perms = perms.contextual.get(ctx);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
perms = this.DEFAULT;
|
||||||
|
}
|
||||||
|
|
||||||
|
return {perms, siteMatch, contextMatch};
|
||||||
|
}
|
||||||
|
|
||||||
|
can(url, capability = "script", ctx = null) {
|
||||||
|
return !this.enforced ||
|
||||||
|
this.get(url, ctx).perms.allowing(capability);
|
||||||
|
}
|
||||||
|
|
||||||
|
get snapshot() {
|
||||||
|
return JSON.stringify(this.dry(true));
|
||||||
|
}
|
||||||
|
|
||||||
|
equals(other) {
|
||||||
|
this.snapshot === other.snapshot;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return {Permissions, Policy, Sites};
|
||||||
|
})();
|
|
@ -0,0 +1,24 @@
|
||||||
|
var Storage = {
|
||||||
|
|
||||||
|
async safeOp(op, type, keys) {
|
||||||
|
try {
|
||||||
|
return await browser.storage[type][op](keys);
|
||||||
|
} catch (e) {
|
||||||
|
if (type === "sync") {
|
||||||
|
debug("Sync disabled? Falling back to local storage (%s %o)", op, keys);
|
||||||
|
} else {
|
||||||
|
error(e);
|
||||||
|
throw e;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return await browser.storage.local[op](keys);
|
||||||
|
},
|
||||||
|
|
||||||
|
async get(type, keys) {
|
||||||
|
return await this.safeOp("get", type, keys);
|
||||||
|
},
|
||||||
|
|
||||||
|
async set(type, keys) {
|
||||||
|
return await this.safeOp("set", type, keys);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
class SyntaxChecker {
|
||||||
|
constructor() {
|
||||||
|
this.lastError = null;
|
||||||
|
this.lastFunction = null;
|
||||||
|
this.lastScript = "";
|
||||||
|
}
|
||||||
|
check(script) {
|
||||||
|
this.lastScript = script;
|
||||||
|
try {
|
||||||
|
return !!(this.lastFunction = new Function(script));
|
||||||
|
} catch(e) {
|
||||||
|
this.lastError = e;
|
||||||
|
this.lastFunction = null;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
unquote(s, q) {
|
||||||
|
// check that this is really a double or a single quoted string...
|
||||||
|
if (s.length > 1 && s.startsWith(q) && s.endsWith(q) &&
|
||||||
|
// if nothing is left if you remove all he escapes and all the stuff between quotes
|
||||||
|
s.replace(/\\./g, '').replace(/^(['"])[^\n\r]*?\1/, '') === '') {
|
||||||
|
try {
|
||||||
|
return eval(s);
|
||||||
|
} catch (e) {
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,45 @@
|
||||||
|
'use strict';
|
||||||
|
var _ = browser.i18n.getMessage;
|
||||||
|
var i18n = (() => {
|
||||||
|
var i18n = {
|
||||||
|
// derived from http://github.com/piroor/webextensions-lib-l10n
|
||||||
|
|
||||||
|
updateString(aString) {
|
||||||
|
return aString.replace(/__MSG_(.+?)__/g, function(aMatched) {
|
||||||
|
var key = aMatched.slice(6, -2);
|
||||||
|
return _(key);
|
||||||
|
});
|
||||||
|
},
|
||||||
|
updateDOM(rootNode = document) {
|
||||||
|
var texts = document.evaluate(
|
||||||
|
'descendant::text()[contains(self::text(), "__MSG_")]',
|
||||||
|
rootNode,
|
||||||
|
null,
|
||||||
|
XPathResult.ORDERED_NODE_SNAPSHOT_TYPE,
|
||||||
|
null
|
||||||
|
);
|
||||||
|
for (let i = 0, maxi = texts.snapshotLength; i < maxi; i++)
|
||||||
|
{
|
||||||
|
let text = texts.snapshotItem(i);
|
||||||
|
text.nodeValue = this.updateString(text.nodeValue);
|
||||||
|
}
|
||||||
|
|
||||||
|
var attributes = document.evaluate(
|
||||||
|
'descendant::*/attribute::*[contains(., "__MSG_")]',
|
||||||
|
rootNode,
|
||||||
|
null,
|
||||||
|
XPathResult.ORDERED_NODE_SNAPSHOT_TYPE,
|
||||||
|
null
|
||||||
|
);
|
||||||
|
for (let i = 0, maxi = attributes.snapshotLength; i < maxi; i++)
|
||||||
|
{
|
||||||
|
let attribute = attributes.snapshotItem(i);
|
||||||
|
debug('apply', attribute);
|
||||||
|
attribute.value = this.updateString(attribute.value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
document.addEventListener('DOMContentLoaded', e => i18n.updateDOM());
|
||||||
|
return i18n;
|
||||||
|
})()
|
|
@ -0,0 +1,71 @@
|
||||||
|
a.__NoScript_PlaceHolder__ {
|
||||||
|
outline: 2px solid #048;
|
||||||
|
color: #048;
|
||||||
|
text-decoration: none;
|
||||||
|
text-align: center;
|
||||||
|
background: rgba(255,250,200, .7) no-repeat center;
|
||||||
|
background-size: 256px;
|
||||||
|
visibility: visible !important;
|
||||||
|
cursor: pointer;
|
||||||
|
opacity: 0.8;
|
||||||
|
transition: 1s all;
|
||||||
|
}
|
||||||
|
|
||||||
|
a.__NoScript_PlaceHolder__:hover {
|
||||||
|
opacity: 1;
|
||||||
|
text-decoration: underline;
|
||||||
|
background-size: 128px;
|
||||||
|
background-position: top left;
|
||||||
|
}
|
||||||
|
|
||||||
|
a.__NoScript_PlaceHolder__.closing {
|
||||||
|
transition: .4s all;
|
||||||
|
opacity: 0;
|
||||||
|
transform: scale(0, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
a.__NoScript_PlaceHolder__ > span {
|
||||||
|
display: flex !important;
|
||||||
|
flex-direction: row;
|
||||||
|
justify-content: space-around;
|
||||||
|
align-items: center;
|
||||||
|
position: relative;
|
||||||
|
padding: 0;
|
||||||
|
margin: 0;
|
||||||
|
width: 100%;
|
||||||
|
height: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.__NoScript_PlaceHolder__ button {
|
||||||
|
appearance: none;
|
||||||
|
-moz-appearance: none;
|
||||||
|
border: none;
|
||||||
|
position: absolute;
|
||||||
|
top: 0;
|
||||||
|
right: 0;
|
||||||
|
display: block;
|
||||||
|
color: #800;
|
||||||
|
font-size: 16px;
|
||||||
|
font-family: sans-serif;
|
||||||
|
padding: 0 4px;
|
||||||
|
margin: 0;
|
||||||
|
background: none;
|
||||||
|
transition: .2s all;
|
||||||
|
}
|
||||||
|
.__NoScript_PlaceHolder__ button:hover {
|
||||||
|
|
||||||
|
color: white;
|
||||||
|
text-shadow: -2px 0 2px red, 2px 0 2px red;
|
||||||
|
}
|
||||||
|
|
||||||
|
.__NoScript_PlaceHolder__ > span > span {
|
||||||
|
display: block;
|
||||||
|
font-size: 18px;
|
||||||
|
background: rgba(255, 250, 200, .5);
|
||||||
|
border-radius: 8px;
|
||||||
|
padding: 8px;
|
||||||
|
margin: 0;
|
||||||
|
font-family: sans-serif;
|
||||||
|
overflow-wrap: break-word;
|
||||||
|
word-break: break-all;
|
||||||
|
}
|
|
@ -0,0 +1,107 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
// debug = () => {}; // XPI_ONLY
|
||||||
|
|
||||||
|
var _ = browser.i18n.getMessage;
|
||||||
|
|
||||||
|
var canScript = true;
|
||||||
|
|
||||||
|
var embeddingDocument = false;
|
||||||
|
|
||||||
|
var seen = {
|
||||||
|
_map: new Map(),
|
||||||
|
_list: null,
|
||||||
|
record(event) {
|
||||||
|
let key = event.request.key;
|
||||||
|
if (this._map.has(key)) return;
|
||||||
|
this._map.set(key, event);
|
||||||
|
this._list = null;
|
||||||
|
},
|
||||||
|
get list() {
|
||||||
|
return this._list || (this._list = [...this._map.values()]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var handlers = {
|
||||||
|
|
||||||
|
seen(event) {
|
||||||
|
let {allowed, policyType, request, ownFrame} = event;
|
||||||
|
if (window.top === window) {
|
||||||
|
seen.record(event);
|
||||||
|
}
|
||||||
|
if (ownFrame) {
|
||||||
|
init();
|
||||||
|
if (!allowed && PlaceHolder.canReplace(policyType)) {
|
||||||
|
request.embeddingDocument = embeddingDocument;
|
||||||
|
PlaceHolder.create(policyType, request);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
collect(event) {
|
||||||
|
let list = seen.list;
|
||||||
|
debug("COLLECT", list);
|
||||||
|
return list;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
browser.runtime.onMessage.addListener(async event => {
|
||||||
|
if (event.type in handlers) {
|
||||||
|
debug("Received message", event);
|
||||||
|
return handlers[event.type](event);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
if (document.readyState !== "complete") {
|
||||||
|
let pageshown = e => {
|
||||||
|
removeEventListener("pageshow", pageshown);
|
||||||
|
init();
|
||||||
|
};
|
||||||
|
addEventListener("pageshow", pageshown);
|
||||||
|
} else init();
|
||||||
|
|
||||||
|
let notifyPage = () => {
|
||||||
|
if (document.readyState === "complete") {
|
||||||
|
browser.runtime.sendMessage({type: "pageshow", seen, canScript});
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
async function init() {
|
||||||
|
try {
|
||||||
|
canScript = await browser.runtime.sendMessage({type: "canScript"});
|
||||||
|
init = () => {};
|
||||||
|
debug("canScript:", canScript);
|
||||||
|
} catch (e) {
|
||||||
|
// background script not initialized yet?
|
||||||
|
setTimeout(() => init(), 100);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!canScript) onScriptDisabled();
|
||||||
|
seen.record({
|
||||||
|
request: {
|
||||||
|
key: "noscript-probe",
|
||||||
|
url: document.URL,
|
||||||
|
documentUrl: document.URL,
|
||||||
|
type: window === window.top ? "main_frame" : "script",
|
||||||
|
},
|
||||||
|
allowed: canScript
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
|
debug(`Loading NoScript in document %s, scripting=%s, content type %s readyState %s`,
|
||||||
|
document.URL, canScript, document.contentType, document.readyState);
|
||||||
|
|
||||||
|
if (/application|video|audio/.test(document.contentType)) {
|
||||||
|
debug("Embedding document detected");
|
||||||
|
embeddingDocument = true;
|
||||||
|
window.addEventListener("pageshow", e => {
|
||||||
|
debug("Active content still in document %s: %o", document.url, document.querySelectorAll("embed,object,video,audio"));
|
||||||
|
}, true);
|
||||||
|
// document.write("<plaintext>");
|
||||||
|
}
|
||||||
|
notifyPage() || addEventListener("pageshow", notifyPage);
|
||||||
|
};
|
|
@ -0,0 +1,59 @@
|
||||||
|
console.log("Media Hook", document.documentElement.innerHTML);
|
||||||
|
try {
|
||||||
|
(() => {
|
||||||
|
let unpatched = new Map();
|
||||||
|
function patch(obj, methodName, replacement) {
|
||||||
|
let methods = unpatched.get(obj) || {};
|
||||||
|
methods[methodName] = obj[methodName];
|
||||||
|
exportFunction(replacement, obj, {defineAs: methodName});
|
||||||
|
unpatched.set(obj, methods);
|
||||||
|
}
|
||||||
|
patch(window.console, "log", function(s, ...args) {
|
||||||
|
unpatched.get(window.console).log.call(`PATCHED ${s}`, ...args);
|
||||||
|
});
|
||||||
|
let urlMap = new WeakMap();
|
||||||
|
patch(window.URL, "createObjectURL", function(o, ...args) {
|
||||||
|
let url = unpatched.get(window.URL).createObjectURL.call(this, o, ...args);
|
||||||
|
if (o instanceof MediaSource) {
|
||||||
|
let urls = urlMap.get(o);
|
||||||
|
if (!urls) urlMap.set(o, urls = new Set());
|
||||||
|
urls.add(url);
|
||||||
|
}
|
||||||
|
return url;
|
||||||
|
});
|
||||||
|
|
||||||
|
patch(window.MediaSource.prototype, "addSourceBuffer", function(mime, ...args) {
|
||||||
|
let ms = this;
|
||||||
|
let urls = urlMap.get(ms);
|
||||||
|
let me = Array.from(document.querySelectorAll("video,audio"))
|
||||||
|
.find(e => e.srcObject === ms || urls && urls.has(e.src));
|
||||||
|
let exposedMime = `${mime} (MSE)`;
|
||||||
|
|
||||||
|
let request = {
|
||||||
|
id: "noscript-media",
|
||||||
|
type: "media",
|
||||||
|
url: document.URL,
|
||||||
|
documentUrl: document.URL,
|
||||||
|
embeddingDocument: true,
|
||||||
|
};
|
||||||
|
seen.record({policyType: "media", request, allowed: false});
|
||||||
|
notifyPage();
|
||||||
|
|
||||||
|
if (window.mediaBlocker) {
|
||||||
|
try {
|
||||||
|
let ph = PlaceHolder.create("media", request);
|
||||||
|
ph.replace(me);
|
||||||
|
PlaceHolder.listen();
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
throw new Error(`${exposedMime} blocked by NoScript`);
|
||||||
|
}
|
||||||
|
|
||||||
|
return unpatched.get(window.MediaSource.prototype).addSourceBuffer.call(ms, mime, ...args);
|
||||||
|
});
|
||||||
|
|
||||||
|
})();
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Cannot patch MediaSource");
|
||||||
|
}
|
|
@ -0,0 +1,74 @@
|
||||||
|
function onScriptDisabled() {
|
||||||
|
for (let noscript of document.querySelectorAll("noscript")) {
|
||||||
|
// force show NOSCRIPT elements content
|
||||||
|
let replacement = document.createElement("div");
|
||||||
|
replacement.innerHTML = noscript.innerHTML;
|
||||||
|
noscript.parentNode.replaceChild(replacement, noscript);
|
||||||
|
// emulate meta-refresh
|
||||||
|
let meta = replacement.querySelector('meta[http-equiv="refresh"]');
|
||||||
|
if (meta) {
|
||||||
|
let content = meta.getAttribute("content");
|
||||||
|
if (content) {
|
||||||
|
let [secs, url] = content.split(/\s*;\s*url\s*=\s*/i);
|
||||||
|
if (url) {
|
||||||
|
try {
|
||||||
|
let urlObj = new URL(url);
|
||||||
|
if (!/^https?:/.test(urlObj.protocol)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
}
|
||||||
|
window.setTimeout(() => location.href = url, (parseInt(secs) || 0) * 1000);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
let eraser = {
|
||||||
|
tapped: null,
|
||||||
|
delKey: false,
|
||||||
|
};
|
||||||
|
|
||||||
|
addEventListener("pagehide", ev => {
|
||||||
|
eraser.tapped = null;
|
||||||
|
eraser.delKey = false;
|
||||||
|
}, false);
|
||||||
|
|
||||||
|
addEventListener("keyup", ev => {
|
||||||
|
let el = eraser.tapped;
|
||||||
|
if (el && ev.keyCode === 46) {
|
||||||
|
eraser.tapped = null;
|
||||||
|
eraser.delKey = true;
|
||||||
|
let doc = el.ownerDocument;
|
||||||
|
let w = doc.defaultView;
|
||||||
|
if (w.getSelection().isCollapsed) {
|
||||||
|
let root = doc.body || doc.documentElement;
|
||||||
|
let posRx = /^(?:absolute|fixed)$/;
|
||||||
|
do {
|
||||||
|
if (posRx.test(w.getComputedStyle(el, '').position)) {
|
||||||
|
(eraser.tapped = el.parentNode).removeChild(el);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
} while ((el = el.parentNode) && el != root);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
|
|
||||||
|
addEventListener("mousedown", ev => {
|
||||||
|
if (ev.button === 0) {
|
||||||
|
eraser.tapped = ev.target;
|
||||||
|
eraser.delKey = false;
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
|
|
||||||
|
addEventListener("mouseup", ev => {
|
||||||
|
if (eraser.delKey) {
|
||||||
|
eraser.delKey = false;
|
||||||
|
ev.preventDefault();
|
||||||
|
ev.stopPropagation();
|
||||||
|
}
|
||||||
|
eraser.tapped = null;
|
||||||
|
}, true);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
console.log("WebGL Hook", document.documentElement.innerHTML);
|
||||||
|
try {
|
||||||
|
let proto = HTMLCanvasElement.prototype;
|
||||||
|
let getContext = proto.getContext;
|
||||||
|
exportFunction(function(type, ...rest) {
|
||||||
|
if (type && type.toLowerCase().includes("webgl")) {
|
||||||
|
let request = {
|
||||||
|
id: "noscript-webgl",
|
||||||
|
type: "webgl",
|
||||||
|
url: document.URL,
|
||||||
|
documentUrl: document.URL,
|
||||||
|
embeddingDocument: true,
|
||||||
|
};
|
||||||
|
seen.record({policyType: "webgl", request, allowed: false});
|
||||||
|
try {
|
||||||
|
let ph = PlaceHolder.create("webgl", request);
|
||||||
|
ph.replace(this);
|
||||||
|
PlaceHolder.listen();
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
notifyPage();
|
||||||
|
return {};
|
||||||
|
}
|
||||||
|
return getContext.call(this, type, ...rest);
|
||||||
|
}, proto, {defineAs: "getContext"});
|
||||||
|
} catch (e) {
|
||||||
|
console.error(e);
|
||||||
|
}
|
||||||
|
|
||||||
|
null;
|
After Width: | Height: | Size: 3.7 KiB |
After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 5.0 KiB |
After Width: | Height: | Size: 11 KiB |
After Width: | Height: | Size: 40 KiB |
After Width: | Height: | Size: 5.2 KiB |
After Width: | Height: | Size: 6.3 KiB |
After Width: | Height: | Size: 1.9 KiB |
After Width: | Height: | Size: 7.9 KiB |
After Width: | Height: | Size: 4.3 KiB |
After Width: | Height: | Size: 6.5 KiB |
After Width: | Height: | Size: 2.6 KiB |
After Width: | Height: | Size: 2.6 KiB |
After Width: | Height: | Size: 20 KiB |
After Width: | Height: | Size: 5.9 KiB |
After Width: | Height: | Size: 7.2 KiB |
After Width: | Height: | Size: 2.5 KiB |
After Width: | Height: | Size: 7.2 KiB |
After Width: | Height: | Size: 7.0 KiB |
After Width: | Height: | Size: 4.6 KiB |
After Width: | Height: | Size: 3.3 KiB |
After Width: | Height: | Size: 6.1 KiB |
After Width: | Height: | Size: 7.0 KiB |
After Width: | Height: | Size: 6.1 KiB |
After Width: | Height: | Size: 2.8 KiB |
|
@ -0,0 +1,147 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
var Legacy = {
|
||||||
|
|
||||||
|
async init() {
|
||||||
|
let migrated = (await browser.storage.local.get("legacyBackup")).legacyBackup;
|
||||||
|
let real = await this.import(migrated);
|
||||||
|
this.init = async () => real;
|
||||||
|
return real;
|
||||||
|
},
|
||||||
|
|
||||||
|
async import(migrated) {
|
||||||
|
if (this.migrated) this.undo = this.migrated;
|
||||||
|
this.migrated = (migrated && migrated.prefs) ? migrated : {prefs: {}};
|
||||||
|
await include("/legacy/defaults.js");
|
||||||
|
return 'whitelist' in this.migrated; // "real" migration with custom policy
|
||||||
|
},
|
||||||
|
|
||||||
|
async persist() {
|
||||||
|
await browser.storage.local.set({legacyBackup: this.migrated});
|
||||||
|
},
|
||||||
|
|
||||||
|
getPref(name, def) {
|
||||||
|
return name in this.migrated.prefs ? this.migrated.prefs[name] : def;
|
||||||
|
},
|
||||||
|
|
||||||
|
getRxPref(name, parseRx = Legacy.RX.multi, flags, def) {
|
||||||
|
let source = this.getPref(name, def);
|
||||||
|
if (source instanceof RegExp) return source;
|
||||||
|
try {
|
||||||
|
return parseRx(source, flags);
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Parsing RegExp preference %s, falling back to %s", name, def);
|
||||||
|
if (def) {
|
||||||
|
if (def instanceof RegExp) {
|
||||||
|
return def;
|
||||||
|
}
|
||||||
|
try {
|
||||||
|
return parseRx(def, flags);
|
||||||
|
} catch(e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
},
|
||||||
|
|
||||||
|
async createOrMigratePolicy() {
|
||||||
|
try {
|
||||||
|
if (await this.init()) {
|
||||||
|
return this.migratePolicy();
|
||||||
|
}
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
return new Policy();
|
||||||
|
},
|
||||||
|
|
||||||
|
extractLists(lists) {
|
||||||
|
return lists.map(listString => listString.split(/\s+/))
|
||||||
|
.map(sites => sites.filter(s => !(s.includes(":") &&
|
||||||
|
sites.includes(s.replace(/.*:\/*(?=\w)/g, ""))
|
||||||
|
)));
|
||||||
|
},
|
||||||
|
|
||||||
|
migratePolicy() {
|
||||||
|
// here we normalize both NS whitelist and blacklist, getting finally rid of
|
||||||
|
// the legacy of CAPS mandating protocols for top-level domains
|
||||||
|
let [trusted, untrusted] = this.extractLists(
|
||||||
|
[this.migrated.whitelist, this.getPref("untrusted", "")]);
|
||||||
|
|
||||||
|
// securify default whitelist domain items
|
||||||
|
if (this.getPref("httpsDefWhitelist")) {
|
||||||
|
this.getPref("default", "").
|
||||||
|
split(/\s+/).
|
||||||
|
filter(s => !s.includes(":")).
|
||||||
|
forEach(s => {
|
||||||
|
let idx = trusted.indexOf(s);
|
||||||
|
if (idx !== -1) {
|
||||||
|
trusted[idx] = Sites.secureDomainKey(s);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
let DEFAULT = new Permissions(["other"]);
|
||||||
|
let {capabilities} = DEFAULT;
|
||||||
|
// let's semplify object permissions now that almost everything is
|
||||||
|
// either blacklisted or C2P by the browser
|
||||||
|
if (!["Java", "Flash", "Silverlight", "Plugins"]
|
||||||
|
.find(type => this.getPref(`forbid${type}`))) {
|
||||||
|
capabilities.add("object");
|
||||||
|
}
|
||||||
|
|
||||||
|
let prefMap = {
|
||||||
|
"Fonts": "font",
|
||||||
|
"Frames": "frame",
|
||||||
|
"IFrames": "frame",
|
||||||
|
"Media": "media",
|
||||||
|
"WebGL": "webgl",
|
||||||
|
};
|
||||||
|
for (let [legacy, current] of Object.entries(prefMap)) {
|
||||||
|
if (!this.getPref(`forbid${legacy}`, true)) capabilities.add(current);
|
||||||
|
}
|
||||||
|
|
||||||
|
let TRUSTED = new Permissions(new Set(this.getPref("contentBlocker") ? capabilities : Permissions.ALL));
|
||||||
|
TRUSTED.capabilities.add("script").add("fetch");
|
||||||
|
|
||||||
|
let UNTRUSTED = new Permissions();
|
||||||
|
if (this.getPref("global")) {
|
||||||
|
if (!this.getPref("alwaysBlockUntrustedContent")) {
|
||||||
|
UNTRUSTED.capabilities = new Set(capabilities);
|
||||||
|
}
|
||||||
|
DEFAULT = new Permissions(TRUSTED.capabilities);
|
||||||
|
}
|
||||||
|
|
||||||
|
return new Policy({
|
||||||
|
sites: {untrusted, trusted, custom: {}},
|
||||||
|
DEFAULT,
|
||||||
|
TRUSTED,
|
||||||
|
UNTRUSTED,
|
||||||
|
enforced: true,
|
||||||
|
// TODO: enforce these before ESR 59 gets released
|
||||||
|
cascadePermissions: this.getPref("cascadePermissions"),
|
||||||
|
restrictSubDocScripting: this.getPref("restrictSubDocScripting"),
|
||||||
|
onlySecure: this.getPref("allowHttpsOnly")
|
||||||
|
});
|
||||||
|
|
||||||
|
},
|
||||||
|
|
||||||
|
RX: {
|
||||||
|
simple: function(s, flags) {
|
||||||
|
var anchor = /\^/.test(flags);
|
||||||
|
return new RegExp(anchor ? rxParsers.anchor(s) : s,
|
||||||
|
anchor ? flags.replace(/\^/g, '') : flags);
|
||||||
|
},
|
||||||
|
anchor: function(s) {
|
||||||
|
return /^\^|\$$/.test(s) ? s : "^" + s + "$";
|
||||||
|
},
|
||||||
|
multi: function(s, flags) {
|
||||||
|
var anchor = /\^/.test(flags);
|
||||||
|
var lines = s.split(anchor ? /\s+/ : /[\n\r]+/).filter(l => /\S/.test(l));
|
||||||
|
return new RegExp((anchor ? lines.map(rxParsers.anchor) : lines).join('|'),
|
||||||
|
anchor ? flags.replace(/\^/g, '') : flags);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Legacy.init();
|
|
@ -0,0 +1,365 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
Legacy.migrated.prefs = Object.assign(
|
||||||
|
{
|
||||||
|
"autoReload": true,
|
||||||
|
"autoReload.global": true,
|
||||||
|
"autoReload.allTabs": true,
|
||||||
|
"autoReload.allTabsOnPageAction": true,
|
||||||
|
"autoReload.allTabsOnGlobal": false,
|
||||||
|
"autoReload.onMultiContent": false,
|
||||||
|
"autoReload.useHistory": false,
|
||||||
|
"autoReload.useHistory.exceptCurrent": true,
|
||||||
|
"autoReload.embedders": 1,
|
||||||
|
"ctxMenu": true,
|
||||||
|
"statusIcon": true,
|
||||||
|
"sound": false,
|
||||||
|
"sound.oncePerSite": true,
|
||||||
|
"notify": true,
|
||||||
|
"notify.bottom": true,
|
||||||
|
"showAddress": false,
|
||||||
|
"showDomain": false,
|
||||||
|
"showTemp": true,
|
||||||
|
"showPermanent": true,
|
||||||
|
"showDistrust": true,
|
||||||
|
"showUntrusted": true,
|
||||||
|
"showBaseDomain": true,
|
||||||
|
"showAbout": true,
|
||||||
|
"showGlobal": true,
|
||||||
|
"showTempToPerm": true,
|
||||||
|
"showRevokeTemp": true,
|
||||||
|
"showBlockedObjects": true,
|
||||||
|
"showExternalFilters": true,
|
||||||
|
"showTempAllowPage": true,
|
||||||
|
"showAllowPage": true,
|
||||||
|
"mandatory": "[System+Principal] about: about:addons about:blocked about:certerror about:config about:crashes about:feeds about:home about:memory about:neterror about:plugins about:preferences about:privatebrowsing about:sessionrestore about:srcdoc about:support about:tabcrashed blob: chrome: mediasource: moz-extension: moz-safe-about: resource:",
|
||||||
|
"default": "about:blank about:pocket-saved about:pocket-signup addons.mozilla.org afx.ms ajax.aspnetcdn.com ajax.googleapis.com bootstrapcdn.com code.jquery.com firstdata.com firstdata.lv gfx.ms google.com googlevideo.com gstatic.com hotmail.com live.com live.net maps.googleapis.com mozilla.net netflix.com nflxext.com nflximg.com nflxvideo.net noscript.net outlook.com passport.com passport.net passportimages.com paypal.com paypalobjects.com securecode.com securesuite.net sfx.ms tinymce.cachefly.net wlxrs.com yahoo.com yahooapis.com yimg.com youtube.com ytimg.com",
|
||||||
|
"allowWhitelistUpdates": true,
|
||||||
|
"volatilePrivatePermissions": false,
|
||||||
|
"showVolatilePrivatePermissionsToggle": true,
|
||||||
|
"eraseFloatingElements": true,
|
||||||
|
"bgThumbs.allowed": false,
|
||||||
|
"bgThumbs.disableJS": true,
|
||||||
|
"forbidJava": true,
|
||||||
|
"forbidFlash": true,
|
||||||
|
"forbidSilverlight": true,
|
||||||
|
"forbidPlugins": true,
|
||||||
|
"forbidMedia": true,
|
||||||
|
"forbidFonts": true,
|
||||||
|
"forbidWebGL": false,
|
||||||
|
"forbidActiveContentParentTrustCheck": true,
|
||||||
|
"forbidIFrames": false,
|
||||||
|
"forbidIFramesContext": 3,
|
||||||
|
"forbidIFramesParentTrustCheck": true,
|
||||||
|
"forbidFrames": false,
|
||||||
|
"forbidMixedFrames": true,
|
||||||
|
"sound.block": "chrome://noscript/skin/block.wav",
|
||||||
|
"allowClipboard": false,
|
||||||
|
"allowLocalLinks": false,
|
||||||
|
"allowLocalLinks.from": "",
|
||||||
|
"allowLocalLinks.to": "",
|
||||||
|
"allowCachingObjects": true,
|
||||||
|
"showPlaceholder": true,
|
||||||
|
"global": false,
|
||||||
|
"globalHttpsWhitelist": false,
|
||||||
|
"confirmUnblock": true,
|
||||||
|
"confirmUnsafeReload": true,
|
||||||
|
"statusLabel": false,
|
||||||
|
"forbidBookmarklets": false,
|
||||||
|
"allowBookmarkletImports": true,
|
||||||
|
"allowBookmarks": false,
|
||||||
|
"notify.hideDelay": 5,
|
||||||
|
"notify.hidePermanent": true,
|
||||||
|
"notify.hide": false,
|
||||||
|
"truncateTitleLen": 255,
|
||||||
|
"truncateTitle": true,
|
||||||
|
"fixLinks": true,
|
||||||
|
"noping": true,
|
||||||
|
"consoleDump": 0,
|
||||||
|
"excaps": true,
|
||||||
|
"nselForce": true,
|
||||||
|
"nselNever": false,
|
||||||
|
"nselNoMeta": true,
|
||||||
|
"autoAllow": 0,
|
||||||
|
"toolbarToggle": 3,
|
||||||
|
"allowPageLevel": 0,
|
||||||
|
"forbidImpliesUntrust": false,
|
||||||
|
"keys.toggle": "ctrl shift VK_BACK_SLASH.|",
|
||||||
|
"keys.ui": "ctrl shift S",
|
||||||
|
"keys.tempAllowPage": "",
|
||||||
|
"keys.revokeTemp": "",
|
||||||
|
"menuAccelerators": false,
|
||||||
|
"forbidMetaRefresh": false,
|
||||||
|
"forbidMetaRefresh.remember": false,
|
||||||
|
"forbidMetaRefresh.notify": true,
|
||||||
|
"forbidMetaRefresh.exceptions": "^https?://(?:www|encrypted)\\.google\\.(?:[a-z]{2,3}|[a-z]{2}\\.[a-z]{2,3})/ t.co",
|
||||||
|
"contentBlocker": false,
|
||||||
|
"toggle.temp": true,
|
||||||
|
"firstRunRedirection": true,
|
||||||
|
"xss.notify": true,
|
||||||
|
"xss.notify.subframes": true,
|
||||||
|
"xss.trustReloads": false,
|
||||||
|
"xss.trustData": true,
|
||||||
|
"xss.trustExternal": true,
|
||||||
|
"xss.trustTemp": true,
|
||||||
|
"xss.checkInclusions": true,
|
||||||
|
"xss.checkInclusions.exceptions": "intensedebate.com/idc/js/",
|
||||||
|
"xss.checkCharset.exceptions": "",
|
||||||
|
"filterXPost": true,
|
||||||
|
"filterXGet": true,
|
||||||
|
"filterXGetRx": "<+(?=[^<>=\\d. /(-])|[\\\\\"\\x00-\\x07\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F]",
|
||||||
|
"filterXGetUserRx": "",
|
||||||
|
"filterXExceptions": "^https?://([a-z]+)\\.google\\.(?:[a-z]{1,3}\\.)?[a-z]+/(?:search|custom|\\1)\\?\n^https?://([a-z]*)\\.?search\\.yahoo\\.com/search(?:\\?|/\\1\\b)\n^https?://[a-z]+\\.wikipedia\\.org/wiki/[^\"<>?%]+$\n^https?://translate\\.google\\.com/translate_t[^\"'<>?%]+$\n^https://secure\\.wikimedia\\.org/wikipedia/[a-z]+/wiki/[^\"<>\\?%]+$",
|
||||||
|
"filterXExceptions.blogspot": true,
|
||||||
|
"filterXExceptions.darla_name": true,
|
||||||
|
"filterXExceptions.deviantart": true,
|
||||||
|
"filterXExceptions.fbconnect": true,
|
||||||
|
"filterXExceptions.ebay": true,
|
||||||
|
"filterXExceptions.ggadgets": true,
|
||||||
|
"filterXExceptions.letitbit": true,
|
||||||
|
"filterXExceptions.livejournal": true,
|
||||||
|
"filterXExceptions.lycosmail": true,
|
||||||
|
"filterXExceptions.medicare": true,
|
||||||
|
"filterXException.photobucket": true,
|
||||||
|
"filterXExceptions.printfriendly": true,
|
||||||
|
"filterXExceptions.readability": true,
|
||||||
|
"filterXExceptions.yahoo": true,
|
||||||
|
"filterXExceptions.visa": true,
|
||||||
|
"filterXExceptions.verizon": true,
|
||||||
|
"filterXExceptions.zendesk": true,
|
||||||
|
"filterXExceptions.yt_comments": true,
|
||||||
|
"protectWindowNameXAssignment": true,
|
||||||
|
"injectionCheck": 2,
|
||||||
|
"injectionCheckPost": true,
|
||||||
|
"injectionCheckHTML": true,
|
||||||
|
"globalwarning": true,
|
||||||
|
"jsredirectIgnore": false,
|
||||||
|
"jsredirectFollow": false,
|
||||||
|
"jsredirectForceShow": false,
|
||||||
|
"removeSMILKeySniffer": true,
|
||||||
|
"utf7filter": true,
|
||||||
|
"safeJSRx": "(?:window\\.)?close\\s*\\(\\)",
|
||||||
|
"badInstall": false,
|
||||||
|
"fixURI": true,
|
||||||
|
"fixURI.exclude": "",
|
||||||
|
"urivalid.aim": "\\w[^\\\\?&\\x00-\\x1f#]*(?:\\?[^\\\\\\x00-\\x1f#]*(?:#[\\w.@+-]{2,32})?)?",
|
||||||
|
"urivalid.mailto": "[^\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]*",
|
||||||
|
"forbidExtProtSubdocs": true,
|
||||||
|
"forbidXBL": 1,
|
||||||
|
"forbidXHR": 1,
|
||||||
|
"whitelistRegExp": "",
|
||||||
|
"tempGlobal": false,
|
||||||
|
"lockPrivilegedUI": false,
|
||||||
|
"collapseObject": false,
|
||||||
|
"showUntrustedPlaceholder": true,
|
||||||
|
"jsHack": "",
|
||||||
|
"jsHackRegExp": "",
|
||||||
|
"canonicalFQDN": false,
|
||||||
|
"allowedMimeRegExp": "",
|
||||||
|
"alwaysBlockUntrustedContent": true,
|
||||||
|
"consoleLog": false,
|
||||||
|
"dropXssProtection": true,
|
||||||
|
"flashPatch": true,
|
||||||
|
"silverlightPatch": true,
|
||||||
|
"allowURLBarJS": false,
|
||||||
|
"allowURLBarImports": false,
|
||||||
|
"hideOnUnloadRegExp": "video/.*",
|
||||||
|
"untrusted": "",
|
||||||
|
"untrustedGranularity": 3,
|
||||||
|
"requireReloadRegExp": "application/x-vnd\\.moveplayer\\b.*",
|
||||||
|
"restrictSubdocScripting": false,
|
||||||
|
"cascadePermissions": false,
|
||||||
|
"secureCookies": false,
|
||||||
|
"secureCookiesExceptions": "",
|
||||||
|
"secureCookiesForced": "",
|
||||||
|
"secureCookies.recycle": false,
|
||||||
|
"secureCookies.perTab": false,
|
||||||
|
"httpsForced": "",
|
||||||
|
"httpsForcedBuiltIn": "www.youtube.com",
|
||||||
|
"httpsDefWhitelist": true,
|
||||||
|
"allowHttpsOnly": 0,
|
||||||
|
"https.showInConsole": true,
|
||||||
|
"clearClick": 3,
|
||||||
|
"clearClick.plugins": true,
|
||||||
|
"clearClick.prompt": true,
|
||||||
|
"clearClick.debug": false,
|
||||||
|
"clearClick.exceptions": ".mail.yahoo.com https://mail.google.com/ *.ebay.com *.photobucket.com .youtube.com",
|
||||||
|
"clearClick.subexceptions": "^http://bit(?:ly\\.com|\\.ly)/a/sidebar\\?u= http://*.uservoice.com/*/popin.html?* http://w.sharethis.com/share3x/lightbox.html?* http://disqus.com/embed/* *.disqus.com/*/reply.html* http://www.feedly.com/mini abine:*",
|
||||||
|
"clearClick.rapidFireCheck": true,
|
||||||
|
"clearClick.threshold": 18,
|
||||||
|
"emulateFrameBreak": true,
|
||||||
|
"stickyUI.liveReload": false,
|
||||||
|
"stickyUI": true,
|
||||||
|
"stickyUI.onKeyboard": true,
|
||||||
|
"hoverUI": true,
|
||||||
|
"hoverUI.delayEnter": 250,
|
||||||
|
"hoverUI.delayStop": 50,
|
||||||
|
"hoverUI.delayExit1": 250,
|
||||||
|
"hoverUI.delayExit2": 300,
|
||||||
|
"hoverUI.excludeToggling": true,
|
||||||
|
"ignorePorts": true,
|
||||||
|
"cp.last": true,
|
||||||
|
"sanitizePaste": true,
|
||||||
|
"surrogate.enabled": true,
|
||||||
|
"surrogate.debug": false,
|
||||||
|
"surrogate.sandbox": true,
|
||||||
|
"surrogate.2mdn.replacement": "if('Proxy' in window){let _f=function(){}; google=$S(); Object.defineProperty(google,'__noSuchMethod__',{configurable:true,enumerable:false,value:_f});let ima={};ima.AdsManagerLoadedEvent=ima.AdErrorEvent={Type:new Proxy({},{get:function(){return 0}}),};ima.settings=new Proxy({},{get:function(){return _f}});ima.AdsLoader=ima.AdsRequest=ima.AdDisplayContainer=function(){return new Proxy({},{get:function(){return _f}});};google.ima=ima;}",
|
||||||
|
"surrogate.2mdn.sources": ".2mdn.net",
|
||||||
|
"surrogate.360Haven.sources": "@www.360haven.com",
|
||||||
|
"surrogate.360Haven.replacement": "Object.defineProperty(window,'adblock',{get:function() false,set: function() false});Object.defineProperty(window,'google_ad_client',{get: function () { return $S({__noSuchMethod__: function() this})}});Object.defineProperty(window.HTMLBodyElement.prototype,'innerHTML',{get:function() ''});",
|
||||||
|
"surrogate.adagionet.sources": ".adagionet.com",
|
||||||
|
"surrogate.adagionet.replacement": "adagioWriteTag=adagioWriteBanner=function(){}",
|
||||||
|
"surrogate.addthis.sources": "^https?://(?:[^/:]+\\.)?addthis\\.com/.*addthis_widget\\.js",
|
||||||
|
"surrogate.addthis.replacement": "addthis=(function(){var f=$S(arguments.callee);return f.__noSuchMethod__=f.data=f.bar=f.dynamic=f.login=f.ad=f.util=f.user=f.session=f})();",
|
||||||
|
"surrogate.adfly.sources": "!@^https?://adf.ly/\\w+/?$",
|
||||||
|
"surrogate.adfly.replacement": "for(var a=/ysmm = '(.*?)';/gi.exec(document.documentElement.innerHTML)[1],b='',c='',d=0;d<a.length;d++)0==d%2?b+=a.charAt(d):c=a.charAt(d)+c;window.location=atob(b+c).substring(2)",
|
||||||
|
"surrogate.ampush.sources": ".ampush.io",
|
||||||
|
"surrogate.ampush.replacement": "window.ampt=$S({__noSuchMethod__:function(){}});",
|
||||||
|
"surrogate.digg.sources": "!@digg.com/newsbar/*",
|
||||||
|
"surrogate.digg.replacement": "window.location.href=document.querySelector('link[rel=canonical]').href",
|
||||||
|
"surrogate.dimtus.sources": "!@^http://(?:dimtus|imageteam)\\.(?:com|org)/img-",
|
||||||
|
"surrogate.dimtus.replacement": "document.querySelector('.overlay_ad').style.display='none'",
|
||||||
|
"surrogate.ga.sources": "*.google-analytics.com",
|
||||||
|
"surrogate.ga.replacement": "(function(){var _0=$S(function()_0),_u=function(){};_0.__noSuchMethod__=_0;('ga'in window)||(ga=_u);window.urchinTracker=window._u||_u;window._gaq=$S({__noSuchMethod__:_0,push:function(f){if(typeof f=='function')f();else if(f&&f.shift&&f[0]in this)this[f.shift()].apply(this,f)},_set:function(a,b){if(typeof b=='function')b()},_link:function(h){if(h)location.href=h},_linkByPost:function(f){if(f&&f.submit)f.submit();return true},_getLinkerUrl:function(u){return u},_trackEvent:_0});window._gat=$S({__noSuchMethod__:function(){return _gaq},_getTrackerByName:function(){return {_visitCode:function(){return 0}}}});window.cxApi=$S({__noSuchMethod__:_0,getChosenVariation:function(x){return typeof x == 'number' ? x : x[0]},chooseVariation:function(x){return 0}})})()",
|
||||||
|
"surrogate.glinks.replacement": "['focus','mouseover','mousedown','click'].forEach(function(et){addEventListener(et,function(e){var a=e.target,href=a.href&&a.getAttribute&&a.getAttribute('href');if(href&&/^(?:http|\\/url)/.test(href)&&!a._href){a._href=a.href=a.href.replace(/.*\\/url.*[?&](?:url|q)=(http[^&]+).*/,function(a,b)decodeURIComponent(b));do{if(/\\brwt\\(/.test(a.getAttribute('onmousedown')))a.removeAttribute('onmousedown')}while((a=a.parentElement))}},true)})",
|
||||||
|
"surrogate.glinks.sources": "!@^https?://[^/]+google\\..*/search",
|
||||||
|
"surrogate.googletag.replacement": "if(typeof googletag==='undefined'){googletag={slots:{},cmd:$S({__noSuchMethod__:function(){return $S(this)},push:function(f){return f()}})};}googletag.defineSlot=function(){return $S({__noSuchMethod__:function(){return $S(this)}})};let _gt=googletag;googletag=new Proxy(_gt,{get:function(s,w,e){return w in s?s[w]:function(){return $S({__noSuchMethod__:function(){return googletag;}})};}});let _renderedAds=new Proxy({},{get:function(a,b){return b in a?a[b]:{size:[729,90]};}});let _adsRenderedInfo=new Proxy({get:function(n){return _renderedAds[n];}},{get:function(x,c){return c in x?x[c]:function(){};},set:function(x,c,v){}});Object.defineProperty(googletag,'adsRenderedInfo',{configurable:true,enumerable:true,set:function(){},get:function(){return _adsRenderedInfo;}});",
|
||||||
|
"surrogate.googletag.sources": ".googletagservices.com",
|
||||||
|
"surrogate.gravatar.sources": ".gravatar.com",
|
||||||
|
"surrogate.gravatar.replacement": "Gravatar=$S({my_hash:'', profile_cb:function(){}, init:function(){}, __noSuchMethod__:function(){}})",
|
||||||
|
"surrogate.microsoftSupport.replacement": "let c=document.getElementById('contentArea');if(c)c.style.display=''",
|
||||||
|
"surrogate.microsoftSupport.sources": "!support.microsoft.com",
|
||||||
|
"surrogate.modpagespeed.replacement": "let s=document.querySelector('noscript>meta[http-equiv=refresh]+style');if(s)s.parentNode.removeChild(s)",
|
||||||
|
"surrogate.modpagespeed.sources": "!@^https?:",
|
||||||
|
"surrogate.qs.sources": "*.quantserve.com",
|
||||||
|
"surrogate.qs.replacement": "window.quantserve=function(){}",
|
||||||
|
"surrogate.uniblue.sources": "!@.uniblue.com .liutilities.com",
|
||||||
|
"surrogate.uniblue.replacement": "Array.forEach(document.links,function(l){if(/^https:\\/\\/store\\./.test(l.href)){l.setAttribute('href',l.href.replace(/.*?:/, ''));l.parentNode.replaceChild(l,l)}})",
|
||||||
|
"surrogate.yieldman.sources": "*.yieldmanager.com",
|
||||||
|
"surrogate.yieldman.replacement": "rmAddKey=rmAddCustomKey=rmShowAd=rmShowPop=rmShowInterstitial=rmGetQueryParameters=rmGetSize=rmGetWindowUrl=rmGetPubRedirect=rmGetClickUrl=rmReplace=rmTrim=rmUrlEncode=rmCanShowPop=rmCookieExists=rmWritePopFrequencyCookie=rmWritePopExpirationCookie=flashIntalledCookieExists=writeFlashInstalledCookie=flashDetection=rmGetCookie=function(){}",
|
||||||
|
"surrogate.popunder.sources": "@^http:\\/\\/[\\w\\-\\.]+\\.[a-z]+ wyciwyg:",
|
||||||
|
"surrogate.popunder.replacement": "(function(){var unloading=false;addEventListener('pagehide',function(){unloading=true;setTimeout(function(){unloading=false},100)},true);var cookie=document.__proto__.__lookupGetter__('cookie');document.__proto__.__defineGetter__('cookie',function() {if(unloading)return cookie.apply(this);var c='; popunder=yes; popundr=yes; setover18=1';return(cookie.apply(this).replace(c,'')+c).replace(/^; /, '')});var fid='_FID_'+(Date.now().toString(16));var open=window.__proto__.open;window.__proto__.open=function(url,target,features){try{if(!(/^_(?:top|parent|self)$/i.test(target)||target in frames)){var suspSrc,suspCall,ff=[],ss=new Error().stack.split('\\n').length;if(/popunde?r/i.test(target))return ko();for(var f,ev,aa=arguments;stackSize-->2&&aa.callee&&(f=aa.callee.caller)&&ff.indexOf(f)<0;ff.push(f)){aa=f.arguments;if(!aa)break;ev=aa[0];suspCall=f.name=='doPopUnder';if(!suspSrc)suspSrc=suspCall||/(?:\\bpopunde?r|\\bfocus\\b.*\\bblur|\\bblur\\b.*\\bfocus|[pP]uShown)\\b/.test(f.toSource());if(suspCall||ev&&typeof ev=='object'&&('type' in ev)&&ev.type=='click'&&ev.button===0&&(ev.currentTarget===document||('tagName' in ev.currentTarget)&&'body'==ev.currentTarget.tagName.toLowerCase())&&!(('href' in ev.target)&&ev.target.href&&(ev.target.href.indexOf(url)===0||url.indexOf(ev.target.href)===0))){if(suspSrc)return ko();}}}}catch(e){}return open.apply(null, arguments);function ko(){var fr=document.getElementById(fid)||document.body.appendChild(document.createElement('iframe'));fr.id=fid;fr.src='data:text/html,';fr.style.display='none';var w=fr.contentWindow;w.blur=function(){};return w;}}})()",
|
||||||
|
"surrogate.popunder.exceptions": ".meebo.com",
|
||||||
|
"surrogate.imdb.sources": "@*.imdb.com/video/*",
|
||||||
|
"surrogate.imdb.replacement": "addEventListener('DOMContentLoaded',function(ev){ad_utils.render_ad=function(w){w.location=w.location.href.replace(/.*\\bTRAILER=([^&]+).*/,'$1')}},true)",
|
||||||
|
"surrogate.nscookie.sources": "@*.facebook.com",
|
||||||
|
"surrogate.nscookie.replacement": "document.cookie='noscript=; domain=.facebook.com; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT;'",
|
||||||
|
"surrogate.imagebam.replacement": "(function(){if(\"over18\" in window){var _do=doOpen;doOpen=function(){};over18();doOpen=_do}else{var e=document.getElementById(Array.slice(document.getElementsByTagName(\"script\")).filter(function(s){return !!s.innerHTML})[0].innerHTML.match(/over18[\\s\\S]*?'([^']+)/)[1]);e.style.display='none'}})()",
|
||||||
|
"surrogate.imagebam.sources": "!@*.imagebam.com",
|
||||||
|
"surrogate.imagehaven.replacement": "['agreeCont','TransparentBlack'].forEach(function(id){var o=document.getElementById(id);if(o)o.style.display='none'})",
|
||||||
|
"surrogate.imagehaven.sources": "!@*.imagehaven.net",
|
||||||
|
"surrogate.imgreserve.sources": "!imgreserve.com",
|
||||||
|
"surrogate.imgreserve.replacement": "let b=document.querySelector('input[value=\"YES\"]');if(b)b.addEventListener('click',function(){document.cookie='AgeVerification=1';location.href=location},true)",
|
||||||
|
"surrogate.interstitialBox.replacement": "__defineSetter__('interstitialBox',function(){});__defineGetter__('interstitialBox',function(){return{}})",
|
||||||
|
"surrogate.interstitialBox.sources": "@*.imagevenue.com",
|
||||||
|
"surrogate.invodo.sources": ".invodo.com",
|
||||||
|
"surrogate.invodo.replacement": "Invodo=$S({__noSuchMethod__:function(){}})",
|
||||||
|
"surrogate.googleThumbs.replacement": "(function(){var ss=document.getElementsByTagName('script');var s,t,m,id,i;for(var j=ss.length;j-->0;)if(((s=ss[j])&&(t=s.firstChild&&s.firstChild.nodeValue)&&(id=t.match(/\\w+thumb\\d+/))&&(m=t.match(/['\"](data:[^'\"]+)/)))&&(i=document.getElementById(id)))i.src=m[1].replace(/\\\\(u[0-9a-f]{4}|x[0-9a-f]{2})/ig,function(a,b){return String.fromCharCode(parseInt(b.substring(1), 16))})})()",
|
||||||
|
"surrogate.googleThumbs.sources": "!^https?://www\\.google\\.[a-z]+/search",
|
||||||
|
"surrogate.amo.replacement": "addEventListener('click',function(e){if(e.button)return;var a=e.target.parentNode;var hash=a.getAttribute('data-hash');if(hash){var b=a.parentNode.parentNode;InstallTrigger.install({x:{URL:a.href,IconURL:b.getAttribute('data-icon'),Hash:hash,toString:function(){return a.href}}});e.preventDefault()}},false)",
|
||||||
|
"surrogate.amo.sources": "!https://addons.mozilla.org/",
|
||||||
|
"surrogate.ab_adsense.sources": "pagead2.googlesyndication.com",
|
||||||
|
"surrogate.ab_adsense.replacement": "gaGlobal={}",
|
||||||
|
"surrogate.ab_adscale.sources": "js.adscale.de",
|
||||||
|
"surrogate.ab_adscale.replacement": "adscale={}",
|
||||||
|
"surrogate.ab_adtiger.sources": "^http://ads\\.adtiger\\.",
|
||||||
|
"surrogate.ab_adtiger.replacement": "adspirit_pid={}",
|
||||||
|
"surrogate.ab_bidvertiser.sources": "^http://bdv\\.bidvert",
|
||||||
|
"surrogate.ab_bidvertiser.replacement": "report_error=function(){}",
|
||||||
|
"surrogate.ab_binlayer.sources": "^http://view\\.binlay(?:er)\\.",
|
||||||
|
"surrogate.ab_binlayer.replacement": "blLayer={}",
|
||||||
|
"surrogate.ab_mirago.sources": "^http://intext\\.mirago\\.",
|
||||||
|
"surrogate.ab_mirago.replacement": "HLSysBannerUrl=''",
|
||||||
|
"surrogate.ab_mirando.sources": "^http://get\\.mirando\\.",
|
||||||
|
"surrogate.ab_mirando.replacement": "Mirando={}",
|
||||||
|
"surrogate.facebook_connect.sources": "connect.facebook.net",
|
||||||
|
"surrogate.facebook_connect.replacement": "FB=(function(){var f=$S(arguments.callee);return f.__noSuchMethod__=f.Event=f.XFBML=f;})();",
|
||||||
|
"surrogate.revsci.sources": "js.revsci.net",
|
||||||
|
"surrogate.revsci.replacement": "rsinetsegs=[];DM_addEncToLoc=DM_tag=function(){};",
|
||||||
|
"surrogate.adriver.sources": "ad.adriver.ru/cgi-bin/erle.cgi",
|
||||||
|
"surrogate.adriver.replacement": "if(top!==self&&top.location.href===location.href)setTimeout('try{document.close();}catch(e){}',100)",
|
||||||
|
"surrogate.twitter.sources": "platform.twitter.com",
|
||||||
|
"surrogate.twitter.replacement": "twttr=(function(){var f=$S(arguments.callee); var ro = f.__noSuchMethod__=f.events=f.anywhere=f; ro.widgets=$S({__noSuchMethod__:function(){}}); return ro})();",
|
||||||
|
"surrogate.plusone.sources": "apis.google.com/js/plusone.js",
|
||||||
|
"surrogate.plusone.replacement": "gapi=(function(){var f=$S(arguments.callee);return f.__noSuchMethod__=f.plusone=f;})();",
|
||||||
|
"surrogate.disqus-theme.sources": ">.disqus.com/*/build/themes/t_c4ca4238a0b923820dcc509a6f75849b.js*",
|
||||||
|
"surrogate.disqus-theme.replacement": "DISQUS.dtpl.actions.register('comments.reply.new.onLoadingStart', function() { DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingStart'); DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingEnd');});",
|
||||||
|
"surrogate.skimlinks.sources": ".skimlinks.com/api/",
|
||||||
|
"surrogate.skimlinks.replacement": "window.skimlinks=function(){}",
|
||||||
|
"surrogate.picbucks.sources": "!*.picbucks.com http://www.imagebax.com/show.php/*",
|
||||||
|
"surrogate.picbucks.replacement": "Array.forEach(document.getElementsByTagName('script'), function(s){let m = s.textContent.match(/(?:Lbjs\\.TargetUrl\\s*=\\s*|Array\\s*\\().*(\\bhttp[^'\"]*)/); if (m) { location.href = m[1]; throw 'break'; }})",
|
||||||
|
"surrogate.imagebunk.sources": "!http://imagebunk.com/image/*",
|
||||||
|
"surrogate.imagebunk.replacement": "document.body.insertBefore(document.getElementById('img_obj'), document.body.firstChild)",
|
||||||
|
"surrogate.picsee.sources": "!^https?://picsee\\.net/2\\d.*\\.html",
|
||||||
|
"surrogate.picsee.replacement": "location.replace(location.href.replace(/(\\/2\\d{3}[^\\/]*)(.*)\\.html/, '/upload$1/$2'));",
|
||||||
|
"surrogate.owasp_antiClickjack.sources": "!^https?://",
|
||||||
|
"surrogate.owasp_antiClickjack.replacement": "if(window.top===window&&document.body.offsetWidth===0)['body','documentElement'].forEach(function(e){document[e].style.setProperty('display','unset','important')})",
|
||||||
|
"surrogate.gigya.replacement": "gigya=$S({__noSuchMethod__:function(){}, isGigya:true, __initialized:true});gigya.socialize=$S({__noSuchMethod__:function(){}, addEventHandlers:function(){}});gigya.accounts=$S({__noSuchMethod__:function(){}})",
|
||||||
|
"surrogate.gigya.sources": ".gigya.com",
|
||||||
|
"surrogate.stripe.replacement": "Stripe=$S({__noSuchMethod__:function(){}})",
|
||||||
|
"surrogate.stripe.sources": "js.stripe.com",
|
||||||
|
"surrogate.wp.sources": "!^.*\\/20\\d{2}\\/\\d{2}\\/\\d{2}\\/",
|
||||||
|
"surrogate.wp.replacement": "let s=document.createElement('style');s.textContent='.site{opacity: 1 !important}';document.documentElement.appendChild(s)",
|
||||||
|
"fakeScriptLoadEvents.enabled": true,
|
||||||
|
"fakeScriptLoadEvents.onlyRequireJS": true,
|
||||||
|
"fakeScriptLoadEvents.exceptions": "",
|
||||||
|
"fakeScriptLoadEvents.docExceptions": "",
|
||||||
|
"placeholderMinSize": 32,
|
||||||
|
"placeholderLongTip": true,
|
||||||
|
"placeholderCollapseOnClose": false,
|
||||||
|
"compat.evernote": true,
|
||||||
|
"compat.gnotes": true,
|
||||||
|
"forbidXSLT": true,
|
||||||
|
"oldStylePartial": false,
|
||||||
|
"proxiedDNS": 0,
|
||||||
|
"placesPrefs": false,
|
||||||
|
"ABE.enabled": true,
|
||||||
|
"ABE.siteEnabled": false,
|
||||||
|
"ABE.allowRulesetRedir": false,
|
||||||
|
"ABE.legacyPrompt": false,
|
||||||
|
"ABE.disabledRulesetNames": "",
|
||||||
|
"ABE.skipBrowserRequests": true,
|
||||||
|
"ABE.notify": true,
|
||||||
|
"ABE.notify.namedLoopback": false,
|
||||||
|
"ABE.wanIpAsLocal": true,
|
||||||
|
"ABE.wanIpCheckURL": "https://secure.informaction.com/ipecho/",
|
||||||
|
"ABE.localExtras": "",
|
||||||
|
"asyncNetworking": true,
|
||||||
|
"inclusionTypeChecking": true,
|
||||||
|
"inclusionTypeChecking.exceptions": "https://scache.vzw.com/ http://cache.vzw.com .sony-europe.com .amazonaws.com .hp-ww.com .yandex.st cdn.directvid.com/*.jsx",
|
||||||
|
"inclusionTypeChecking.checkDynamic": false,
|
||||||
|
"nosniff": true,
|
||||||
|
"recentlyBlockedCount": 10,
|
||||||
|
"showRecentlyBlocked": true,
|
||||||
|
"recentlyBlockedLevel": 0,
|
||||||
|
"frameOptions.enabled": true,
|
||||||
|
"frameOptions.parentWhitelist": "https://mail.google.com/*",
|
||||||
|
"logDNS": false,
|
||||||
|
"subscription.lastCheck": 0,
|
||||||
|
"subscription.checkInterval": 24,
|
||||||
|
"subscription.trustedURL": "",
|
||||||
|
"subscription.untrustedURL": "",
|
||||||
|
"siteInfoProvider": "https://noscript.net/about/%utf8%;%ace%",
|
||||||
|
"alwaysShowObjectSources": false,
|
||||||
|
"ef.enabled": false,
|
||||||
|
"showBlankSources": false,
|
||||||
|
"preset": "medium",
|
||||||
|
"forbidBGRefresh": 1,
|
||||||
|
"forbidBGRefresh.exceptions": ".mozilla.org",
|
||||||
|
"toStaticHTML": true,
|
||||||
|
"liveConnectInterception": true,
|
||||||
|
"audioApiInterception": true,
|
||||||
|
"doNotTrack.enabled": true,
|
||||||
|
"doNotTrack.exceptions": "",
|
||||||
|
"doNotTrack.forced": "",
|
||||||
|
"ajaxFallback.enabled": true,
|
||||||
|
"sync.enabled": false,
|
||||||
|
"ABE.rulesets.SYSTEM": "# Prevent Internet sites from requesting LAN resources.\r\nSite LOCAL\r\nAccept from LOCAL\r\nDeny",
|
||||||
|
"ABE.rulesets.USER": "# User-defined rules. Feel free to experiment here.\r\n",
|
||||||
|
"ABE.migration": 0,
|
||||||
|
"smartClickToPlay": true,
|
||||||
|
"removalWarning": true,
|
||||||
|
"middlemouse_temp_allow_main_site": true,
|
||||||
|
"webext.enabled": true
|
||||||
|
}, Legacy.migrated.prefs
|
||||||
|
);
|
|
@ -0,0 +1,49 @@
|
||||||
|
|
||||||
|
'use strict';
|
||||||
|
// we need this because of https://bugzilla.mozilla.org/show_bug.cgi?id=439276
|
||||||
|
|
||||||
|
var Base64 = {
|
||||||
|
|
||||||
|
purify: function(input) {
|
||||||
|
return input.replace(/[^A-Za-z0-9\+\/=]+/g, '');
|
||||||
|
},
|
||||||
|
|
||||||
|
alt: function(s) {
|
||||||
|
// URL base64 variant, see http://en.wikipedia.org/wiki/Base64#URL_applications
|
||||||
|
return s.replace(/-/g, '+').replace(/_/g, '/')
|
||||||
|
},
|
||||||
|
|
||||||
|
decode: function (input, strict) {
|
||||||
|
var output = '';
|
||||||
|
var chr1, chr2, chr3;
|
||||||
|
var enc1, enc2, enc3, enc4;
|
||||||
|
var i = 0;
|
||||||
|
|
||||||
|
// if (/[^A-Za-z0-9\+\/\=]/.test(input)) return ""; // we don't need this, caller checks for us
|
||||||
|
|
||||||
|
const k = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
|
||||||
|
while (i < input.length) {
|
||||||
|
|
||||||
|
enc1 = k.indexOf(input.charAt(i++));
|
||||||
|
enc2 = k.indexOf(input.charAt(i++));
|
||||||
|
enc3 = k.indexOf(input.charAt(i++));
|
||||||
|
enc4 = k.indexOf(input.charAt(i++));
|
||||||
|
|
||||||
|
chr1 = (enc1 << 2) | (enc2 >> 4);
|
||||||
|
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
|
||||||
|
chr3 = ((enc3 & 3) << 6) | enc4;
|
||||||
|
|
||||||
|
output += String.fromCharCode(chr1);
|
||||||
|
|
||||||
|
if (enc3 != 64) {
|
||||||
|
output += String.fromCharCode(chr2);
|
||||||
|
}
|
||||||
|
if (enc4 != 64) {
|
||||||
|
output += String.fromCharCode(chr3);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
return output;
|
||||||
|
|
||||||
|
}
|
||||||
|
};
|
|
@ -0,0 +1,841 @@
|
||||||
|
;(function () {
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @preserve FastClick: polyfill to remove click delays on browsers with touch UIs.
|
||||||
|
*
|
||||||
|
* @codingstandard ftlabs-jsv2
|
||||||
|
* @copyright The Financial Times Limited [All Rights Reserved]
|
||||||
|
* @license MIT License (see LICENSE.txt)
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*jslint browser:true, node:true*/
|
||||||
|
/*global define, Event, Node*/
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Instantiate fast-clicking listeners on the specified layer.
|
||||||
|
*
|
||||||
|
* @constructor
|
||||||
|
* @param {Element} layer The layer to listen on
|
||||||
|
* @param {Object} [options={}] The options to override the defaults
|
||||||
|
*/
|
||||||
|
function FastClick(layer, options) {
|
||||||
|
var oldOnClick;
|
||||||
|
|
||||||
|
options = options || {};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Whether a click is currently being tracked.
|
||||||
|
*
|
||||||
|
* @type boolean
|
||||||
|
*/
|
||||||
|
this.trackingClick = false;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Timestamp for when click tracking started.
|
||||||
|
*
|
||||||
|
* @type number
|
||||||
|
*/
|
||||||
|
this.trackingClickStart = 0;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The element being tracked for a click.
|
||||||
|
*
|
||||||
|
* @type EventTarget
|
||||||
|
*/
|
||||||
|
this.targetElement = null;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* X-coordinate of touch start event.
|
||||||
|
*
|
||||||
|
* @type number
|
||||||
|
*/
|
||||||
|
this.touchStartX = 0;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Y-coordinate of touch start event.
|
||||||
|
*
|
||||||
|
* @type number
|
||||||
|
*/
|
||||||
|
this.touchStartY = 0;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* ID of the last touch, retrieved from Touch.identifier.
|
||||||
|
*
|
||||||
|
* @type number
|
||||||
|
*/
|
||||||
|
this.lastTouchIdentifier = 0;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Touchmove boundary, beyond which a click will be cancelled.
|
||||||
|
*
|
||||||
|
* @type number
|
||||||
|
*/
|
||||||
|
this.touchBoundary = options.touchBoundary || 10;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The FastClick layer.
|
||||||
|
*
|
||||||
|
* @type Element
|
||||||
|
*/
|
||||||
|
this.layer = layer;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The minimum time between tap(touchstart and touchend) events
|
||||||
|
*
|
||||||
|
* @type number
|
||||||
|
*/
|
||||||
|
this.tapDelay = options.tapDelay || 200;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The maximum time for a tap
|
||||||
|
*
|
||||||
|
* @type number
|
||||||
|
*/
|
||||||
|
this.tapTimeout = options.tapTimeout || 700;
|
||||||
|
|
||||||
|
if (FastClick.notNeeded(layer)) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Some old versions of Android don't have Function.prototype.bind
|
||||||
|
function bind(method, context) {
|
||||||
|
return function() { return method.apply(context, arguments); };
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
var methods = ['onMouse', 'onClick', 'onTouchStart', 'onTouchMove', 'onTouchEnd', 'onTouchCancel'];
|
||||||
|
var context = this;
|
||||||
|
for (var i = 0, l = methods.length; i < l; i++) {
|
||||||
|
context[methods[i]] = bind(context[methods[i]], context);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set up event handlers as required
|
||||||
|
if (deviceIsAndroid) {
|
||||||
|
layer.addEventListener('mouseover', this.onMouse, true);
|
||||||
|
layer.addEventListener('mousedown', this.onMouse, true);
|
||||||
|
layer.addEventListener('mouseup', this.onMouse, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
layer.addEventListener('click', this.onClick, true);
|
||||||
|
layer.addEventListener('touchstart', this.onTouchStart, false);
|
||||||
|
layer.addEventListener('touchmove', this.onTouchMove, false);
|
||||||
|
layer.addEventListener('touchend', this.onTouchEnd, false);
|
||||||
|
layer.addEventListener('touchcancel', this.onTouchCancel, false);
|
||||||
|
|
||||||
|
// Hack is required for browsers that don't support Event#stopImmediatePropagation (e.g. Android 2)
|
||||||
|
// which is how FastClick normally stops click events bubbling to callbacks registered on the FastClick
|
||||||
|
// layer when they are cancelled.
|
||||||
|
if (!Event.prototype.stopImmediatePropagation) {
|
||||||
|
layer.removeEventListener = function(type, callback, capture) {
|
||||||
|
var rmv = Node.prototype.removeEventListener;
|
||||||
|
if (type === 'click') {
|
||||||
|
rmv.call(layer, type, callback.hijacked || callback, capture);
|
||||||
|
} else {
|
||||||
|
rmv.call(layer, type, callback, capture);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
layer.addEventListener = function(type, callback, capture) {
|
||||||
|
var adv = Node.prototype.addEventListener;
|
||||||
|
if (type === 'click') {
|
||||||
|
adv.call(layer, type, callback.hijacked || (callback.hijacked = function(event) {
|
||||||
|
if (!event.propagationStopped) {
|
||||||
|
callback(event);
|
||||||
|
}
|
||||||
|
}), capture);
|
||||||
|
} else {
|
||||||
|
adv.call(layer, type, callback, capture);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
// If a handler is already declared in the element's onclick attribute, it will be fired before
|
||||||
|
// FastClick's onClick handler. Fix this by pulling out the user-defined handler function and
|
||||||
|
// adding it as listener.
|
||||||
|
if (typeof layer.onclick === 'function') {
|
||||||
|
|
||||||
|
// Android browser on at least 3.2 requires a new reference to the function in layer.onclick
|
||||||
|
// - the old one won't work if passed to addEventListener directly.
|
||||||
|
oldOnClick = layer.onclick;
|
||||||
|
layer.addEventListener('click', function(event) {
|
||||||
|
oldOnClick(event);
|
||||||
|
}, false);
|
||||||
|
layer.onclick = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Windows Phone 8.1 fakes user agent string to look like Android and iPhone.
|
||||||
|
*
|
||||||
|
* @type boolean
|
||||||
|
*/
|
||||||
|
var deviceIsWindowsPhone = navigator.userAgent.indexOf("Windows Phone") >= 0;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Android requires exceptions.
|
||||||
|
*
|
||||||
|
* @type boolean
|
||||||
|
*/
|
||||||
|
var deviceIsAndroid = navigator.userAgent.indexOf('Android') > 0 && !deviceIsWindowsPhone;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* iOS requires exceptions.
|
||||||
|
*
|
||||||
|
* @type boolean
|
||||||
|
*/
|
||||||
|
var deviceIsIOS = /iP(ad|hone|od)/.test(navigator.userAgent) && !deviceIsWindowsPhone;
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* iOS 4 requires an exception for select elements.
|
||||||
|
*
|
||||||
|
* @type boolean
|
||||||
|
*/
|
||||||
|
var deviceIsIOS4 = deviceIsIOS && (/OS 4_\d(_\d)?/).test(navigator.userAgent);
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* iOS 6.0-7.* requires the target element to be manually derived
|
||||||
|
*
|
||||||
|
* @type boolean
|
||||||
|
*/
|
||||||
|
var deviceIsIOSWithBadTarget = deviceIsIOS && (/OS [6-7]_\d/).test(navigator.userAgent);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* BlackBerry requires exceptions.
|
||||||
|
*
|
||||||
|
* @type boolean
|
||||||
|
*/
|
||||||
|
var deviceIsBlackBerry10 = navigator.userAgent.indexOf('BB10') > 0;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether a given element requires a native click.
|
||||||
|
*
|
||||||
|
* @param {EventTarget|Element} target Target DOM element
|
||||||
|
* @returns {boolean} Returns true if the element needs a native click
|
||||||
|
*/
|
||||||
|
FastClick.prototype.needsClick = function(target) {
|
||||||
|
switch (target.nodeName.toLowerCase()) {
|
||||||
|
|
||||||
|
// Don't send a synthetic click to disabled inputs (issue #62)
|
||||||
|
case 'button':
|
||||||
|
case 'select':
|
||||||
|
case 'textarea':
|
||||||
|
if (target.disabled) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
case 'input':
|
||||||
|
|
||||||
|
// File inputs need real clicks on iOS 6 due to a browser bug (issue #68)
|
||||||
|
if ((deviceIsIOS && target.type === 'file') || target.disabled) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
break;
|
||||||
|
case 'label':
|
||||||
|
case 'iframe': // iOS8 homescreen apps can prevent events bubbling into frames
|
||||||
|
case 'video':
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return (/\bneedsclick\b/).test(target.className);
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether a given element requires a call to focus to simulate click into element.
|
||||||
|
*
|
||||||
|
* @param {EventTarget|Element} target Target DOM element
|
||||||
|
* @returns {boolean} Returns true if the element requires a call to focus to simulate native click.
|
||||||
|
*/
|
||||||
|
FastClick.prototype.needsFocus = function(target) {
|
||||||
|
switch (target.nodeName.toLowerCase()) {
|
||||||
|
case 'textarea':
|
||||||
|
return true;
|
||||||
|
case 'select':
|
||||||
|
return !deviceIsAndroid;
|
||||||
|
case 'input':
|
||||||
|
switch (target.type) {
|
||||||
|
case 'button':
|
||||||
|
case 'checkbox':
|
||||||
|
case 'file':
|
||||||
|
case 'image':
|
||||||
|
case 'radio':
|
||||||
|
case 'submit':
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// No point in attempting to focus disabled inputs
|
||||||
|
return !target.disabled && !target.readOnly;
|
||||||
|
default:
|
||||||
|
return (/\bneedsfocus\b/).test(target.className);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Send a click event to the specified element.
|
||||||
|
*
|
||||||
|
* @param {EventTarget|Element} targetElement
|
||||||
|
* @param {Event} event
|
||||||
|
*/
|
||||||
|
FastClick.prototype.sendClick = function(targetElement, event) {
|
||||||
|
var clickEvent, touch;
|
||||||
|
|
||||||
|
// On some Android devices activeElement needs to be blurred otherwise the synthetic click will have no effect (#24)
|
||||||
|
if (document.activeElement && document.activeElement !== targetElement) {
|
||||||
|
document.activeElement.blur();
|
||||||
|
}
|
||||||
|
|
||||||
|
touch = event.changedTouches[0];
|
||||||
|
|
||||||
|
// Synthesise a click event, with an extra attribute so it can be tracked
|
||||||
|
clickEvent = document.createEvent('MouseEvents');
|
||||||
|
clickEvent.initMouseEvent(this.determineEventType(targetElement), true, true, window, 1, touch.screenX, touch.screenY, touch.clientX, touch.clientY, false, false, false, false, 0, null);
|
||||||
|
clickEvent.forwardedTouchEvent = true;
|
||||||
|
targetElement.dispatchEvent(clickEvent);
|
||||||
|
};
|
||||||
|
|
||||||
|
FastClick.prototype.determineEventType = function(targetElement) {
|
||||||
|
|
||||||
|
//Issue #159: Android Chrome Select Box does not open with a synthetic click event
|
||||||
|
if (deviceIsAndroid && targetElement.tagName.toLowerCase() === 'select') {
|
||||||
|
return 'mousedown';
|
||||||
|
}
|
||||||
|
|
||||||
|
return 'click';
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {EventTarget|Element} targetElement
|
||||||
|
*/
|
||||||
|
FastClick.prototype.focus = function(targetElement) {
|
||||||
|
var length;
|
||||||
|
|
||||||
|
// Issue #160: on iOS 7, some input elements (e.g. date datetime month) throw a vague TypeError on setSelectionRange. These elements don't have an integer value for the selectionStart and selectionEnd properties, but unfortunately that can't be used for detection because accessing the properties also throws a TypeError. Just check the type instead. Filed as Apple bug #15122724.
|
||||||
|
if (deviceIsIOS && targetElement.setSelectionRange && targetElement.type.indexOf('date') !== 0 && targetElement.type !== 'time' && targetElement.type !== 'month' && targetElement.type !== 'email') {
|
||||||
|
length = targetElement.value.length;
|
||||||
|
targetElement.setSelectionRange(length, length);
|
||||||
|
} else {
|
||||||
|
targetElement.focus();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether the given target element is a child of a scrollable layer and if so, set a flag on it.
|
||||||
|
*
|
||||||
|
* @param {EventTarget|Element} targetElement
|
||||||
|
*/
|
||||||
|
FastClick.prototype.updateScrollParent = function(targetElement) {
|
||||||
|
var scrollParent, parentElement;
|
||||||
|
|
||||||
|
scrollParent = targetElement.fastClickScrollParent;
|
||||||
|
|
||||||
|
// Attempt to discover whether the target element is contained within a scrollable layer. Re-check if the
|
||||||
|
// target element was moved to another parent.
|
||||||
|
if (!scrollParent || !scrollParent.contains(targetElement)) {
|
||||||
|
parentElement = targetElement;
|
||||||
|
do {
|
||||||
|
if (parentElement.scrollHeight > parentElement.offsetHeight) {
|
||||||
|
scrollParent = parentElement;
|
||||||
|
targetElement.fastClickScrollParent = parentElement;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
parentElement = parentElement.parentElement;
|
||||||
|
} while (parentElement);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Always update the scroll top tracker if possible.
|
||||||
|
if (scrollParent) {
|
||||||
|
scrollParent.fastClickLastScrollTop = scrollParent.scrollTop;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param {EventTarget} targetElement
|
||||||
|
* @returns {Element|EventTarget}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.getTargetElementFromEventTarget = function(eventTarget) {
|
||||||
|
|
||||||
|
// On some older browsers (notably Safari on iOS 4.1 - see issue #56) the event target may be a text node.
|
||||||
|
if (eventTarget.nodeType === Node.TEXT_NODE) {
|
||||||
|
return eventTarget.parentNode;
|
||||||
|
}
|
||||||
|
|
||||||
|
return eventTarget;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* On touch start, record the position and scroll offset.
|
||||||
|
*
|
||||||
|
* @param {Event} event
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.onTouchStart = function(event) {
|
||||||
|
var targetElement, touch, selection;
|
||||||
|
|
||||||
|
// Ignore multiple touches, otherwise pinch-to-zoom is prevented if both fingers are on the FastClick element (issue #111).
|
||||||
|
if (event.targetTouches.length > 1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
targetElement = this.getTargetElementFromEventTarget(event.target);
|
||||||
|
touch = event.targetTouches[0];
|
||||||
|
|
||||||
|
if (deviceIsIOS) {
|
||||||
|
|
||||||
|
// Only trusted events will deselect text on iOS (issue #49)
|
||||||
|
selection = window.getSelection();
|
||||||
|
if (selection.rangeCount && !selection.isCollapsed) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!deviceIsIOS4) {
|
||||||
|
|
||||||
|
// Weird things happen on iOS when an alert or confirm dialog is opened from a click event callback (issue #23):
|
||||||
|
// when the user next taps anywhere else on the page, new touchstart and touchend events are dispatched
|
||||||
|
// with the same identifier as the touch event that previously triggered the click that triggered the alert.
|
||||||
|
// Sadly, there is an issue on iOS 4 that causes some normal touch events to have the same identifier as an
|
||||||
|
// immediately preceeding touch event (issue #52), so this fix is unavailable on that platform.
|
||||||
|
// Issue 120: touch.identifier is 0 when Chrome dev tools 'Emulate touch events' is set with an iOS device UA string,
|
||||||
|
// which causes all touch events to be ignored. As this block only applies to iOS, and iOS identifiers are always long,
|
||||||
|
// random integers, it's safe to to continue if the identifier is 0 here.
|
||||||
|
if (touch.identifier && touch.identifier === this.lastTouchIdentifier) {
|
||||||
|
event.preventDefault();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.lastTouchIdentifier = touch.identifier;
|
||||||
|
|
||||||
|
// If the target element is a child of a scrollable layer (using -webkit-overflow-scrolling: touch) and:
|
||||||
|
// 1) the user does a fling scroll on the scrollable layer
|
||||||
|
// 2) the user stops the fling scroll with another tap
|
||||||
|
// then the event.target of the last 'touchend' event will be the element that was under the user's finger
|
||||||
|
// when the fling scroll was started, causing FastClick to send a click event to that layer - unless a check
|
||||||
|
// is made to ensure that a parent layer was not scrolled before sending a synthetic click (issue #42).
|
||||||
|
this.updateScrollParent(targetElement);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
this.trackingClick = true;
|
||||||
|
this.trackingClickStart = event.timeStamp;
|
||||||
|
this.targetElement = targetElement;
|
||||||
|
|
||||||
|
this.touchStartX = touch.pageX;
|
||||||
|
this.touchStartY = touch.pageY;
|
||||||
|
|
||||||
|
// Prevent phantom clicks on fast double-tap (issue #36)
|
||||||
|
if ((event.timeStamp - this.lastClickTime) < this.tapDelay) {
|
||||||
|
event.preventDefault();
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Based on a touchmove event object, check whether the touch has moved past a boundary since it started.
|
||||||
|
*
|
||||||
|
* @param {Event} event
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.touchHasMoved = function(event) {
|
||||||
|
var touch = event.changedTouches[0], boundary = this.touchBoundary;
|
||||||
|
|
||||||
|
if (Math.abs(touch.pageX - this.touchStartX) > boundary || Math.abs(touch.pageY - this.touchStartY) > boundary) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Update the last position.
|
||||||
|
*
|
||||||
|
* @param {Event} event
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.onTouchMove = function(event) {
|
||||||
|
if (!this.trackingClick) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// If the touch has moved, cancel the click tracking
|
||||||
|
if (this.targetElement !== this.getTargetElementFromEventTarget(event.target) || this.touchHasMoved(event)) {
|
||||||
|
this.trackingClick = false;
|
||||||
|
this.targetElement = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Attempt to find the labelled control for the given label element.
|
||||||
|
*
|
||||||
|
* @param {EventTarget|HTMLLabelElement} labelElement
|
||||||
|
* @returns {Element|null}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.findControl = function(labelElement) {
|
||||||
|
|
||||||
|
// Fast path for newer browsers supporting the HTML5 control attribute
|
||||||
|
if (labelElement.control !== undefined) {
|
||||||
|
return labelElement.control;
|
||||||
|
}
|
||||||
|
|
||||||
|
// All browsers under test that support touch events also support the HTML5 htmlFor attribute
|
||||||
|
if (labelElement.htmlFor) {
|
||||||
|
return document.getElementById(labelElement.htmlFor);
|
||||||
|
}
|
||||||
|
|
||||||
|
// If no for attribute exists, attempt to retrieve the first labellable descendant element
|
||||||
|
// the list of which is defined here: http://www.w3.org/TR/html5/forms.html#category-label
|
||||||
|
return labelElement.querySelector('button, input:not([type=hidden]), keygen, meter, output, progress, select, textarea');
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* On touch end, determine whether to send a click event at once.
|
||||||
|
*
|
||||||
|
* @param {Event} event
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.onTouchEnd = function(event) {
|
||||||
|
var forElement, trackingClickStart, targetTagName, scrollParent, touch, targetElement = this.targetElement;
|
||||||
|
|
||||||
|
if (!this.trackingClick) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prevent phantom clicks on fast double-tap (issue #36)
|
||||||
|
if ((event.timeStamp - this.lastClickTime) < this.tapDelay) {
|
||||||
|
this.cancelNextClick = true;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((event.timeStamp - this.trackingClickStart) > this.tapTimeout) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Reset to prevent wrong click cancel on input (issue #156).
|
||||||
|
this.cancelNextClick = false;
|
||||||
|
|
||||||
|
this.lastClickTime = event.timeStamp;
|
||||||
|
|
||||||
|
trackingClickStart = this.trackingClickStart;
|
||||||
|
this.trackingClick = false;
|
||||||
|
this.trackingClickStart = 0;
|
||||||
|
|
||||||
|
// On some iOS devices, the targetElement supplied with the event is invalid if the layer
|
||||||
|
// is performing a transition or scroll, and has to be re-detected manually. Note that
|
||||||
|
// for this to function correctly, it must be called *after* the event target is checked!
|
||||||
|
// See issue #57; also filed as rdar://13048589 .
|
||||||
|
if (deviceIsIOSWithBadTarget) {
|
||||||
|
touch = event.changedTouches[0];
|
||||||
|
|
||||||
|
// In certain cases arguments of elementFromPoint can be negative, so prevent setting targetElement to null
|
||||||
|
targetElement = document.elementFromPoint(touch.pageX - window.pageXOffset, touch.pageY - window.pageYOffset) || targetElement;
|
||||||
|
targetElement.fastClickScrollParent = this.targetElement.fastClickScrollParent;
|
||||||
|
}
|
||||||
|
|
||||||
|
targetTagName = targetElement.tagName.toLowerCase();
|
||||||
|
if (targetTagName === 'label') {
|
||||||
|
forElement = this.findControl(targetElement);
|
||||||
|
if (forElement) {
|
||||||
|
this.focus(targetElement);
|
||||||
|
if (deviceIsAndroid) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
targetElement = forElement;
|
||||||
|
}
|
||||||
|
} else if (this.needsFocus(targetElement)) {
|
||||||
|
|
||||||
|
// Case 1: If the touch started a while ago (best guess is 100ms based on tests for issue #36) then focus will be triggered anyway. Return early and unset the target element reference so that the subsequent click will be allowed through.
|
||||||
|
// Case 2: Without this exception for input elements tapped when the document is contained in an iframe, then any inputted text won't be visible even though the value attribute is updated as the user types (issue #37).
|
||||||
|
if ((event.timeStamp - trackingClickStart) > 100 || (deviceIsIOS && window.top !== window && targetTagName === 'input')) {
|
||||||
|
this.targetElement = null;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
this.focus(targetElement);
|
||||||
|
this.sendClick(targetElement, event);
|
||||||
|
|
||||||
|
// Select elements need the event to go through on iOS 4, otherwise the selector menu won't open.
|
||||||
|
// Also this breaks opening selects when VoiceOver is active on iOS6, iOS7 (and possibly others)
|
||||||
|
if (!deviceIsIOS || targetTagName !== 'select') {
|
||||||
|
this.targetElement = null;
|
||||||
|
event.preventDefault();
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (deviceIsIOS && !deviceIsIOS4) {
|
||||||
|
|
||||||
|
// Don't send a synthetic click event if the target element is contained within a parent layer that was scrolled
|
||||||
|
// and this tap is being used to stop the scrolling (usually initiated by a fling - issue #42).
|
||||||
|
scrollParent = targetElement.fastClickScrollParent;
|
||||||
|
if (scrollParent && scrollParent.fastClickLastScrollTop !== scrollParent.scrollTop) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Prevent the actual click from going though - unless the target node is marked as requiring
|
||||||
|
// real clicks or if it is in the whitelist in which case only non-programmatic clicks are permitted.
|
||||||
|
if (!this.needsClick(targetElement)) {
|
||||||
|
event.preventDefault();
|
||||||
|
this.sendClick(targetElement, event);
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* On touch cancel, stop tracking the click.
|
||||||
|
*
|
||||||
|
* @returns {void}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.onTouchCancel = function() {
|
||||||
|
this.trackingClick = false;
|
||||||
|
this.targetElement = null;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine mouse events which should be permitted.
|
||||||
|
*
|
||||||
|
* @param {Event} event
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.onMouse = function(event) {
|
||||||
|
|
||||||
|
// If a target element was never set (because a touch event was never fired) allow the event
|
||||||
|
if (!this.targetElement) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (event.forwardedTouchEvent) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Programmatically generated events targeting a specific element should be permitted
|
||||||
|
if (!event.cancelable) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Derive and check the target element to see whether the mouse event needs to be permitted;
|
||||||
|
// unless explicitly enabled, prevent non-touch click events from triggering actions,
|
||||||
|
// to prevent ghost/doubleclicks.
|
||||||
|
if (!this.needsClick(this.targetElement) || this.cancelNextClick) {
|
||||||
|
|
||||||
|
// Prevent any user-added listeners declared on FastClick element from being fired.
|
||||||
|
if (event.stopImmediatePropagation) {
|
||||||
|
event.stopImmediatePropagation();
|
||||||
|
} else {
|
||||||
|
|
||||||
|
// Part of the hack for browsers that don't support Event#stopImmediatePropagation (e.g. Android 2)
|
||||||
|
event.propagationStopped = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Cancel the event
|
||||||
|
event.stopPropagation();
|
||||||
|
event.preventDefault();
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
// If the mouse event is permitted, return true for the action to go through.
|
||||||
|
return true;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* On actual clicks, determine whether this is a touch-generated click, a click action occurring
|
||||||
|
* naturally after a delay after a touch (which needs to be cancelled to avoid duplication), or
|
||||||
|
* an actual click which should be permitted.
|
||||||
|
*
|
||||||
|
* @param {Event} event
|
||||||
|
* @returns {boolean}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.onClick = function(event) {
|
||||||
|
var permitted;
|
||||||
|
|
||||||
|
// It's possible for another FastClick-like library delivered with third-party code to fire a click event before FastClick does (issue #44). In that case, set the click-tracking flag back to false and return early. This will cause onTouchEnd to return early.
|
||||||
|
if (this.trackingClick) {
|
||||||
|
this.targetElement = null;
|
||||||
|
this.trackingClick = false;
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Very odd behaviour on iOS (issue #18): if a submit element is present inside a form and the user hits enter in the iOS simulator or clicks the Go button on the pop-up OS keyboard the a kind of 'fake' click event will be triggered with the submit-type input element as the target.
|
||||||
|
if (event.target.type === 'submit' && event.detail === 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
permitted = this.onMouse(event);
|
||||||
|
|
||||||
|
// Only unset targetElement if the click is not permitted. This will ensure that the check for !targetElement in onMouse fails and the browser's click doesn't go through.
|
||||||
|
if (!permitted) {
|
||||||
|
this.targetElement = null;
|
||||||
|
}
|
||||||
|
|
||||||
|
// If clicks are permitted, return true for the action to go through.
|
||||||
|
return permitted;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Remove all FastClick's event listeners.
|
||||||
|
*
|
||||||
|
* @returns {void}
|
||||||
|
*/
|
||||||
|
FastClick.prototype.destroy = function() {
|
||||||
|
var layer = this.layer;
|
||||||
|
|
||||||
|
if (deviceIsAndroid) {
|
||||||
|
layer.removeEventListener('mouseover', this.onMouse, true);
|
||||||
|
layer.removeEventListener('mousedown', this.onMouse, true);
|
||||||
|
layer.removeEventListener('mouseup', this.onMouse, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
layer.removeEventListener('click', this.onClick, true);
|
||||||
|
layer.removeEventListener('touchstart', this.onTouchStart, false);
|
||||||
|
layer.removeEventListener('touchmove', this.onTouchMove, false);
|
||||||
|
layer.removeEventListener('touchend', this.onTouchEnd, false);
|
||||||
|
layer.removeEventListener('touchcancel', this.onTouchCancel, false);
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check whether FastClick is needed.
|
||||||
|
*
|
||||||
|
* @param {Element} layer The layer to listen on
|
||||||
|
*/
|
||||||
|
FastClick.notNeeded = function(layer) {
|
||||||
|
var metaViewport;
|
||||||
|
var chromeVersion;
|
||||||
|
var blackberryVersion;
|
||||||
|
var firefoxVersion;
|
||||||
|
|
||||||
|
// Devices that don't support touch don't need FastClick
|
||||||
|
if (typeof window.ontouchstart === 'undefined') {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Chrome version - zero for other browsers
|
||||||
|
chromeVersion = +(/Chrome\/([0-9]+)/.exec(navigator.userAgent) || [,0])[1];
|
||||||
|
|
||||||
|
if (chromeVersion) {
|
||||||
|
|
||||||
|
if (deviceIsAndroid) {
|
||||||
|
metaViewport = document.querySelector('meta[name=viewport]');
|
||||||
|
|
||||||
|
if (metaViewport) {
|
||||||
|
// Chrome on Android with user-scalable="no" doesn't need FastClick (issue #89)
|
||||||
|
if (metaViewport.content.indexOf('user-scalable=no') !== -1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// Chrome 32 and above with width=device-width or less don't need FastClick
|
||||||
|
if (chromeVersion > 31 && document.documentElement.scrollWidth <= window.outerWidth) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Chrome desktop doesn't need FastClick (issue #15)
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (deviceIsBlackBerry10) {
|
||||||
|
blackberryVersion = navigator.userAgent.match(/Version\/([0-9]*)\.([0-9]*)/);
|
||||||
|
|
||||||
|
// BlackBerry 10.3+ does not require Fastclick library.
|
||||||
|
// https://github.com/ftlabs/fastclick/issues/251
|
||||||
|
if (blackberryVersion[1] >= 10 && blackberryVersion[2] >= 3) {
|
||||||
|
metaViewport = document.querySelector('meta[name=viewport]');
|
||||||
|
|
||||||
|
if (metaViewport) {
|
||||||
|
// user-scalable=no eliminates click delay.
|
||||||
|
if (metaViewport.content.indexOf('user-scalable=no') !== -1) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// width=device-width (or less than device-width) eliminates click delay.
|
||||||
|
if (document.documentElement.scrollWidth <= window.outerWidth) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// IE10 with -ms-touch-action: none or manipulation, which disables double-tap-to-zoom (issue #97)
|
||||||
|
if (layer.style.msTouchAction === 'none' || layer.style.touchAction === 'manipulation') {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Firefox version - zero for other browsers
|
||||||
|
firefoxVersion = +(/Firefox\/([0-9]+)/.exec(navigator.userAgent) || [,0])[1];
|
||||||
|
|
||||||
|
if (firefoxVersion >= 27) {
|
||||||
|
// Firefox 27+ does not have tap delay if the content is not zoomable - https://bugzilla.mozilla.org/show_bug.cgi?id=922896
|
||||||
|
|
||||||
|
metaViewport = document.querySelector('meta[name=viewport]');
|
||||||
|
if (metaViewport && (metaViewport.content.indexOf('user-scalable=no') !== -1 || document.documentElement.scrollWidth <= window.outerWidth)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// IE11: prefixed -ms-touch-action is no longer supported and it's recomended to use non-prefixed version
|
||||||
|
// http://msdn.microsoft.com/en-us/library/windows/apps/Hh767313.aspx
|
||||||
|
if (layer.style.touchAction === 'none' || layer.style.touchAction === 'manipulation') {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Factory method for creating a FastClick object
|
||||||
|
*
|
||||||
|
* @param {Element} layer The layer to listen on
|
||||||
|
* @param {Object} [options={}] The options to override the defaults
|
||||||
|
*/
|
||||||
|
FastClick.attach = function(layer, options) {
|
||||||
|
return new FastClick(layer, options);
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
if (typeof define === 'function' && typeof define.amd === 'object' && define.amd) {
|
||||||
|
|
||||||
|
// AMD. Register as an anonymous module.
|
||||||
|
define(function() {
|
||||||
|
return FastClick;
|
||||||
|
});
|
||||||
|
} else if (typeof module !== 'undefined' && module.exports) {
|
||||||
|
module.exports = FastClick.attach;
|
||||||
|
module.exports.FastClick = FastClick;
|
||||||
|
} else {
|
||||||
|
window.FastClick = FastClick;
|
||||||
|
}
|
||||||
|
}());
|
|
@ -0,0 +1,22 @@
|
||||||
|
Copyright (c) 2014 The Financial Times Ltd.
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person
|
||||||
|
obtaining a copy of this software and associated documentation
|
||||||
|
files (the "Software"), to deal in the Software without
|
||||||
|
restriction, including without limitation the rights to use,
|
||||||
|
copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the
|
||||||
|
Software is furnished to do so, subject to the following
|
||||||
|
conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be
|
||||||
|
included in all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
|
||||||
|
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||||
|
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
|
||||||
|
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
|
||||||
|
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
|
||||||
|
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
|
||||||
|
OTHER DEALINGS IN THE SOFTWARE.
|
|
@ -0,0 +1,21 @@
|
||||||
|
The MIT License (MIT)
|
||||||
|
|
||||||
|
Copyright (c) 2016 mdmoreau
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
|
@ -0,0 +1,17 @@
|
||||||
|
.flextabs {
|
||||||
|
display: flex;
|
||||||
|
flex-wrap: wrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
.flextabs__tab {
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.flextabs__content {
|
||||||
|
display: none;
|
||||||
|
width: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
.flextabs__content--active {
|
||||||
|
display: block;
|
||||||
|
}
|
|
@ -0,0 +1,68 @@
|
||||||
|
(function(root, factory) {
|
||||||
|
if (typeof define === 'function' && define.amd) {
|
||||||
|
define([], factory);
|
||||||
|
} else if (typeof module === 'object' && module.exports) {
|
||||||
|
module.exports = factory();
|
||||||
|
} else {
|
||||||
|
root.flextabs = factory();
|
||||||
|
}
|
||||||
|
}(this, function() {
|
||||||
|
|
||||||
|
var flextabs = function(target) {
|
||||||
|
|
||||||
|
var _ = {};
|
||||||
|
|
||||||
|
_.flextabs = target;
|
||||||
|
|
||||||
|
_.toggle = _.flextabs.querySelectorAll('.flextabs__toggle');
|
||||||
|
|
||||||
|
_.content = _.flextabs.querySelectorAll('.flextabs__content');
|
||||||
|
|
||||||
|
_.reset = function() {
|
||||||
|
for (var i = 0; i < _.toggle.length; i += 1) {
|
||||||
|
_.toggle[i].classList.remove('flextabs__toggle--active--last');
|
||||||
|
_.content[i].classList.remove('flextabs__content--active--last');
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
_.activate = function() {
|
||||||
|
var i = Array.prototype.indexOf.call(_.toggle, this);
|
||||||
|
_.toggle[i].classList.toggle('flextabs__toggle--active');
|
||||||
|
_.toggle[i].classList.add('flextabs__toggle--active--last');
|
||||||
|
_.content[i].classList.toggle('flextabs__content--active');
|
||||||
|
_.content[i].classList.add('flextabs__content--active--last');
|
||||||
|
};
|
||||||
|
|
||||||
|
_.aria = function() {
|
||||||
|
for (var i = 0; i < _.toggle.length; i += 1) {
|
||||||
|
var style = getComputedStyle(_.content[i]);
|
||||||
|
if (style.getPropertyValue('display') !== 'none') {
|
||||||
|
_.toggle[i].setAttribute('aria-expanded', true);
|
||||||
|
} else {
|
||||||
|
_.toggle[i].setAttribute('aria-expanded', false);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
_.click = function(e) {
|
||||||
|
e.preventDefault();
|
||||||
|
_.reset();
|
||||||
|
_.activate.call(this);
|
||||||
|
_.aria();
|
||||||
|
};
|
||||||
|
|
||||||
|
_.init = function() {
|
||||||
|
for (var i = 0; i < _.toggle.length; i += 1) {
|
||||||
|
window.addEventListener('load', _.aria);
|
||||||
|
window.addEventListener('resize', _.aria);
|
||||||
|
_.toggle[i].addEventListener('click', _.click);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
return _;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
return flextabs;
|
||||||
|
|
||||||
|
}));
|
|
@ -0,0 +1,35 @@
|
||||||
|
var include = (() =>
|
||||||
|
{
|
||||||
|
let _inclusions = new Map();
|
||||||
|
|
||||||
|
function scriptLoader(src) {
|
||||||
|
let script = document.createElement("script");
|
||||||
|
script.src = src;
|
||||||
|
return script;
|
||||||
|
}
|
||||||
|
|
||||||
|
function styleLoader(src) {
|
||||||
|
let style = document.createElement("link");
|
||||||
|
style.rel = "stylesheet";
|
||||||
|
style.type = "text/css";
|
||||||
|
style.href = src;
|
||||||
|
return style;
|
||||||
|
}
|
||||||
|
|
||||||
|
return async function include(src) {
|
||||||
|
if (_inclusions.has(src)) return await _inclusions.get(src);
|
||||||
|
if (Array.isArray(src)) {
|
||||||
|
return await Promise.all(src.map(s => include(s)));
|
||||||
|
}
|
||||||
|
debug("Including", src);
|
||||||
|
|
||||||
|
let loading = new Promise((resolve, reject) => {
|
||||||
|
let inc = src.endsWith(".css") ? styleLoader(src) : scriptLoader(src);
|
||||||
|
inc.onload = () => resolve(inc);
|
||||||
|
inc.onerror = () => reject(new Error(`Failed to load ${src}`));
|
||||||
|
document.head.appendChild(inc);
|
||||||
|
});
|
||||||
|
_inclusions.set(src, loading);
|
||||||
|
return await (loading);
|
||||||
|
}
|
||||||
|
})();
|
|
@ -0,0 +1,14 @@
|
||||||
|
|
||||||
|
{
|
||||||
|
let PREFIX = `[${browser.runtime.getManifest().name}]`;
|
||||||
|
|
||||||
|
function log(msg, ...rest) {
|
||||||
|
console.log(`${PREFIX} ${msg}`, ...rest);
|
||||||
|
}
|
||||||
|
function debug(msg, ...rest) {
|
||||||
|
console.debug(`${PREFIX} ${msg}`, ...rest);
|
||||||
|
}
|
||||||
|
function error(e, msg, ...rest) {
|
||||||
|
console.error(`${PREFIX} ${msg}`, e, e.message, e.stack);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,21 @@
|
||||||
|
if (typeof flextabs === "function") {
|
||||||
|
|
||||||
|
for (let tabs of document.querySelectorAll(".flextabs")) {
|
||||||
|
flextabs(tabs).init();
|
||||||
|
let {id} = tabs;
|
||||||
|
if (!id) continue;
|
||||||
|
let rx = new RegExp(`(?:^|[#;])tab-${id}=(\\d+)(?:;|$)`);
|
||||||
|
let current = location.hash.match(rx);
|
||||||
|
console.log(`persisted %o`, current);
|
||||||
|
let toggles = tabs.querySelectorAll(".flextabs__toggle");
|
||||||
|
let currentToggle = toggles[current && parseInt(current[1]) || 0];
|
||||||
|
if (currentToggle) currentToggle.click();
|
||||||
|
for (let toggle of toggles) {
|
||||||
|
toggle.addEventListener("click", e => {
|
||||||
|
let currentIdx = Array.indexOf(toggles, toggle);
|
||||||
|
location.hash = location.hash.split(";").filter(p => !rx.test(p))
|
||||||
|
.concat(`tab-${id}=${currentIdx}`).join(";");
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,533 @@
|
||||||
|
/*! https://mths.be/punycode v1.4.1 by @mathias */
|
||||||
|
;(function(root) {
|
||||||
|
|
||||||
|
/** Detect free variables */
|
||||||
|
var freeExports = typeof exports == 'object' && exports &&
|
||||||
|
!exports.nodeType && exports;
|
||||||
|
var freeModule = typeof module == 'object' && module &&
|
||||||
|
!module.nodeType && module;
|
||||||
|
var freeGlobal = typeof global == 'object' && global;
|
||||||
|
if (
|
||||||
|
freeGlobal.global === freeGlobal ||
|
||||||
|
freeGlobal.window === freeGlobal ||
|
||||||
|
freeGlobal.self === freeGlobal
|
||||||
|
) {
|
||||||
|
root = freeGlobal;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The `punycode` object.
|
||||||
|
* @name punycode
|
||||||
|
* @type Object
|
||||||
|
*/
|
||||||
|
var punycode,
|
||||||
|
|
||||||
|
/** Highest positive signed 32-bit float value */
|
||||||
|
maxInt = 2147483647, // aka. 0x7FFFFFFF or 2^31-1
|
||||||
|
|
||||||
|
/** Bootstring parameters */
|
||||||
|
base = 36,
|
||||||
|
tMin = 1,
|
||||||
|
tMax = 26,
|
||||||
|
skew = 38,
|
||||||
|
damp = 700,
|
||||||
|
initialBias = 72,
|
||||||
|
initialN = 128, // 0x80
|
||||||
|
delimiter = '-', // '\x2D'
|
||||||
|
|
||||||
|
/** Regular expressions */
|
||||||
|
regexPunycode = /^xn--/,
|
||||||
|
regexNonASCII = /[^\x20-\x7E]/, // unprintable ASCII chars + non-ASCII chars
|
||||||
|
regexSeparators = /[\x2E\u3002\uFF0E\uFF61]/g, // RFC 3490 separators
|
||||||
|
|
||||||
|
/** Error messages */
|
||||||
|
errors = {
|
||||||
|
'overflow': 'Overflow: input needs wider integers to process',
|
||||||
|
'not-basic': 'Illegal input >= 0x80 (not a basic code point)',
|
||||||
|
'invalid-input': 'Invalid input'
|
||||||
|
},
|
||||||
|
|
||||||
|
/** Convenience shortcuts */
|
||||||
|
baseMinusTMin = base - tMin,
|
||||||
|
floor = Math.floor,
|
||||||
|
stringFromCharCode = String.fromCharCode,
|
||||||
|
|
||||||
|
/** Temporary variable */
|
||||||
|
key;
|
||||||
|
|
||||||
|
/*--------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A generic error utility function.
|
||||||
|
* @private
|
||||||
|
* @param {String} type The error type.
|
||||||
|
* @returns {Error} Throws a `RangeError` with the applicable error message.
|
||||||
|
*/
|
||||||
|
function error(type) {
|
||||||
|
throw new RangeError(errors[type]);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A generic `Array#map` utility function.
|
||||||
|
* @private
|
||||||
|
* @param {Array} array The array to iterate over.
|
||||||
|
* @param {Function} callback The function that gets called for every array
|
||||||
|
* item.
|
||||||
|
* @returns {Array} A new array of values returned by the callback function.
|
||||||
|
*/
|
||||||
|
function map(array, fn) {
|
||||||
|
var length = array.length;
|
||||||
|
var result = [];
|
||||||
|
while (length--) {
|
||||||
|
result[length] = fn(array[length]);
|
||||||
|
}
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A simple `Array#map`-like wrapper to work with domain name strings or email
|
||||||
|
* addresses.
|
||||||
|
* @private
|
||||||
|
* @param {String} domain The domain name or email address.
|
||||||
|
* @param {Function} callback The function that gets called for every
|
||||||
|
* character.
|
||||||
|
* @returns {Array} A new string of characters returned by the callback
|
||||||
|
* function.
|
||||||
|
*/
|
||||||
|
function mapDomain(string, fn) {
|
||||||
|
var parts = string.split('@');
|
||||||
|
var result = '';
|
||||||
|
if (parts.length > 1) {
|
||||||
|
// In email addresses, only the domain name should be punycoded. Leave
|
||||||
|
// the local part (i.e. everything up to `@`) intact.
|
||||||
|
result = parts[0] + '@';
|
||||||
|
string = parts[1];
|
||||||
|
}
|
||||||
|
// Avoid `split(regex)` for IE8 compatibility. See #17.
|
||||||
|
string = string.replace(regexSeparators, '\x2E');
|
||||||
|
var labels = string.split('.');
|
||||||
|
var encoded = map(labels, fn).join('.');
|
||||||
|
return result + encoded;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates an array containing the numeric code points of each Unicode
|
||||||
|
* character in the string. While JavaScript uses UCS-2 internally,
|
||||||
|
* this function will convert a pair of surrogate halves (each of which
|
||||||
|
* UCS-2 exposes as separate characters) into a single code point,
|
||||||
|
* matching UTF-16.
|
||||||
|
* @see `punycode.ucs2.encode`
|
||||||
|
* @see <https://mathiasbynens.be/notes/javascript-encoding>
|
||||||
|
* @memberOf punycode.ucs2
|
||||||
|
* @name decode
|
||||||
|
* @param {String} string The Unicode input string (UCS-2).
|
||||||
|
* @returns {Array} The new array of code points.
|
||||||
|
*/
|
||||||
|
function ucs2decode(string) {
|
||||||
|
var output = [],
|
||||||
|
counter = 0,
|
||||||
|
length = string.length,
|
||||||
|
value,
|
||||||
|
extra;
|
||||||
|
while (counter < length) {
|
||||||
|
value = string.charCodeAt(counter++);
|
||||||
|
if (value >= 0xD800 && value <= 0xDBFF && counter < length) {
|
||||||
|
// high surrogate, and there is a next character
|
||||||
|
extra = string.charCodeAt(counter++);
|
||||||
|
if ((extra & 0xFC00) == 0xDC00) { // low surrogate
|
||||||
|
output.push(((value & 0x3FF) << 10) + (extra & 0x3FF) + 0x10000);
|
||||||
|
} else {
|
||||||
|
// unmatched surrogate; only append this code unit, in case the next
|
||||||
|
// code unit is the high surrogate of a surrogate pair
|
||||||
|
output.push(value);
|
||||||
|
counter--;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
output.push(value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return output;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Creates a string based on an array of numeric code points.
|
||||||
|
* @see `punycode.ucs2.decode`
|
||||||
|
* @memberOf punycode.ucs2
|
||||||
|
* @name encode
|
||||||
|
* @param {Array} codePoints The array of numeric code points.
|
||||||
|
* @returns {String} The new Unicode string (UCS-2).
|
||||||
|
*/
|
||||||
|
function ucs2encode(array) {
|
||||||
|
return map(array, function(value) {
|
||||||
|
var output = '';
|
||||||
|
if (value > 0xFFFF) {
|
||||||
|
value -= 0x10000;
|
||||||
|
output += stringFromCharCode(value >>> 10 & 0x3FF | 0xD800);
|
||||||
|
value = 0xDC00 | value & 0x3FF;
|
||||||
|
}
|
||||||
|
output += stringFromCharCode(value);
|
||||||
|
return output;
|
||||||
|
}).join('');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts a basic code point into a digit/integer.
|
||||||
|
* @see `digitToBasic()`
|
||||||
|
* @private
|
||||||
|
* @param {Number} codePoint The basic numeric code point value.
|
||||||
|
* @returns {Number} The numeric value of a basic code point (for use in
|
||||||
|
* representing integers) in the range `0` to `base - 1`, or `base` if
|
||||||
|
* the code point does not represent a value.
|
||||||
|
*/
|
||||||
|
function basicToDigit(codePoint) {
|
||||||
|
if (codePoint - 48 < 10) {
|
||||||
|
return codePoint - 22;
|
||||||
|
}
|
||||||
|
if (codePoint - 65 < 26) {
|
||||||
|
return codePoint - 65;
|
||||||
|
}
|
||||||
|
if (codePoint - 97 < 26) {
|
||||||
|
return codePoint - 97;
|
||||||
|
}
|
||||||
|
return base;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts a digit/integer into a basic code point.
|
||||||
|
* @see `basicToDigit()`
|
||||||
|
* @private
|
||||||
|
* @param {Number} digit The numeric value of a basic code point.
|
||||||
|
* @returns {Number} The basic code point whose value (when used for
|
||||||
|
* representing integers) is `digit`, which needs to be in the range
|
||||||
|
* `0` to `base - 1`. If `flag` is non-zero, the uppercase form is
|
||||||
|
* used; else, the lowercase form is used. The behavior is undefined
|
||||||
|
* if `flag` is non-zero and `digit` has no uppercase form.
|
||||||
|
*/
|
||||||
|
function digitToBasic(digit, flag) {
|
||||||
|
// 0..25 map to ASCII a..z or A..Z
|
||||||
|
// 26..35 map to ASCII 0..9
|
||||||
|
return digit + 22 + 75 * (digit < 26) - ((flag != 0) << 5);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Bias adaptation function as per section 3.4 of RFC 3492.
|
||||||
|
* https://tools.ietf.org/html/rfc3492#section-3.4
|
||||||
|
* @private
|
||||||
|
*/
|
||||||
|
function adapt(delta, numPoints, firstTime) {
|
||||||
|
var k = 0;
|
||||||
|
delta = firstTime ? floor(delta / damp) : delta >> 1;
|
||||||
|
delta += floor(delta / numPoints);
|
||||||
|
for (/* no initialization */; delta > baseMinusTMin * tMax >> 1; k += base) {
|
||||||
|
delta = floor(delta / baseMinusTMin);
|
||||||
|
}
|
||||||
|
return floor(k + (baseMinusTMin + 1) * delta / (delta + skew));
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts a Punycode string of ASCII-only symbols to a string of Unicode
|
||||||
|
* symbols.
|
||||||
|
* @memberOf punycode
|
||||||
|
* @param {String} input The Punycode string of ASCII-only symbols.
|
||||||
|
* @returns {String} The resulting string of Unicode symbols.
|
||||||
|
*/
|
||||||
|
function decode(input) {
|
||||||
|
// Don't use UCS-2
|
||||||
|
var output = [],
|
||||||
|
inputLength = input.length,
|
||||||
|
out,
|
||||||
|
i = 0,
|
||||||
|
n = initialN,
|
||||||
|
bias = initialBias,
|
||||||
|
basic,
|
||||||
|
j,
|
||||||
|
index,
|
||||||
|
oldi,
|
||||||
|
w,
|
||||||
|
k,
|
||||||
|
digit,
|
||||||
|
t,
|
||||||
|
/** Cached calculation results */
|
||||||
|
baseMinusT;
|
||||||
|
|
||||||
|
// Handle the basic code points: let `basic` be the number of input code
|
||||||
|
// points before the last delimiter, or `0` if there is none, then copy
|
||||||
|
// the first basic code points to the output.
|
||||||
|
|
||||||
|
basic = input.lastIndexOf(delimiter);
|
||||||
|
if (basic < 0) {
|
||||||
|
basic = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
for (j = 0; j < basic; ++j) {
|
||||||
|
// if it's not a basic code point
|
||||||
|
if (input.charCodeAt(j) >= 0x80) {
|
||||||
|
error('not-basic');
|
||||||
|
}
|
||||||
|
output.push(input.charCodeAt(j));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Main decoding loop: start just after the last delimiter if any basic code
|
||||||
|
// points were copied; start at the beginning otherwise.
|
||||||
|
|
||||||
|
for (index = basic > 0 ? basic + 1 : 0; index < inputLength; /* no final expression */) {
|
||||||
|
|
||||||
|
// `index` is the index of the next character to be consumed.
|
||||||
|
// Decode a generalized variable-length integer into `delta`,
|
||||||
|
// which gets added to `i`. The overflow checking is easier
|
||||||
|
// if we increase `i` as we go, then subtract off its starting
|
||||||
|
// value at the end to obtain `delta`.
|
||||||
|
for (oldi = i, w = 1, k = base; /* no condition */; k += base) {
|
||||||
|
|
||||||
|
if (index >= inputLength) {
|
||||||
|
error('invalid-input');
|
||||||
|
}
|
||||||
|
|
||||||
|
digit = basicToDigit(input.charCodeAt(index++));
|
||||||
|
|
||||||
|
if (digit >= base || digit > floor((maxInt - i) / w)) {
|
||||||
|
error('overflow');
|
||||||
|
}
|
||||||
|
|
||||||
|
i += digit * w;
|
||||||
|
t = k <= bias ? tMin : (k >= bias + tMax ? tMax : k - bias);
|
||||||
|
|
||||||
|
if (digit < t) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
baseMinusT = base - t;
|
||||||
|
if (w > floor(maxInt / baseMinusT)) {
|
||||||
|
error('overflow');
|
||||||
|
}
|
||||||
|
|
||||||
|
w *= baseMinusT;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
out = output.length + 1;
|
||||||
|
bias = adapt(i - oldi, out, oldi == 0);
|
||||||
|
|
||||||
|
// `i` was supposed to wrap around from `out` to `0`,
|
||||||
|
// incrementing `n` each time, so we'll fix that now:
|
||||||
|
if (floor(i / out) > maxInt - n) {
|
||||||
|
error('overflow');
|
||||||
|
}
|
||||||
|
|
||||||
|
n += floor(i / out);
|
||||||
|
i %= out;
|
||||||
|
|
||||||
|
// Insert `n` at position `i` of the output
|
||||||
|
output.splice(i++, 0, n);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
return ucs2encode(output);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts a string of Unicode symbols (e.g. a domain name label) to a
|
||||||
|
* Punycode string of ASCII-only symbols.
|
||||||
|
* @memberOf punycode
|
||||||
|
* @param {String} input The string of Unicode symbols.
|
||||||
|
* @returns {String} The resulting Punycode string of ASCII-only symbols.
|
||||||
|
*/
|
||||||
|
function encode(input) {
|
||||||
|
var n,
|
||||||
|
delta,
|
||||||
|
handledCPCount,
|
||||||
|
basicLength,
|
||||||
|
bias,
|
||||||
|
j,
|
||||||
|
m,
|
||||||
|
q,
|
||||||
|
k,
|
||||||
|
t,
|
||||||
|
currentValue,
|
||||||
|
output = [],
|
||||||
|
/** `inputLength` will hold the number of code points in `input`. */
|
||||||
|
inputLength,
|
||||||
|
/** Cached calculation results */
|
||||||
|
handledCPCountPlusOne,
|
||||||
|
baseMinusT,
|
||||||
|
qMinusT;
|
||||||
|
|
||||||
|
// Convert the input in UCS-2 to Unicode
|
||||||
|
input = ucs2decode(input);
|
||||||
|
|
||||||
|
// Cache the length
|
||||||
|
inputLength = input.length;
|
||||||
|
|
||||||
|
// Initialize the state
|
||||||
|
n = initialN;
|
||||||
|
delta = 0;
|
||||||
|
bias = initialBias;
|
||||||
|
|
||||||
|
// Handle the basic code points
|
||||||
|
for (j = 0; j < inputLength; ++j) {
|
||||||
|
currentValue = input[j];
|
||||||
|
if (currentValue < 0x80) {
|
||||||
|
output.push(stringFromCharCode(currentValue));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
handledCPCount = basicLength = output.length;
|
||||||
|
|
||||||
|
// `handledCPCount` is the number of code points that have been handled;
|
||||||
|
// `basicLength` is the number of basic code points.
|
||||||
|
|
||||||
|
// Finish the basic string - if it is not empty - with a delimiter
|
||||||
|
if (basicLength) {
|
||||||
|
output.push(delimiter);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Main encoding loop:
|
||||||
|
while (handledCPCount < inputLength) {
|
||||||
|
|
||||||
|
// All non-basic code points < n have been handled already. Find the next
|
||||||
|
// larger one:
|
||||||
|
for (m = maxInt, j = 0; j < inputLength; ++j) {
|
||||||
|
currentValue = input[j];
|
||||||
|
if (currentValue >= n && currentValue < m) {
|
||||||
|
m = currentValue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// Increase `delta` enough to advance the decoder's <n,i> state to <m,0>,
|
||||||
|
// but guard against overflow
|
||||||
|
handledCPCountPlusOne = handledCPCount + 1;
|
||||||
|
if (m - n > floor((maxInt - delta) / handledCPCountPlusOne)) {
|
||||||
|
error('overflow');
|
||||||
|
}
|
||||||
|
|
||||||
|
delta += (m - n) * handledCPCountPlusOne;
|
||||||
|
n = m;
|
||||||
|
|
||||||
|
for (j = 0; j < inputLength; ++j) {
|
||||||
|
currentValue = input[j];
|
||||||
|
|
||||||
|
if (currentValue < n && ++delta > maxInt) {
|
||||||
|
error('overflow');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (currentValue == n) {
|
||||||
|
// Represent delta as a generalized variable-length integer
|
||||||
|
for (q = delta, k = base; /* no condition */; k += base) {
|
||||||
|
t = k <= bias ? tMin : (k >= bias + tMax ? tMax : k - bias);
|
||||||
|
if (q < t) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
qMinusT = q - t;
|
||||||
|
baseMinusT = base - t;
|
||||||
|
output.push(
|
||||||
|
stringFromCharCode(digitToBasic(t + qMinusT % baseMinusT, 0))
|
||||||
|
);
|
||||||
|
q = floor(qMinusT / baseMinusT);
|
||||||
|
}
|
||||||
|
|
||||||
|
output.push(stringFromCharCode(digitToBasic(q, 0)));
|
||||||
|
bias = adapt(delta, handledCPCountPlusOne, handledCPCount == basicLength);
|
||||||
|
delta = 0;
|
||||||
|
++handledCPCount;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
++delta;
|
||||||
|
++n;
|
||||||
|
|
||||||
|
}
|
||||||
|
return output.join('');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts a Punycode string representing a domain name or an email address
|
||||||
|
* to Unicode. Only the Punycoded parts of the input will be converted, i.e.
|
||||||
|
* it doesn't matter if you call it on a string that has already been
|
||||||
|
* converted to Unicode.
|
||||||
|
* @memberOf punycode
|
||||||
|
* @param {String} input The Punycoded domain name or email address to
|
||||||
|
* convert to Unicode.
|
||||||
|
* @returns {String} The Unicode representation of the given Punycode
|
||||||
|
* string.
|
||||||
|
*/
|
||||||
|
function toUnicode(input) {
|
||||||
|
return mapDomain(input, function(string) {
|
||||||
|
return regexPunycode.test(string)
|
||||||
|
? decode(string.slice(4).toLowerCase())
|
||||||
|
: string;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Converts a Unicode string representing a domain name or an email address to
|
||||||
|
* Punycode. Only the non-ASCII parts of the domain name will be converted,
|
||||||
|
* i.e. it doesn't matter if you call it with a domain that's already in
|
||||||
|
* ASCII.
|
||||||
|
* @memberOf punycode
|
||||||
|
* @param {String} input The domain name or email address to convert, as a
|
||||||
|
* Unicode string.
|
||||||
|
* @returns {String} The Punycode representation of the given domain name or
|
||||||
|
* email address.
|
||||||
|
*/
|
||||||
|
function toASCII(input) {
|
||||||
|
return mapDomain(input, function(string) {
|
||||||
|
return regexNonASCII.test(string)
|
||||||
|
? 'xn--' + encode(string)
|
||||||
|
: string;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
/*--------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
/** Define the public API */
|
||||||
|
punycode = {
|
||||||
|
/**
|
||||||
|
* A string representing the current Punycode.js version number.
|
||||||
|
* @memberOf punycode
|
||||||
|
* @type String
|
||||||
|
*/
|
||||||
|
'version': '1.4.1',
|
||||||
|
/**
|
||||||
|
* An object of methods to convert from JavaScript's internal character
|
||||||
|
* representation (UCS-2) to Unicode code points, and back.
|
||||||
|
* @see <https://mathiasbynens.be/notes/javascript-encoding>
|
||||||
|
* @memberOf punycode
|
||||||
|
* @type Object
|
||||||
|
*/
|
||||||
|
'ucs2': {
|
||||||
|
'decode': ucs2decode,
|
||||||
|
'encode': ucs2encode
|
||||||
|
},
|
||||||
|
'decode': decode,
|
||||||
|
'encode': encode,
|
||||||
|
'toASCII': toASCII,
|
||||||
|
'toUnicode': toUnicode
|
||||||
|
};
|
||||||
|
|
||||||
|
/** Expose `punycode` */
|
||||||
|
// Some AMD build optimizers, like r.js, check for specific condition patterns
|
||||||
|
// like the following:
|
||||||
|
if (
|
||||||
|
typeof define == 'function' &&
|
||||||
|
typeof define.amd == 'object' &&
|
||||||
|
define.amd
|
||||||
|
) {
|
||||||
|
define('punycode', function() {
|
||||||
|
return punycode;
|
||||||
|
});
|
||||||
|
} else if (freeExports && freeModule) {
|
||||||
|
if (module.exports == freeExports) {
|
||||||
|
// in Node.js, io.js, or RingoJS v0.8.0+
|
||||||
|
freeModule.exports = punycode;
|
||||||
|
} else {
|
||||||
|
// in Narwhal or RingoJS v0.7.0-
|
||||||
|
for (key in punycode) {
|
||||||
|
punycode.hasOwnProperty(key) && (freeExports[key] = punycode[key]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// in Rhino or a web browser
|
||||||
|
root.punycode = punycode;
|
||||||
|
}
|
||||||
|
|
||||||
|
}(this));
|
|
@ -0,0 +1,20 @@
|
||||||
|
Copyright Mathias Bynens <https://mathiasbynens.be/>
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining
|
||||||
|
a copy of this software and associated documentation files (the
|
||||||
|
"Software"), to deal in the Software without restriction, including
|
||||||
|
without limitation the rights to use, copy, modify, merge, publish,
|
||||||
|
distribute, sublicense, and/or sell copies of the Software, and to
|
||||||
|
permit persons to whom the Software is furnished to do so, subject to
|
||||||
|
the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be
|
||||||
|
included in all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||||
|
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||||
|
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||||
|
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||||
|
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
@ -0,0 +1,6 @@
|
||||||
|
'use strict';
|
||||||
|
function uuid() {
|
||||||
|
return ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,
|
||||||
|
c => (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4)
|
||||||
|
.toString(16));
|
||||||
|
}
|
|
@ -0,0 +1,101 @@
|
||||||
|
{
|
||||||
|
"manifest_version": 2,
|
||||||
|
"default_locale": "en",
|
||||||
|
"name": "NoScript",
|
||||||
|
"applications": {
|
||||||
|
"gecko": {
|
||||||
|
"id": "{73a6fe31-595d-460b-a920-fcc0f8843232}",
|
||||||
|
"strict_min_version": "59.0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"version": "10.1.8.3rc4",
|
||||||
|
"description": "__MSG_Description__",
|
||||||
|
|
||||||
|
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'",
|
||||||
|
|
||||||
|
"icons": {
|
||||||
|
"48": "img/icon48.png",
|
||||||
|
"96": "img/icon96.png",
|
||||||
|
"256": "img/icon256.png"
|
||||||
|
},
|
||||||
|
|
||||||
|
"permissions": [
|
||||||
|
"contextMenus",
|
||||||
|
"privacy",
|
||||||
|
"storage",
|
||||||
|
"tabs",
|
||||||
|
"unlimitedStorage",
|
||||||
|
"webNavigation",
|
||||||
|
"webRequest",
|
||||||
|
"webRequestBlocking",
|
||||||
|
"<all_urls>"
|
||||||
|
],
|
||||||
|
|
||||||
|
"background": {
|
||||||
|
"persistent": true,
|
||||||
|
"scripts": [
|
||||||
|
"lib/uuid.js",
|
||||||
|
"lib/log.js",
|
||||||
|
"lib/include.js",
|
||||||
|
"lib/punycode.js",
|
||||||
|
"lib/tld.js",
|
||||||
|
"common/Policy.js",
|
||||||
|
"common/locale.js",
|
||||||
|
"common/Entities.js",
|
||||||
|
"common/SyntaxChecker.js",
|
||||||
|
"common/Storage.js",
|
||||||
|
"ui/Prompts.js",
|
||||||
|
"xss/XSS.js",
|
||||||
|
"bg/main.js"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
|
||||||
|
"content_scripts": [
|
||||||
|
{
|
||||||
|
"run_at": "document_start",
|
||||||
|
"matches": ["<all_urls>"],
|
||||||
|
"match_about_blank": true,
|
||||||
|
"all_frames": true,
|
||||||
|
"js": [
|
||||||
|
"lib/log.js",
|
||||||
|
"content/onScriptDisabled.js",
|
||||||
|
"content/content.js",
|
||||||
|
"content/PlaceHolder.js"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"matches": ["<all_urls>"],
|
||||||
|
"match_about_blank": true,
|
||||||
|
"all_frames": true,
|
||||||
|
"css": [
|
||||||
|
"/content/content.css"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
],
|
||||||
|
|
||||||
|
"options_ui": {
|
||||||
|
"page": "ui/options.html",
|
||||||
|
"open_in_tab": true
|
||||||
|
},
|
||||||
|
|
||||||
|
"browser_action": {
|
||||||
|
"default_area": "navbar",
|
||||||
|
"default_title": "NoScript",
|
||||||
|
"default_icon": {
|
||||||
|
"64": "img/ui-maybe64.png"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
"commands": {
|
||||||
|
"_execute_browser_action": {
|
||||||
|
"suggested_key": {
|
||||||
|
"default": "Alt+Shift+N"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"togglePermissions": {
|
||||||
|
"suggested_key": {
|
||||||
|
"default": "Ctrl+Shift+T"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,29 @@
|
||||||
|
{
|
||||||
|
let p1 = new Policy();
|
||||||
|
p1.set("noscript.net", new Permissions(["script"], true));
|
||||||
|
p1.set("https://noscript.net", new Permissions(["script", "object"]));
|
||||||
|
p1.set("maone.net", p1.TRUSTED.tempTwin);
|
||||||
|
p1.set(Sites.secureDomainKey("secure.informaction.com"), p1.TRUSTED);
|
||||||
|
p1.set("https://flashgot.net", p1.TRUSTED);
|
||||||
|
p1.set("http://flashgot.net", p1.UNTRUSTED);
|
||||||
|
p1.set("perchè.com", p1.TRUSTED);
|
||||||
|
let p2 = new Policy(p1.dry());
|
||||||
|
debug("p1", JSON.stringify(p1.dry()));
|
||||||
|
debug("p2", JSON.stringify(p2.dry()));
|
||||||
|
|
||||||
|
for(let t of [
|
||||||
|
() => p2.can("https://noscript.net"),
|
||||||
|
() => !p2.can("http://noscript.net"),
|
||||||
|
() => p2.can("https://noscript.net", "object"),
|
||||||
|
() => p1.snapshot !== p2.snapshot,
|
||||||
|
() => JSON.stringify(p1.dry()) === JSON.stringify(p2.dry()),
|
||||||
|
() => p1.can("http://perchè.com/test") /* IDN encoding */,
|
||||||
|
() => Sites.toExternal(new URL("https://perché.com/test")) ===
|
||||||
|
"https://perché.com/test" /* IDN decoding */,
|
||||||
|
() => !p1.can("http://secure.informaction.com"),
|
||||||
|
() => p1.can("https://secure.informaction.com"),
|
||||||
|
() => p1.can("https://www.secure.informaction.com"),
|
||||||
|
]) Test.run(t);
|
||||||
|
|
||||||
|
Test.report();
|
||||||
|
}
|
|
@ -0,0 +1,43 @@
|
||||||
|
var Test = (() => {
|
||||||
|
'use strict';
|
||||||
|
return {
|
||||||
|
passed: 0,
|
||||||
|
failed: 0,
|
||||||
|
async include(tests) {
|
||||||
|
for(let test of tests) {
|
||||||
|
let src = `/test/${test}_test.js`;
|
||||||
|
log(`Testing ${test}`);
|
||||||
|
this.passed = this.failed = 0;
|
||||||
|
try {
|
||||||
|
await include(src);
|
||||||
|
} catch (e) {
|
||||||
|
// we might omit some tests in publicly available code for Security
|
||||||
|
// reasons, e.g. XSS_test.js
|
||||||
|
log("Missing test ", test);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
async run(test, msg = "", callback = null) {
|
||||||
|
let r = false;
|
||||||
|
try {
|
||||||
|
r = await test();
|
||||||
|
} catch(e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
this[r ? "passed" : "failed"]++;
|
||||||
|
log(`${r ? "PASSED" : "FAILED"} ${msg || uneval(test)}`);
|
||||||
|
if (typeof callback === "function") try {
|
||||||
|
callback(r, test, msg);
|
||||||
|
} catch(e) {
|
||||||
|
error(e);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
report() {
|
||||||
|
let {passed, failed} = this;
|
||||||
|
log(`FAILED: ${failed}, PASSED: ${passed}, TOTAL ${passed + failed}.`);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
})();
|
|
@ -0,0 +1,16 @@
|
||||||
|
{
|
||||||
|
let y = async (url, originUrl = '') => await XSS.maybe({originUrl, url, method: "GET"});
|
||||||
|
let n = async (...args) => !await y(...args);
|
||||||
|
Promise.all([
|
||||||
|
() => y("https://noscript.net/<script"),
|
||||||
|
() => n("https://noscript.net/<script", "https://noscript.net/"),
|
||||||
|
() => y("https://vulnerabledoma.in/char_test?body=%80%3Cscript%3Ealert(1)%3C/script%3E"),
|
||||||
|
() => y("https://vulnerabledoma.in/char_test?body=%3Cp%20id=x%3Ejavascrip%3Cx%3Et:alert(%3Cx%3E1)%3C/p%3E%3Cmath%3E%3Ca%20href=%22%23*/=x.innerText,a%22%20xml:base=javascript:location/*%3EClick%20HERE"),
|
||||||
|
() => y("https://vulnerabledoma.in/char_test?body=%3Cp%20id=x%3E%26lt%3Bsv%3Cx%3Eg%20o%3Cx%3Enload=alert(%3Cx%3E1)%3E%3C/p%3E%3Cmath%3E%3Ca%20href=%23%250ax.innerText%20xml:base=javascript:%3C!--%3EClick%20HERE"),
|
||||||
|
() => y("https://vulnerabledoma.in/char_test?body=%3Cp%20id=x%3E%26lt%3Bsv%3Cx%3Eg%20o%3Cx%3Enload=alert(%3Cx%3E1)%3E%3C/p%3E%3Cmath%3E%3Ca%20href=%23*/x.innerText%20xml:base=%01javascript:/*%3EClick%20HERE"),
|
||||||
|
() => y("https://vulnerabledoma.in/char_test?body=%3Ca%20href=javascript%26colo%u0000n%3balert%281%u0029%3ECLICK"),
|
||||||
|
() => y("https://vulnerabledoma.in/xss_link?url=javascript%26colo%00n%3Balert%u00281%29"),
|
||||||
|
() => y("https://vulnerabledoma.in/xss_link?url=javascript:\\u{%0A6e}ame"),
|
||||||
|
].map(t => Test.run(t))
|
||||||
|
).then(() => Test.report());
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
(async () => {
|
||||||
|
await include("/test/Test.js");
|
||||||
|
Test.include([
|
||||||
|
"Policy",
|
||||||
|
"XSS",
|
||||||
|
"embargoed/XSS",
|
||||||
|
]);
|
||||||
|
})();
|
|
@ -0,0 +1,101 @@
|
||||||
|
var Prompts = (() => {
|
||||||
|
|
||||||
|
|
||||||
|
var promptData;
|
||||||
|
var backlog = [];
|
||||||
|
class WindowManager {
|
||||||
|
async open(data) {
|
||||||
|
promptData = data;
|
||||||
|
this.close();
|
||||||
|
this.currentWindow = await browser.windows.create({
|
||||||
|
url: browser.extension.getURL("ui/prompt.html"),
|
||||||
|
type: "panel",
|
||||||
|
allowScriptsToClose: true,
|
||||||
|
// titlePreface: "NoScript ",
|
||||||
|
width: data.features.width,
|
||||||
|
height: data.features.height,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
async close() {
|
||||||
|
if (this.currentWindow) {
|
||||||
|
try {
|
||||||
|
await browser.windows.remove(this.currentWindow.id);
|
||||||
|
} catch (e) {
|
||||||
|
debug(e);
|
||||||
|
}
|
||||||
|
this.currentWindow = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
async focus() {
|
||||||
|
if (this.currentWindow) {
|
||||||
|
try {
|
||||||
|
await browser.windows.update(this.currentWindow.id,
|
||||||
|
{
|
||||||
|
focused: true,
|
||||||
|
}
|
||||||
|
);
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Focusing popup window");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
var winMan = new WindowManager();
|
||||||
|
var Prompts = {
|
||||||
|
DEFAULTS: {
|
||||||
|
title: "",
|
||||||
|
message: "Proceed?",
|
||||||
|
options: [],
|
||||||
|
checks: [],
|
||||||
|
buttons: [_("Ok"), _("Cancel")],
|
||||||
|
multiple: "close", // or "queue", or "focus"
|
||||||
|
width: 400,
|
||||||
|
height: 300,
|
||||||
|
},
|
||||||
|
async prompt(features) {
|
||||||
|
features = Object.assign({}, this.DEFAULTS, features || {});
|
||||||
|
return new Promise((resolve, reject) => {
|
||||||
|
let data = {
|
||||||
|
features,
|
||||||
|
result: {
|
||||||
|
button: -1,
|
||||||
|
checks: [],
|
||||||
|
option: null,
|
||||||
|
},
|
||||||
|
done() {
|
||||||
|
this.done = () => {};
|
||||||
|
winMan.close();
|
||||||
|
resolve(this.result);
|
||||||
|
if (backlog.length) {
|
||||||
|
winMan.open(backlog.shift());
|
||||||
|
} else {
|
||||||
|
promptData = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
if (promptData) {
|
||||||
|
backlog.push(data);
|
||||||
|
switch(promptData.features.multiple) {
|
||||||
|
case "focus":
|
||||||
|
winMan.focus();
|
||||||
|
case "queue":
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
promptData.done();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
winMan.open(data);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
get promptData() {
|
||||||
|
return promptData;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return Prompts;
|
||||||
|
|
||||||
|
})();
|
|
@ -0,0 +1,187 @@
|
||||||
|
|
||||||
|
/* @import url("chrome://browser/content/extension.css"); */
|
||||||
|
body {
|
||||||
|
background: #eee url("/img/noscript-options.png") no-repeat fixed top right;
|
||||||
|
background-size: 8em;
|
||||||
|
padding: 0 2em 0 0;
|
||||||
|
margin: 0.5em 0.5em 0.5em 0.5em;
|
||||||
|
}
|
||||||
|
.mobile body {
|
||||||
|
background-size: 4em;
|
||||||
|
padding-right: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#header {
|
||||||
|
display: flex;
|
||||||
|
flex-flow: column;
|
||||||
|
padding: 0;
|
||||||
|
margin: 0 6em 0 0;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
#header h1 {
|
||||||
|
color: #048;
|
||||||
|
text-shadow: 0.06em 0.06em 0.06em rgba(0,0,0,.5);
|
||||||
|
font-size: 2em;
|
||||||
|
padding: 0;
|
||||||
|
margin: 0;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
#version {
|
||||||
|
color: #048;
|
||||||
|
font-size: 0.75em;
|
||||||
|
padding: 0;
|
||||||
|
margin: 0 0 0.5em;
|
||||||
|
display: block;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
.buttons {
|
||||||
|
display: flex;
|
||||||
|
flex-flow: row wrap;
|
||||||
|
justify-content: flex-end;
|
||||||
|
width: 100%;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
#sect-general {
|
||||||
|
display: flex;
|
||||||
|
flex-direction: column;
|
||||||
|
justify-content: space-around;
|
||||||
|
font-size: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
#sect-general label, #sect-general button, #sect-general span {
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
.opt-group {
|
||||||
|
display: flex;
|
||||||
|
flex-flow: row wrap;
|
||||||
|
justify-content: flex-start;
|
||||||
|
border-bottom: 1px solid rgba(255, 255, 255, .5);
|
||||||
|
padding: .5em 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.opt-group:last-child {
|
||||||
|
border-bottom: none;
|
||||||
|
margin-bottom: .5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
section form, section fieldset {
|
||||||
|
margin: .5em 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
fieldset:disabled {
|
||||||
|
opacity: .5;
|
||||||
|
}
|
||||||
|
|
||||||
|
.opt-group > span {
|
||||||
|
margin: 0 .5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.sect-sites form {
|
||||||
|
display: flex;
|
||||||
|
align-items: baseline;
|
||||||
|
flex-wrap: wrap;
|
||||||
|
justify-content: space-between;
|
||||||
|
}
|
||||||
|
|
||||||
|
.sect-sites form > label {
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
#newsite {
|
||||||
|
flex: 2 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
#policy {
|
||||||
|
display: block;
|
||||||
|
margin-top: .5em;
|
||||||
|
min-height: 20em;
|
||||||
|
width: 90%;
|
||||||
|
}
|
||||||
|
.hide, div.debug {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
body.debug div.debug {
|
||||||
|
display: initial;
|
||||||
|
}
|
||||||
|
|
||||||
|
.error {
|
||||||
|
background: #ff8;
|
||||||
|
color: red;
|
||||||
|
}
|
||||||
|
|
||||||
|
#policy-error {
|
||||||
|
background: red;
|
||||||
|
color: #ff8;
|
||||||
|
padding: 0;
|
||||||
|
margin: 0;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
input, button {
|
||||||
|
font-size: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
button.add {
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
input[type="file"] {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.opt-group {
|
||||||
|
padding: 0.5em 0;
|
||||||
|
}
|
||||||
|
#xssFaq {
|
||||||
|
padding: 0.5em 1em;
|
||||||
|
}
|
||||||
|
#clearclick-options {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
.flextabs__tab {
|
||||||
|
/* shift all tabs to appear before content */
|
||||||
|
order: -1;
|
||||||
|
/* let tabs scale to fit multiple on each row */
|
||||||
|
width: auto;
|
||||||
|
margin: 0;
|
||||||
|
}
|
||||||
|
.flextabs__content--active {
|
||||||
|
/* ignore states activated for multi (accordion) toggle view */
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
.flextabs__content--active--last {
|
||||||
|
/* show the last activated item */
|
||||||
|
display: block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.flextabs__content, .flextabs__toggle[aria-expanded="true"] {
|
||||||
|
background-color: rgba(200, 200, 200, .5) !important;
|
||||||
|
border: 0 solid #888;
|
||||||
|
}
|
||||||
|
|
||||||
|
.flextabs__toggle {
|
||||||
|
-moz-appearance: none;
|
||||||
|
border-width: 0 1px 0 0 !important;
|
||||||
|
margin: 0 4px 0 0;
|
||||||
|
background: #ccc;
|
||||||
|
outline-width: 1px 0 0 0 !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
.flextabs__content {
|
||||||
|
border-width: 0 1px 1px 0;
|
||||||
|
border-radius: 0 .5em 0 0;
|
||||||
|
padding: .5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.flextabs__toggle {
|
||||||
|
border-radius: .2em .2em 0 0;
|
||||||
|
padding: .2em .4em;
|
||||||
|
}
|
|
@ -0,0 +1,125 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||||
|
<title>NoScript Settings</title>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<link rel="icon" href="/img/noscript-options.png">
|
||||||
|
<link rel="stylesheet" href="/lib/flextabs.css" />
|
||||||
|
<link rel="stylesheet" href="options.css" />
|
||||||
|
<link rel="stylesheet" href="whirlpool.css" />
|
||||||
|
<script src="/lib/include.js"></script>
|
||||||
|
<script src="/lib/log.js"></script>
|
||||||
|
<script src="/lib/flextabs.js"></script>
|
||||||
|
<script src="/common/locale.js"></script>
|
||||||
|
<script src="/ui/ui.js"></script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="header">
|
||||||
|
<h1 >
|
||||||
|
NoScript Options
|
||||||
|
</h1>
|
||||||
|
<div>
|
||||||
|
<span id="version"></span>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="buttons">
|
||||||
|
<span><input id="file-import" type="file"/></span>
|
||||||
|
<button id="btn-import" accesskey="__MSG_Import_accesskey__">__MSG_Import__</button>
|
||||||
|
<button id="btn-export" accesskey="__MSG_Export_accesskey__">__MSG_Export__</button>
|
||||||
|
<button id="btn-reset" accesskey="__MSG_Reset_accesskey__">__MSG_Reset__</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<section id="sect-io">
|
||||||
|
|
||||||
|
</section>
|
||||||
|
|
||||||
|
<div id="main-tabs" class="flextabs">
|
||||||
|
|
||||||
|
<h3 class="flextabs__tab"><button class="flextabs__toggle">__MSG_SectionGeneral__</button></h3>
|
||||||
|
<div class="flextabs__content flextabs__content--active--last">
|
||||||
|
<section id="sect-general">
|
||||||
|
<div class="opt-group">
|
||||||
|
<span id="global-opt">
|
||||||
|
<input type="checkbox" id="opt-global"><label for="opt-global" id="lbl-global">__MSG_NoEnforcement__</label>
|
||||||
|
</span>
|
||||||
|
<span id="auto-opt">
|
||||||
|
<input type="checkbox" class="enforcement_required" id="opt-auto"><label for="opt-auto" id="lbl-auto">__MSG_AutoAllowTopLevel__</label>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<fieldset class="enforcement_required">
|
||||||
|
<legend accesskey="__MSG_CustomizePresets_accesskey__">__MSG_CustomizePresets__</legend>
|
||||||
|
<div id="presets"></div>
|
||||||
|
</fieldset>
|
||||||
|
</section>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h3 class="flextabs__tab"><button class="flextabs__toggle enforcement_required">__MSG_SectionSitePermissions__</button></h3>
|
||||||
|
<div class="flextabs__content">
|
||||||
|
<section class="sect-sites">
|
||||||
|
<form id="form-newsite" class="browser-style" >
|
||||||
|
<label id="newsite-label" for="newsite" accesskey="__MSG_WebAddress_accesskey__">__MSG_WebAddress__</label><input name="newsite" id="newsite" type="text" placeholder="[https://]noscript.net"
|
||||||
|
><button class="add">+</button>
|
||||||
|
</form>
|
||||||
|
<div id="sites">
|
||||||
|
<div class="cssload-container">
|
||||||
|
<div class="cssload-whirlpool"></div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h3 class="flextabs__tab appearance_tab"><button class="flextabs__toggle">__MSG_SectionAppearance__</button></h3>
|
||||||
|
<div class="flextabs__content appearance_tab">
|
||||||
|
<div class="opt-group desktop">
|
||||||
|
<span id="showCtxMenuItem-opt">
|
||||||
|
<input type="checkbox" id="opt-showCtxMenuItem">
|
||||||
|
<label for="opt-showCtxMenuItem" id="lbl-showCtxMenuItem">__MSG_ShowCtxMenuItem__</label>
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
<div class="opt-group desktop">
|
||||||
|
<span id="showCountBadge-opt">
|
||||||
|
<input type="checkbox" id="opt-showCountBadge">
|
||||||
|
<label for="opt-showCountBadge" id="lbl-showCountBadge">__MSG_ShowCountBadge__</label>
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
<div class="opt-group">
|
||||||
|
<span id="showFullAddresses-opt">
|
||||||
|
<input type="checkbox" id="opt-showFullAddresses">
|
||||||
|
<label for="opt-showFullAddresses" id="lbl-showFullAddresses">__MSG_ShowFullAddresses__</label>
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<h3 class="flextabs__tab"><button class="flextabs__toggle">__MSG_SectionAdvanced__</button></h3>
|
||||||
|
<div class="flextabs__content">
|
||||||
|
<div class="opt-group">
|
||||||
|
<span id="xss-opts">
|
||||||
|
<input type="checkbox" id="opt-xss"><label for="opt-xss" id="lbl-xss">__MSG_OptFilterXGet__</label>
|
||||||
|
<span id="xssFaq">(<a href="https://noscript.net/faq#xss" title="https://noscript.net/faq#xss">__MSG_XssFaq__</a>)</span>
|
||||||
|
</span>
|
||||||
|
<button id="btn-delete-xss-choices" disabled>__MSG_XSS_clearUserChoices__</button>
|
||||||
|
</div>
|
||||||
|
<div id="clearclick-options" class="opt-group">
|
||||||
|
<input type="checkbox" id="opt-clearclick"><label for="opt-clearclick" id="lbl-clearclick">ClearClick</label>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<section id="debug" class="browser-style">
|
||||||
|
<div class="opt-group">
|
||||||
|
<span><input type="checkbox" id="opt-debug"><label id="label-debug" for="opt-debug">Debug</label></span>
|
||||||
|
</div>
|
||||||
|
<div id="debug-tools" class="debug browser-style">
|
||||||
|
<label for="policy">Policy:</label>
|
||||||
|
<div id="policy-error"></div>
|
||||||
|
<textarea id="policy" class="browser-style">
|
||||||
|
</textarea>
|
||||||
|
</div>
|
||||||
|
</section>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<script src="/lib/persistent-tabs.js"></script>
|
||||||
|
<script src="options.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,220 @@
|
||||||
|
'use strict';
|
||||||
|
(async () => {
|
||||||
|
|
||||||
|
await UI.init();
|
||||||
|
|
||||||
|
let policy = UI.policy;
|
||||||
|
|
||||||
|
let version = browser.runtime.getManifest().version;
|
||||||
|
document.querySelector("#version").textContent = _("Version", version);
|
||||||
|
// simple general options
|
||||||
|
opt("global", o => {
|
||||||
|
if (o) {
|
||||||
|
policy.enforced = !o.checked;
|
||||||
|
UI.updateSettings({policy});
|
||||||
|
}
|
||||||
|
let {enforced} = policy;
|
||||||
|
let disabled = !enforced;
|
||||||
|
for (let e of document.querySelectorAll(".enforcement_required")) {
|
||||||
|
e.disabled = disabled;
|
||||||
|
}
|
||||||
|
return disabled;
|
||||||
|
});
|
||||||
|
|
||||||
|
opt("auto", o => {
|
||||||
|
if (o) {
|
||||||
|
policy.autoAllowTop = o.checked;
|
||||||
|
UI.updateSettings({policy});
|
||||||
|
}
|
||||||
|
return policy.autoAllowTop;
|
||||||
|
});
|
||||||
|
|
||||||
|
opt("xss");
|
||||||
|
|
||||||
|
{
|
||||||
|
let button = document.querySelector("#btn-reset");
|
||||||
|
button.onclick = async () => {
|
||||||
|
if (confirm(_("reset_warning"))) {
|
||||||
|
policy = new Policy();
|
||||||
|
await UI.updateSettings({policy, local: null, sync: null, xssUserChoices: {}});
|
||||||
|
window.location.reload();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let fileInput = document.querySelector("#file-import");
|
||||||
|
fileInput.onchange = () => {
|
||||||
|
let fr = new FileReader();
|
||||||
|
fr.onload = async () => {
|
||||||
|
try {
|
||||||
|
await UI.importSettings(fr.result);
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Importing settings %s", fr.result);
|
||||||
|
}
|
||||||
|
location.reload();
|
||||||
|
}
|
||||||
|
fr.readAsText(fileInput.files[0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
button = document.querySelector("#btn-import");
|
||||||
|
button.onclick = () => fileInput.click();
|
||||||
|
|
||||||
|
document.querySelector("#btn-export").addEventListener("click", async e => {
|
||||||
|
let button = e.target;
|
||||||
|
button.disabled = true;
|
||||||
|
let settings = await UI.exportSettings();
|
||||||
|
let f = document.createElement("iframe");
|
||||||
|
f.srcdoc = `<a download="noscript_data.txt" target="_blank">NoScript Export</a>`;
|
||||||
|
f.style.position = "fixed";
|
||||||
|
f.style.top = "-999px";
|
||||||
|
f.style.height = "1px";
|
||||||
|
f.onload = () => {
|
||||||
|
let w = f.contentWindow;
|
||||||
|
let a = w.document.querySelector("a");
|
||||||
|
a.href = w.URL.createObjectURL(new w.Blob([settings], {
|
||||||
|
type: "text/plain"
|
||||||
|
}));
|
||||||
|
a.click();
|
||||||
|
setTimeout(() => {
|
||||||
|
f.remove();
|
||||||
|
button.disabled = false;
|
||||||
|
}, 1000);
|
||||||
|
|
||||||
|
};
|
||||||
|
document.body.appendChild(f);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
let a = document.querySelector("#xssFaq a");
|
||||||
|
a.onclick = e => {
|
||||||
|
e.preventDefault();
|
||||||
|
browser.tabs.create({
|
||||||
|
url: a.href
|
||||||
|
});
|
||||||
|
}
|
||||||
|
let button = document.querySelector("#btn-delete-xss-choices");
|
||||||
|
let choices = UI.xssUserChoices;
|
||||||
|
button.disabled = Object.keys(choices).length === 0;
|
||||||
|
button.onclick = () => {
|
||||||
|
UI.updateSettings({
|
||||||
|
xssUserChoices: {}
|
||||||
|
});
|
||||||
|
button.disabled = true
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
opt("clearclick");
|
||||||
|
opt("debug", "local", b => {
|
||||||
|
document.body.classList.toggle("debug", b);
|
||||||
|
if (b) updateRawPolicyEditor();
|
||||||
|
});
|
||||||
|
|
||||||
|
// Appearance
|
||||||
|
|
||||||
|
opt("showCountBadge", "local");
|
||||||
|
opt("showCtxMenuItem", "local");
|
||||||
|
opt("showFullAddresses", "local");
|
||||||
|
|
||||||
|
// PRESET CUSTOMIZER
|
||||||
|
{
|
||||||
|
let parent = document.getElementById("presets");
|
||||||
|
let presetsUI = new UI.Sites(parent,
|
||||||
|
{"DEFAULT": true, "TRUSTED": true, "UNTRUSTED": true});
|
||||||
|
|
||||||
|
presetsUI.render([""]);
|
||||||
|
window.setTimeout(() => {
|
||||||
|
let def = parent.querySelector('input.preset[value="DEFAULT"]');
|
||||||
|
def.checked = true;
|
||||||
|
def.click();
|
||||||
|
}, 10);
|
||||||
|
}
|
||||||
|
|
||||||
|
// SITES UI
|
||||||
|
let sitesUI = new UI.Sites(document.getElementById("sites"));
|
||||||
|
{
|
||||||
|
sitesUI.onChange = () => {
|
||||||
|
if (UI.local.debug) {
|
||||||
|
updateRawPolicyEditor();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
let sites = policy.sites;
|
||||||
|
sitesUI.render(sites);
|
||||||
|
|
||||||
|
let newSiteForm = document.querySelector("#form-newsite");
|
||||||
|
let newSiteInput = newSiteForm.newsite;
|
||||||
|
let button = newSiteForm.querySelector("button");
|
||||||
|
let canAdd = s => policy.get(s).siteMatch === null;
|
||||||
|
|
||||||
|
let validate = () => {
|
||||||
|
let site = newSiteInput.value.trim();
|
||||||
|
button.disabled = !(Sites.isValid(site) && canAdd(site));
|
||||||
|
sitesUI.filterSites(site);
|
||||||
|
}
|
||||||
|
validate();
|
||||||
|
newSiteInput.addEventListener("input", validate);
|
||||||
|
|
||||||
|
newSiteForm.addEventListener("submit", e => {
|
||||||
|
e.preventDefault();
|
||||||
|
e.stopPropagation();
|
||||||
|
let site = newSiteInput.value.trim();
|
||||||
|
let valid = Sites.isValid(site);
|
||||||
|
if (valid && canAdd(site)) {
|
||||||
|
policy.set(site, policy.TRUSTED);
|
||||||
|
UI.updateSettings({policy});
|
||||||
|
newSiteInput.value = "";
|
||||||
|
sitesUI.render(policy.sites);
|
||||||
|
sitesUI.highlight(site);
|
||||||
|
sitesUI.onChange();
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// UTILITY FUNCTIONS
|
||||||
|
|
||||||
|
async function opt(name, storage = "sync", onchange) {
|
||||||
|
let input = document.querySelector(`#opt-${name}`);
|
||||||
|
if (!input) {
|
||||||
|
debug("Checkbox not found %s", name);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
if (typeof storage === "function") {
|
||||||
|
input.onchange = e => storage(input);
|
||||||
|
input.checked = storage(null);
|
||||||
|
} else {
|
||||||
|
let obj = UI[storage];
|
||||||
|
if (!obj) log(storage);
|
||||||
|
input.checked = obj[name];
|
||||||
|
if (onchange) onchange(input.checked);
|
||||||
|
input.onchange = async () => {
|
||||||
|
obj[name] = input.checked;
|
||||||
|
await UI.updateSettings({[storage]: obj});
|
||||||
|
if (onchange) onchange(obj[name]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function updateRawPolicyEditor() {
|
||||||
|
if (!UI.local.debug) return;
|
||||||
|
|
||||||
|
// RAW POLICY EDITING (debug only)
|
||||||
|
let policyEditor = document.getElementById("policy");
|
||||||
|
policyEditor.value = JSON.stringify(policy.dry(true), null, 2);
|
||||||
|
if (!policyEditor.onchange) policyEditor.onchange = (e) => {
|
||||||
|
let ed = e.currentTarget
|
||||||
|
try {
|
||||||
|
policy = new Policy(JSON.parse(ed.value));
|
||||||
|
UI.updateSettings({policy});
|
||||||
|
sitesUI.render(policy.sites);
|
||||||
|
ed.className = "";
|
||||||
|
document.getElementById("policy-error").textContent = "";
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
ed.className = "error";
|
||||||
|
document.getElementById("policy-error").textContent = e.message;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
})();
|
|
@ -0,0 +1,235 @@
|
||||||
|
body {
|
||||||
|
background: white;
|
||||||
|
}
|
||||||
|
|
||||||
|
#top {
|
||||||
|
font-size: 1em;
|
||||||
|
position: relative;
|
||||||
|
margin: 0;
|
||||||
|
height: 2.4em;
|
||||||
|
min-width: 18.75em;
|
||||||
|
border-bottom: 0.06em solid #eee;
|
||||||
|
display: flex;
|
||||||
|
-moz-user-select: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#top a {
|
||||||
|
appearance: none !important;
|
||||||
|
-moz-appearance: none !important;
|
||||||
|
width: 2em;
|
||||||
|
height: 2em;
|
||||||
|
margin: 0.25em;
|
||||||
|
cursor: pointer;
|
||||||
|
font-size: 1em;
|
||||||
|
font-family: sans-serif;
|
||||||
|
font-weight: bold;
|
||||||
|
color: black;
|
||||||
|
background: transparent no-repeat center;
|
||||||
|
background-size: 100%;
|
||||||
|
transform: unset;
|
||||||
|
transition: all 0.3s;
|
||||||
|
border: none;
|
||||||
|
display: block;
|
||||||
|
|
||||||
|
top: 0;
|
||||||
|
padding: 0;
|
||||||
|
text-align: left;
|
||||||
|
vertical-align: middle;
|
||||||
|
line-height: 1em;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
#top > .spacer {
|
||||||
|
flex-grow: 1;
|
||||||
|
display: block;
|
||||||
|
cursor: pointer;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#top > .hider.open ~ .spacer {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hider {
|
||||||
|
background: #ccc;
|
||||||
|
box-shadow: inset 0 1px 3px #444;
|
||||||
|
border-radius: 1em 1em 0 0;
|
||||||
|
display: none;
|
||||||
|
position: relative;
|
||||||
|
margin: .25em 1.5em;
|
||||||
|
padding: 0;
|
||||||
|
|
||||||
|
height: 2em;
|
||||||
|
overflow: hidden;
|
||||||
|
opacity: .5;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
.hider.open {
|
||||||
|
display: flex;
|
||||||
|
flex-grow: 1;
|
||||||
|
opacity: 1;
|
||||||
|
padding-left: 2em;
|
||||||
|
}
|
||||||
|
.hider:hover {
|
||||||
|
opacity: 1;
|
||||||
|
}
|
||||||
|
.hider:not(.open):not(.empty) {
|
||||||
|
display: block;
|
||||||
|
text-align: right;
|
||||||
|
line-height: 1em;
|
||||||
|
overflow: hidden;
|
||||||
|
width: 2em;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
.reveal {
|
||||||
|
display: block;
|
||||||
|
padding: .3em;
|
||||||
|
margin: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hider.open > .reveal {
|
||||||
|
display: none !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hider:not(.open) > :not(.reveal) {
|
||||||
|
display: none !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hider-label {
|
||||||
|
position: absolute;
|
||||||
|
z-index: 100;
|
||||||
|
top: .5em;
|
||||||
|
right: .5em;
|
||||||
|
color: #222;
|
||||||
|
text-align: right;
|
||||||
|
vertical-align: middle;
|
||||||
|
line-height: 100%;
|
||||||
|
font-size: 1em;
|
||||||
|
font-weight: bold;
|
||||||
|
pointer-events: none;
|
||||||
|
text-shadow: -2px 0 2px white, 2px 0 2px white;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hider-close {
|
||||||
|
-moz-appearance: none;
|
||||||
|
appearance: none;
|
||||||
|
color: black;
|
||||||
|
background: transparent;
|
||||||
|
padding: 0;
|
||||||
|
border-radius: .2em;
|
||||||
|
border: none;
|
||||||
|
position: absolute;
|
||||||
|
left: .2em;
|
||||||
|
top: 0;
|
||||||
|
font-size: 1em;
|
||||||
|
z-index: 100;
|
||||||
|
vertical-align: middle;
|
||||||
|
padding: .2em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hider-close:hover, .reveal:hover {
|
||||||
|
color: white !important;
|
||||||
|
text-shadow: -2px 0 2px red, 2px 0 2px red;
|
||||||
|
}
|
||||||
|
|
||||||
|
.hider > .icon {
|
||||||
|
opacity: .7;
|
||||||
|
margin: 0 .25em;
|
||||||
|
padding: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#top > a:hover {
|
||||||
|
transform: scale(1.2);
|
||||||
|
}
|
||||||
|
|
||||||
|
#top a.icon {
|
||||||
|
text-indent: -500em;
|
||||||
|
color: transparent;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#top #revoke-temp {
|
||||||
|
background-image: url(/img/ui-revoke-temp64.png);
|
||||||
|
}
|
||||||
|
#top #temp-trust-page {
|
||||||
|
background-image: url(/img/ui-temp-all64.png);
|
||||||
|
}
|
||||||
|
|
||||||
|
#top #enforce-tab {
|
||||||
|
background-image: url(/img/ui-tab-no64.png);
|
||||||
|
}
|
||||||
|
#top #enforce-tab[aria-pressed="true"] {
|
||||||
|
background-image: url(/img/ui-tab64.png);
|
||||||
|
}
|
||||||
|
|
||||||
|
#top #enforce {
|
||||||
|
background-image: url(/img/ui-global-no64.png);
|
||||||
|
}
|
||||||
|
#top #enforce[aria-pressed="true"] {
|
||||||
|
background-image: url(/img/ui-global64.png);
|
||||||
|
}
|
||||||
|
|
||||||
|
#top #options {
|
||||||
|
background-image: url(/img/noscript-options.png);
|
||||||
|
}
|
||||||
|
#top #close {
|
||||||
|
background-image: url(/img/ui-close64.png);
|
||||||
|
}
|
||||||
|
|
||||||
|
#top #reload {
|
||||||
|
background-image: url(/img/ui-reload64.png);
|
||||||
|
}
|
||||||
|
|
||||||
|
#sites {
|
||||||
|
margin: 0.5em 0.25em;
|
||||||
|
}
|
||||||
|
|
||||||
|
#content {
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
#buttons {
|
||||||
|
text-align: center;
|
||||||
|
margin: 0.5em;
|
||||||
|
display: flex;
|
||||||
|
justify-content: space-around;
|
||||||
|
|
||||||
|
}
|
||||||
|
#buttons button {
|
||||||
|
flex-grow: 1;
|
||||||
|
margin: .5em 2em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.disabled .toggle.icon, .toggle.icon:disabled {
|
||||||
|
opacity: .2;
|
||||||
|
pointer-events: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
#message {
|
||||||
|
height: auto;
|
||||||
|
margin: .5em;
|
||||||
|
padding: .8em 0 0 2.5em;
|
||||||
|
background-size: 2em;
|
||||||
|
background-position: left top;
|
||||||
|
background-repeat: no-repeat;
|
||||||
|
min-height: 3em;
|
||||||
|
transition: height .5s;
|
||||||
|
font-size: 1.2em;
|
||||||
|
vertical-align: middle;
|
||||||
|
}
|
||||||
|
#message.hidden {
|
||||||
|
display: none;
|
||||||
|
height: 0;
|
||||||
|
min-height: 0;
|
||||||
|
overflow: hidden;
|
||||||
|
}
|
||||||
|
.warning {
|
||||||
|
background-image: url("/img/warning64.png");
|
||||||
|
}
|
||||||
|
.error {
|
||||||
|
background-image: url("/img/error64.png");
|
||||||
|
}
|
|
@ -0,0 +1,41 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<title>NoScript Settings</title>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<link rel="stylesheet" type="text/css" href="popup.css" />
|
||||||
|
<script src="/lib/include.js"></script>
|
||||||
|
<script src="/lib/log.js"></script>
|
||||||
|
<script src="/common/locale.js"></script>
|
||||||
|
<script src="/ui/ui.js"></script>
|
||||||
|
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="main">
|
||||||
|
<div id="top">
|
||||||
|
<a aria-role="button" id="close" class="close icon">__MSG_Close__</a>
|
||||||
|
<a aria-role="button" id="reload" class="reload icon">__MSG_Reload__</a>
|
||||||
|
<a aria-role="button" id="options" class="options icon">__MSG_Options__</a>
|
||||||
|
<div class="hider">
|
||||||
|
<a aria-role="button" class="reveal" title="__MSG_Reveal__">🡆</a>
|
||||||
|
<div class="hider-label">__MSG_Hider__</div>
|
||||||
|
<button class="hider-close">🗙</button>
|
||||||
|
</div>
|
||||||
|
<div class="spacer"></div>
|
||||||
|
<a aria-role="button" id="enforce" class="toggle icon"></a>
|
||||||
|
<a aria-role="button" id="enforce-tab" class="toggle icon"></a>
|
||||||
|
<a aria-role="button" id="temp-trust-page" class="toggle icon">__MSG_TempTrustPage__</a>
|
||||||
|
<a aria-role="button" id="revoke-temp" class="toggle icon">__MSG_RevokeTemp__</a>
|
||||||
|
</div>
|
||||||
|
<div id="message" class="hidden"></div>
|
||||||
|
<div id="content"></div>
|
||||||
|
<div id="sites"></div>
|
||||||
|
<div id="buttons">
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<script src="popup.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,249 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
var sitesUI;
|
||||||
|
|
||||||
|
addEventListener("unload", e => {
|
||||||
|
if (!UI.initialized) {
|
||||||
|
browser.runtime.sendMessage({
|
||||||
|
type: "openStandalonePopup"
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
(async () => {
|
||||||
|
|
||||||
|
function showMessage(className, message) {
|
||||||
|
let el = document.getElementById("message");
|
||||||
|
el.textContent = message;
|
||||||
|
el.className = className;
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
let tabId;
|
||||||
|
let pendingReload = false;
|
||||||
|
let isBrowserAction = true;
|
||||||
|
let optionsClosed = false;
|
||||||
|
let tab = (await browser.tabs.query({
|
||||||
|
windowId: browser.windows ?
|
||||||
|
(await browser.windows.getLastFocused({windowTypes: ["normal"]})).id
|
||||||
|
: null,
|
||||||
|
active: true
|
||||||
|
}))[0];
|
||||||
|
|
||||||
|
if (!tab || tab.id === -1) {
|
||||||
|
log("No tab found to open the UI for");
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
if (tab.url === document.URL) {
|
||||||
|
isBrowserAction = false;
|
||||||
|
try {
|
||||||
|
tabId = parseInt(document.URL.match(/#.*\btab(\d+)/)[1]);
|
||||||
|
} catch (e) {
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
addEventListener("blur", close);
|
||||||
|
} else {
|
||||||
|
tabId = tab.id;
|
||||||
|
}
|
||||||
|
|
||||||
|
await UI.init(tabId);
|
||||||
|
|
||||||
|
if (isBrowserAction) {
|
||||||
|
browser.tabs.onActivated.addListener(e => {
|
||||||
|
if (e.tabId !== tabId) close();
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
await include("/ui/toolbar.js");
|
||||||
|
{
|
||||||
|
let clickHandlers = {
|
||||||
|
"options": e => {
|
||||||
|
browser.runtime.openOptionsPage();
|
||||||
|
close();
|
||||||
|
},
|
||||||
|
"close": close,
|
||||||
|
"reload": reload,
|
||||||
|
"temp-trust-page": e => sitesUI.tempTrustAll(),
|
||||||
|
"revoke-temp": e => {
|
||||||
|
UI.revokeTemp();
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
for (let [id, handler] of Object.entries(clickHandlers)) {
|
||||||
|
document.getElementById(id).onclick = handler;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{
|
||||||
|
let policy = UI.policy;
|
||||||
|
let pressed = policy.enforced;
|
||||||
|
let button = document.getElementById("enforce");
|
||||||
|
button.setAttribute("aria-pressed", pressed);
|
||||||
|
button.textContent = button.title = _(pressed ? "NoEnforcement" : "Enforce");
|
||||||
|
button.onclick = () => {
|
||||||
|
policy.enforced = !pressed;
|
||||||
|
UI.updateSettings({policy, reloadAffected: true});
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
{
|
||||||
|
let pressed = !UI.unrestrictedTab;
|
||||||
|
let button = document.getElementById("enforce-tab");
|
||||||
|
button.setAttribute("aria-pressed", pressed);
|
||||||
|
button.textContent = button.title = _(pressed ? "NoEnforcementForTab" : "EnforceForTab");
|
||||||
|
if (UI.policy.enforced) {
|
||||||
|
button.onclick = () => {
|
||||||
|
UI.updateSettings({
|
||||||
|
unrestrictedTab: pressed,
|
||||||
|
reloadAffected: true,
|
||||||
|
});
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
button.disabled = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
let mainFrame = UI.seen && UI.seen.find(thing => thing.request.type === "main_frame");
|
||||||
|
debug("Seen: %o", UI.seen);
|
||||||
|
if (!mainFrame) {
|
||||||
|
|
||||||
|
if (/^https?:/.test(tab.url) && !tab.url.startsWith("https://addons.mozilla.org/")) {
|
||||||
|
document.body.classList.add("disabled");
|
||||||
|
showMessage("warning", _("freshInstallReload"));
|
||||||
|
let buttons = document.querySelector("#buttons");
|
||||||
|
let b = document.createElement("button");
|
||||||
|
b.textContent = _("OK");
|
||||||
|
b.onclick = document.getElementById("reload").onclick = () => {
|
||||||
|
reload();
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
buttons.appendChild(b);
|
||||||
|
b = document.createElement("button");
|
||||||
|
b.textContent = _("Cancel");
|
||||||
|
b.onclick = () => close();
|
||||||
|
buttons.appendChild(b);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
showMessage("warning", _("privilegedPage"));
|
||||||
|
document.getElementById("temp-trust-page").disabled = true;
|
||||||
|
if (!UI.seen) return;
|
||||||
|
}
|
||||||
|
|
||||||
|
let justDomains = !UI.local.showFullAddresses;
|
||||||
|
|
||||||
|
sitesUI = new UI.Sites(document.getElementById("sites"));
|
||||||
|
|
||||||
|
sitesUI.onChange = (row) => {
|
||||||
|
pendingReload = !row.temp2perm;
|
||||||
|
if (optionsClosed) return;
|
||||||
|
browser.tabs.query({url: browser.runtime.getManifest().options_ui.page })
|
||||||
|
.then(tabs => {
|
||||||
|
browser.tabs.remove(tabs.map(t => t.id));
|
||||||
|
});
|
||||||
|
optionsClosed = true;
|
||||||
|
};
|
||||||
|
initSitesUI();
|
||||||
|
UI.onSettings = initSitesUI;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
function initSitesUI() {
|
||||||
|
pendingReload = false;
|
||||||
|
let {
|
||||||
|
typesMap
|
||||||
|
} = sitesUI;
|
||||||
|
typesMap.clear();
|
||||||
|
let policySites = UI.policy.sites;
|
||||||
|
let domains = new Map();
|
||||||
|
|
||||||
|
function urlToLabel(url) {
|
||||||
|
let {
|
||||||
|
origin
|
||||||
|
} = url;
|
||||||
|
let match = policySites.match(url);
|
||||||
|
if (match) return match;
|
||||||
|
if (domains.has(origin)) {
|
||||||
|
if (justDomains) return domains.get(origin);
|
||||||
|
} else {
|
||||||
|
let domain = tld.getDomain(url.hostname);
|
||||||
|
domain = url.protocol === "https:" ? Sites.secureDomainKey(domain) : domain;
|
||||||
|
domains.set(origin, domain);
|
||||||
|
if (justDomains) return domain;
|
||||||
|
}
|
||||||
|
return origin;
|
||||||
|
}
|
||||||
|
let seen = UI.seen;
|
||||||
|
let parsedSeen = seen.map(thing => Object.assign({
|
||||||
|
type: thing.policyType
|
||||||
|
}, Sites.parse(thing.request.url)))
|
||||||
|
.filter(parsed => parsed.url && parsed.url.origin !== "null");
|
||||||
|
|
||||||
|
let sitesSet = new Set(
|
||||||
|
parsedSeen.map(parsed => parsed.label = urlToLabel(parsed.url))
|
||||||
|
);
|
||||||
|
if (!justDomains) {
|
||||||
|
for (let domain of domains.values()) sitesSet.add(domain);
|
||||||
|
}
|
||||||
|
let sites = [...sitesSet];
|
||||||
|
for (let parsed of parsedSeen) {
|
||||||
|
sites.filter(s => parsed.label === s || domains.get(parsed.url.origin) === s).forEach(m => {
|
||||||
|
let siteTypes = typesMap.get(m);
|
||||||
|
if (!siteTypes) typesMap.set(m, siteTypes = new Set());
|
||||||
|
siteTypes.add(parsed.type);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
sitesUI.mainUrl = new URL(mainFrame.request.url)
|
||||||
|
sitesUI.mainSite = urlToLabel(sitesUI.mainUrl);
|
||||||
|
sitesUI.mainDomain = tld.getDomain(sitesUI.mainUrl.hostname);
|
||||||
|
|
||||||
|
sitesUI.render(sites);
|
||||||
|
}
|
||||||
|
|
||||||
|
function reload() {
|
||||||
|
if (sitesUI) sitesUI.clear();
|
||||||
|
browser.tabs.reload(tabId);
|
||||||
|
pendingReload = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function close() {
|
||||||
|
if (isBrowserAction) {
|
||||||
|
window.close();
|
||||||
|
} else {
|
||||||
|
//browser.windows.remove(tab.windowId);
|
||||||
|
browser.tabs.remove(tab.id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
let {
|
||||||
|
onCompleted
|
||||||
|
} = browser.webNavigation;
|
||||||
|
|
||||||
|
let loadSnapshot = sitesUI.snapshot;
|
||||||
|
let onCompletedListener = navigated => {
|
||||||
|
if (navigated.tabId === tabId) {
|
||||||
|
UI.pullSettings();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
onCompleted.addListener(onCompletedListener, {
|
||||||
|
url: [{
|
||||||
|
hostContains: sitesUI.mainDomain
|
||||||
|
}]
|
||||||
|
});
|
||||||
|
addEventListener("unload", e => {
|
||||||
|
onCompleted.removeListener(onCompletedListener);
|
||||||
|
debug("pendingReload", pendingReload);
|
||||||
|
if (pendingReload) {
|
||||||
|
UI.updateSettings({
|
||||||
|
policy: UI.policy,
|
||||||
|
reloadAffected: true,
|
||||||
|
});
|
||||||
|
}
|
||||||
|
}, true);
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Can't open popup");
|
||||||
|
close();
|
||||||
|
}
|
||||||
|
|
||||||
|
})();
|
|
@ -0,0 +1,91 @@
|
||||||
|
|
||||||
|
body {
|
||||||
|
bottom: 8px;
|
||||||
|
font-family: sans-serif;
|
||||||
|
font-size: 12px;
|
||||||
|
color: #222;
|
||||||
|
}
|
||||||
|
|
||||||
|
#header {
|
||||||
|
text-align: left;
|
||||||
|
margin: 0;
|
||||||
|
line-height: 24px;
|
||||||
|
color: #048;
|
||||||
|
position: relative;
|
||||||
|
font-size: 24px;
|
||||||
|
z-index: 500;
|
||||||
|
padding: 8px;
|
||||||
|
display: block;
|
||||||
|
background: url(/img/icon96.png) no-repeat top right;
|
||||||
|
height: 96px;
|
||||||
|
}
|
||||||
|
|
||||||
|
#title {
|
||||||
|
margin-right: 96px;
|
||||||
|
font-size: 24px;
|
||||||
|
position: absolute;
|
||||||
|
bottom: 0;
|
||||||
|
top: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
#main {
|
||||||
|
background: linear-gradient(to bottom, #e4f5fc 0%,#bfe8f9 41%,#9fd8ef 90%,#2ab0ed 100%) no-repeat;
|
||||||
|
display: flex;
|
||||||
|
flex-direction: column;
|
||||||
|
align-items: center;
|
||||||
|
padding: 120px 16px 16px 16px;
|
||||||
|
top: 0;
|
||||||
|
left: 0;
|
||||||
|
right:0;
|
||||||
|
bottom: 0;
|
||||||
|
position: fixed;
|
||||||
|
justify-content: center;
|
||||||
|
}
|
||||||
|
#message {
|
||||||
|
flex-grow: 1;
|
||||||
|
width: 100%;
|
||||||
|
max-height: 300px;
|
||||||
|
padding: 8px;
|
||||||
|
text-align: center;
|
||||||
|
word-break: break-all;
|
||||||
|
}
|
||||||
|
#message.multiline {
|
||||||
|
overflow: auto;
|
||||||
|
font-size: 12px;
|
||||||
|
text-align: justify;
|
||||||
|
margin-bottom: 16px;
|
||||||
|
background: rgba(255,255,255,.5);
|
||||||
|
}
|
||||||
|
#message.multiline p {
|
||||||
|
margin: 1px;
|
||||||
|
padding: 0;
|
||||||
|
}
|
||||||
|
#options {
|
||||||
|
display: flex;
|
||||||
|
flex-grow: 2;
|
||||||
|
flex-direction: column;
|
||||||
|
text-align: left;
|
||||||
|
align-items:baseline;
|
||||||
|
justify-content: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#checks {
|
||||||
|
display: flex;
|
||||||
|
flex-direction: column;
|
||||||
|
flex-grow: 1;
|
||||||
|
text-align: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
#buttons {
|
||||||
|
width: 100%;
|
||||||
|
display: flex;
|
||||||
|
flex-grow: 0;
|
||||||
|
flex-direction: row;
|
||||||
|
align-items: center;
|
||||||
|
margin: 8px;
|
||||||
|
justify-content: space-around;
|
||||||
|
}
|
||||||
|
#buttons button {
|
||||||
|
min-width: 100px;
|
||||||
|
}
|
|
@ -0,0 +1,32 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<title></title>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<link rel="stylesheet" type="text/css" href="prompt.css" />
|
||||||
|
<script src="/lib/include.js"></script>
|
||||||
|
<script src="/lib/log.js"></script>
|
||||||
|
<script src="/common/locale.js"></script>
|
||||||
|
<script src="/ui/resize_hack.js"></script>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div id="header">
|
||||||
|
<h1 id="title"></h1>
|
||||||
|
</div>
|
||||||
|
<div id="main">
|
||||||
|
<div id="message">
|
||||||
|
</div>
|
||||||
|
<div id="options">
|
||||||
|
<input type="radio">
|
||||||
|
</div>
|
||||||
|
<div id="checks">
|
||||||
|
<input type="checkbox">
|
||||||
|
</div>
|
||||||
|
<div id="buttons">
|
||||||
|
<button id="button0" type="submit">OK</button><button id="button1">Cancel</button>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<script src="prompt.js"></script>
|
||||||
|
</body>
|
||||||
|
</html>
|
|
@ -0,0 +1,91 @@
|
||||||
|
(async () => {
|
||||||
|
window.bg = await browser.runtime.getBackgroundPage();
|
||||||
|
["Prompts"]
|
||||||
|
.forEach(p => window[p] = bg[p]);
|
||||||
|
let data = Prompts.promptData;
|
||||||
|
debug(data);
|
||||||
|
let {title, message, options, checks, buttons} = data.features;
|
||||||
|
|
||||||
|
function labelFor(el, text) {
|
||||||
|
let label = document.createElement("label");
|
||||||
|
label.setAttribute("for", el.id);
|
||||||
|
label.textContent = text;
|
||||||
|
return label;
|
||||||
|
}
|
||||||
|
|
||||||
|
function createInput(container, {label, type, name, checked}, count) {
|
||||||
|
let input = document.createElement("input");
|
||||||
|
input.type = type;
|
||||||
|
input.value = count;
|
||||||
|
input.name = name;
|
||||||
|
input.checked = checked;
|
||||||
|
input.id = `${name}-${count}`;
|
||||||
|
let sub = document.createElement("div");
|
||||||
|
sub.appendChild(input);
|
||||||
|
sub.appendChild(labelFor(input, label));
|
||||||
|
container.appendChild(sub);
|
||||||
|
}
|
||||||
|
|
||||||
|
function createButton(container, label, count) {
|
||||||
|
let button = document.createElement("button");
|
||||||
|
if (count === 0) button.type = "submit";
|
||||||
|
button.id = `${button}-${count}`;
|
||||||
|
button.value = count;
|
||||||
|
button.textContent = label;
|
||||||
|
container.appendChild(button);
|
||||||
|
}
|
||||||
|
|
||||||
|
function renderInputs(container, dataset, type, name) {
|
||||||
|
if (typeof container === "string") {
|
||||||
|
container = document.querySelector(container);
|
||||||
|
}
|
||||||
|
if (typeof dataset === "string") {
|
||||||
|
container.innerHTML = dataset;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
container.innerHTML = "";
|
||||||
|
let count = 0;
|
||||||
|
if (dataset && dataset[Symbol.iterator]) {
|
||||||
|
let create = type === "button" ? createButton : createInput;
|
||||||
|
for (let data of dataset) {
|
||||||
|
data.type = type;
|
||||||
|
data.name = name;
|
||||||
|
create(container, data, count++);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (title) {
|
||||||
|
document.title = title;
|
||||||
|
document.querySelector("#title").textContent = title;
|
||||||
|
}
|
||||||
|
if (message) {
|
||||||
|
let lines = message.split(/\n/);
|
||||||
|
let container = document.querySelector("#message");
|
||||||
|
container.classList.toggle("multiline", lines.length > 1);
|
||||||
|
message.innerHTML = "";
|
||||||
|
for (let l of lines) {
|
||||||
|
let p = document.createElement("p");
|
||||||
|
p.textContent = l;
|
||||||
|
container.appendChild(p);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
renderInputs("#options", options, "radio", "opt");
|
||||||
|
renderInputs("#checks", checks, "checkbox", "flag");
|
||||||
|
renderInputs("#buttons", buttons, "button", "button");
|
||||||
|
addEventListener("unload", e => {
|
||||||
|
data.done();
|
||||||
|
});
|
||||||
|
|
||||||
|
let buttonClicked = e => {
|
||||||
|
let {result} = data;
|
||||||
|
result.button = parseInt(e.currentTarget.value);
|
||||||
|
let option = document.querySelector('#options [type="radio"]:checked');
|
||||||
|
result.option = option && parseInt(option.value);
|
||||||
|
result.checks = [...document.querySelectorAll('#checks [type="checkbox"]:checked')]
|
||||||
|
.map(c => parseInt(c.value));
|
||||||
|
data.done();
|
||||||
|
};
|
||||||
|
for (let b of document.querySelectorAll("#buttons button")) {
|
||||||
|
b.addEventListener("click", buttonClicked);
|
||||||
|
}
|
||||||
|
})();
|
|
@ -0,0 +1,15 @@
|
||||||
|
document.addEventListener("DOMContentLoaded", async e => {
|
||||||
|
// Fix for Fx57 bug where bundled page loaded using
|
||||||
|
// browser.windows.create won't show contents unless resized.
|
||||||
|
// See https://bugzilla.mozilla.org/show_bug.cgi?id=1402110
|
||||||
|
let win = await browser.windows.getCurrent({populate: true});
|
||||||
|
if (win.tabs[0].url === document.URL) {
|
||||||
|
debug("Resize hack");
|
||||||
|
await browser.windows.update(win.id, {
|
||||||
|
width: win.width + 1
|
||||||
|
});
|
||||||
|
await browser.windows.update(win.id, {
|
||||||
|
width: win.width
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
|
@ -0,0 +1,5 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<script src="/lib/log.js"></script>
|
||||||
|
<script src="/lib/include.js"></script>
|
||||||
|
<script src="siteInfo.js"></script>
|
|
@ -0,0 +1,20 @@
|
||||||
|
(async () => {
|
||||||
|
let [domain, tabId] = decodeURIComponent(location.hash.replace("#", "")).split(";");
|
||||||
|
const BASE = "https://noscript.net";
|
||||||
|
await include(['/lib/punycode.js', '/common/Storage.js']);
|
||||||
|
let {siteInfoConsent} = await Storage.get("sync", "siteInfoConsent");
|
||||||
|
if (!siteInfoConsent) {
|
||||||
|
await include('/common/locale.js');
|
||||||
|
siteInfoConsent = confirm(_("siteInfo_confirm", [domain, BASE]));
|
||||||
|
if (siteInfoConsent) {
|
||||||
|
await Storage.set("sync", {siteInfoConsent});
|
||||||
|
} else {
|
||||||
|
let current = await browser.tabs.getCurrent();
|
||||||
|
await browser.tabs.update(parseInt(tabId), {active: true});
|
||||||
|
await browser.tabs.remove(current.id);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let ace = punycode.toASCII(domain);
|
||||||
|
location.href = `${BASE}/about/${domain};${ace}`;
|
||||||
|
})();
|
|
@ -0,0 +1,117 @@
|
||||||
|
{
|
||||||
|
let toolbar = document.getElementById("top");
|
||||||
|
let spacer = toolbar.querySelector(".spacer");
|
||||||
|
let hider = toolbar.querySelector(".hider");
|
||||||
|
|
||||||
|
if (UI.local.toolbarLayout) {
|
||||||
|
debug(uneval(UI.local.toolbarLayout));
|
||||||
|
let {left, right, hidden} = UI.local.toolbarLayout;
|
||||||
|
for (let id of left) {
|
||||||
|
toolbar.insertBefore(document.getElementById(id), hider);
|
||||||
|
}
|
||||||
|
for (let id of right) {
|
||||||
|
toolbar.appendChild(document.getElementById(id));
|
||||||
|
}
|
||||||
|
for (let id of hidden) {
|
||||||
|
hider.appendChild(document.getElementById(id));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for (let i of toolbar.querySelectorAll(".icon")) {
|
||||||
|
if (!i.title) i.title = i.textContent;
|
||||||
|
}
|
||||||
|
|
||||||
|
function toggleHider(b) {
|
||||||
|
let cl = hider.classList;
|
||||||
|
cl.toggle("open", b);
|
||||||
|
cl.toggle("empty", !hider.querySelector(".icon"));
|
||||||
|
}
|
||||||
|
hider.querySelector(".hider-close").onclick = e => {
|
||||||
|
toggleHider(false);
|
||||||
|
};
|
||||||
|
|
||||||
|
toggleHider(false);
|
||||||
|
|
||||||
|
let dnd = {
|
||||||
|
dragstart(ev) {
|
||||||
|
let d = ev.target;
|
||||||
|
if (hider.querySelectorAll(".icon").length) {
|
||||||
|
toggleHider(true);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!d.classList.contains("icon")) {
|
||||||
|
ev.preventDefault();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
d.style.opacity = ".5";
|
||||||
|
let dt = ev.dataTransfer;
|
||||||
|
dt.setData("text/plain", d.id);
|
||||||
|
dt.dropEffect = "move";
|
||||||
|
dt.setDragImage(d, 0, 0);
|
||||||
|
toggleHider(true);
|
||||||
|
},
|
||||||
|
dragend(ev) {
|
||||||
|
ev.target.style.opacity = "";
|
||||||
|
},
|
||||||
|
dragover(ev) {
|
||||||
|
ev.preventDefault();
|
||||||
|
},
|
||||||
|
dragenter(ev) {
|
||||||
|
let t = ev.target;
|
||||||
|
},
|
||||||
|
dragleave(ev) {
|
||||||
|
let t = ev.target;
|
||||||
|
},
|
||||||
|
drop(ev) {
|
||||||
|
let t = ev.target;
|
||||||
|
let d = document.getElementById(ev.dataTransfer.getData("text/plain"));
|
||||||
|
switch(t) {
|
||||||
|
case hider:
|
||||||
|
t.appendChild(d);
|
||||||
|
break;
|
||||||
|
case toolbar:
|
||||||
|
t.insertBefore(d, ev.clientX < hider.offsetLeft ? hider : spacer.nextElementSibling);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
t.parentNode.insertBefore(d, ev.clientX < (t.offsetLeft + t.offsetWidth) ? t : t.nextElementSibling);
|
||||||
|
}
|
||||||
|
|
||||||
|
let left = [], right = [];
|
||||||
|
let side = left;
|
||||||
|
for (let el of document.querySelectorAll("#top > .icon, #top > .spacer")) {
|
||||||
|
if (el === spacer) {
|
||||||
|
side = right;
|
||||||
|
} else {
|
||||||
|
side.push(el.id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
UI.local.toolbarLayout = {
|
||||||
|
left, right,
|
||||||
|
hidden: Array.map(document.querySelectorAll("#top > .hider > .icon"), el => el.id),
|
||||||
|
};
|
||||||
|
|
||||||
|
debug("%o", UI.local);
|
||||||
|
UI.updateSettings({local: UI.local});
|
||||||
|
},
|
||||||
|
|
||||||
|
click(ev) {
|
||||||
|
let el = ev.target;
|
||||||
|
if (el.parentNode === hider && el.classList.contains("icon")) {
|
||||||
|
ev.preventDefault();
|
||||||
|
ev.stopPropagation();
|
||||||
|
} else if (el === spacer || el.classList.contains("reveal")) {
|
||||||
|
toggleHider(true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
for (let [action, handler] of Object.entries(dnd)) {
|
||||||
|
toolbar.addEventListener(action, handler, true);
|
||||||
|
}
|
||||||
|
|
||||||
|
for (let draggable of document.querySelectorAll("#top .icon")) {
|
||||||
|
draggable.setAttribute("draggable", "true");
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,63 @@
|
||||||
|
input {
|
||||||
|
transform: none !important;
|
||||||
|
width: auto !important;
|
||||||
|
position: static !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
input[type="radio"] {
|
||||||
|
-moz-appearance: radio !important;
|
||||||
|
padding-right: .2em !important;
|
||||||
|
}
|
||||||
|
input[type="checkbox"] {
|
||||||
|
-moz-appearance: checkbox !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
button {
|
||||||
|
text-indent: 0 !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
label {
|
||||||
|
display: initial !important;
|
||||||
|
position: static !important;
|
||||||
|
transform: none !important;
|
||||||
|
opacity: 1 !important;
|
||||||
|
text-indent: 0 !Important;
|
||||||
|
position: static;
|
||||||
|
width: auto !important;
|
||||||
|
padding: 4px !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.preset {
|
||||||
|
display: block;
|
||||||
|
width: auto !important;
|
||||||
|
white-space: nowrap !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
input.temp {
|
||||||
|
position: static !important;
|
||||||
|
opacity: 1 !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.full-address {
|
||||||
|
font-size: 130%;
|
||||||
|
}
|
||||||
|
|
||||||
|
tr.site {
|
||||||
|
border-top: 1px solid #888;
|
||||||
|
}
|
||||||
|
|
||||||
|
#top {
|
||||||
|
display:flex;
|
||||||
|
flex-flow: row;
|
||||||
|
justify-content: space-around;
|
||||||
|
|
||||||
|
}
|
||||||
|
#top button {
|
||||||
|
position: static;
|
||||||
|
width: auto;
|
||||||
|
}
|
||||||
|
#top button.icon {
|
||||||
|
font-size: 12px !important;
|
||||||
|
font-family: arial sans-serif !important;
|
||||||
|
}
|
|
@ -0,0 +1,391 @@
|
||||||
|
|
||||||
|
body {
|
||||||
|
font-family: sans-serif;
|
||||||
|
font: -moz-use-system-font;
|
||||||
|
font-size: 12px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.mobile > body {
|
||||||
|
font-size: 4mm;
|
||||||
|
min-width: auto;
|
||||||
|
}
|
||||||
|
|
||||||
|
.mobile .desktop {
|
||||||
|
display: none !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
@media (max-width: 100mm) {
|
||||||
|
body {
|
||||||
|
background-size: 4em !important;
|
||||||
|
padding-right: 0 !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets {
|
||||||
|
width: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets input.preset {
|
||||||
|
min-width: 0 !important;
|
||||||
|
background-color: none !important;
|
||||||
|
margin-bottom: 0;
|
||||||
|
margin-top: 1mm;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
.presets input.temp {
|
||||||
|
position: static;
|
||||||
|
}
|
||||||
|
.presets label.preset {
|
||||||
|
font-size: 50%;
|
||||||
|
top: -1mm;
|
||||||
|
left: 0;
|
||||||
|
margin: 0;
|
||||||
|
padding: 0;
|
||||||
|
text-align: center;
|
||||||
|
text-shadow: 0 0 4px #ff8;
|
||||||
|
position: absolute;
|
||||||
|
overflow: visible;
|
||||||
|
}
|
||||||
|
|
||||||
|
td.presets {
|
||||||
|
white-space: nowrap !important;
|
||||||
|
vertical-align: bottom;
|
||||||
|
}
|
||||||
|
.url {
|
||||||
|
white-space: wrap;
|
||||||
|
word-break: break-all;
|
||||||
|
font-size: 75%;
|
||||||
|
letter-spacing: -0.2mm;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
input[type="text"] {
|
||||||
|
border: 1px solid;
|
||||||
|
}
|
||||||
|
input[type="checkbox"] {
|
||||||
|
width: 1em;
|
||||||
|
height: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets {
|
||||||
|
-moz-user-select: none;
|
||||||
|
}
|
||||||
|
.sites {
|
||||||
|
border: 0;
|
||||||
|
background: white;
|
||||||
|
border-collapse: collapse;
|
||||||
|
border-spacing: 0;
|
||||||
|
width: 100%;
|
||||||
|
overflow-y: auto;
|
||||||
|
|
||||||
|
}
|
||||||
|
.sites tr, .sites td {
|
||||||
|
margin: 0;
|
||||||
|
padding: 0;
|
||||||
|
border: none;
|
||||||
|
font-size: 1em;
|
||||||
|
}
|
||||||
|
.sites > tr.site:hover, .sites > tr.sites:active {
|
||||||
|
background: #abf;
|
||||||
|
}
|
||||||
|
.sites > tr:nth-child(even) {background: #fff}
|
||||||
|
.sites > tr:nth-child(odd) {background: #eee}
|
||||||
|
|
||||||
|
.site .url {
|
||||||
|
padding: 0 0 0 0.5em;
|
||||||
|
color: #ccc;
|
||||||
|
vertical-align: middle;
|
||||||
|
}
|
||||||
|
.site .url .protocol { display: none }
|
||||||
|
|
||||||
|
.site .url .domain { cursor: help }
|
||||||
|
|
||||||
|
[data-key="domain"] .full-address .host,
|
||||||
|
[data-key="domain"] .full-address .sub,
|
||||||
|
[data-key="domain"] .full-address .protocol,
|
||||||
|
[data-key="host"] .full-address span .protocol,
|
||||||
|
[data-key="host"] .full-address span .protocol, {
|
||||||
|
background-color: #afe;
|
||||||
|
}
|
||||||
|
[data-key="host"] .full-address span .protocol,
|
||||||
|
[data-key="domain"] .full-address span .host,
|
||||||
|
[data-key="domain"] .full-address span .protocol {
|
||||||
|
border: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
.site .url[data-key="domain"] .domain,
|
||||||
|
.site .url[data-key="host"] .domain,
|
||||||
|
.site .url[data-key="host"] .sub,
|
||||||
|
.site .url[data-key="unsafe"] span {
|
||||||
|
color: #a00;
|
||||||
|
}
|
||||||
|
|
||||||
|
.site .url[data-key="secure"] .domain,
|
||||||
|
.site .url[data-key="secure"] .sub,
|
||||||
|
.site .url[data-key="full"] span {
|
||||||
|
color: black;
|
||||||
|
}
|
||||||
|
|
||||||
|
.site .url[data-key="full"] span,
|
||||||
|
.site .url[data-key="unsafe"] span {
|
||||||
|
display: initial;
|
||||||
|
}
|
||||||
|
|
||||||
|
.site .url .domain {
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
input.https-only {
|
||||||
|
font-size: 1em;
|
||||||
|
-moz-appearance: none;
|
||||||
|
background: url(/img/ui-http64.png) no-repeat center;
|
||||||
|
background-size: 1.5em;
|
||||||
|
width: 1.5em;
|
||||||
|
height: 1.5em;
|
||||||
|
margin: 0 0 -0.13em 0.13em;
|
||||||
|
padding:0;
|
||||||
|
cursor: pointer;
|
||||||
|
}
|
||||||
|
input.https-only:checked {
|
||||||
|
background-image: url(/img/ui-https64.png);
|
||||||
|
}
|
||||||
|
label.https-only {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
[data-preset="UNTRUSTED"] .https-only, [data-preset="DEFAULT"] .https-only {
|
||||||
|
visibility: hidden;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
td.presets {
|
||||||
|
font-size: 1em;
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
|
||||||
|
.mobile td.presets {
|
||||||
|
white-space: normal;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.preset {
|
||||||
|
position: relative;
|
||||||
|
display: inline-block;
|
||||||
|
top: 0.13em;
|
||||||
|
font-size: 1em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.preset label, .preset input, .preset button {
|
||||||
|
cursor: pointer;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets input.preset {
|
||||||
|
font-size: 1em;
|
||||||
|
-moz-appearance: none;
|
||||||
|
background: url(/img/ui-no64.png) no-repeat center left;
|
||||||
|
background-size: 1.5em;
|
||||||
|
width: 1.5em;
|
||||||
|
height: 1.5em;
|
||||||
|
outline: 0;
|
||||||
|
opacity: .5;
|
||||||
|
margin: 0 .5em 0.13em .5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
input.preset:active, input.preset:focus, input.preset:hover {
|
||||||
|
background-color: #ff8;
|
||||||
|
border-radius: .5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets input.preset:checked, #presets input.preset {
|
||||||
|
opacity: 1;
|
||||||
|
transform: none;
|
||||||
|
min-width: 9.38em;
|
||||||
|
background-color: #ddd;
|
||||||
|
border-radius: 0.5em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets input.preset:focus {
|
||||||
|
transform: none;
|
||||||
|
}
|
||||||
|
.sites input + label {
|
||||||
|
font-size: 1em;
|
||||||
|
line-height: 1.5em;
|
||||||
|
vertical-align: top;
|
||||||
|
}
|
||||||
|
.presets label.preset {
|
||||||
|
padding: 0;
|
||||||
|
letter-spacing: -0.06em;
|
||||||
|
width: 0em;
|
||||||
|
overflow: hidden;
|
||||||
|
display: none;
|
||||||
|
text-transform: uppercase;
|
||||||
|
color: #000;
|
||||||
|
opacity: .6;
|
||||||
|
position: absolute;
|
||||||
|
left: 0em;
|
||||||
|
padding-left: 2.5em;
|
||||||
|
|
||||||
|
transition: 0.2s all;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets input.preset[value^="T"] + label {
|
||||||
|
text-transform: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
.presets input.preset:checked + label, #presets .presets label {
|
||||||
|
opacity: 1;
|
||||||
|
width: 100%;
|
||||||
|
display: inline-block;
|
||||||
|
}
|
||||||
|
|
||||||
|
button.options {
|
||||||
|
-moz-appearance: none;
|
||||||
|
border: none;
|
||||||
|
background: none transparent;
|
||||||
|
font-family: sans-serif;
|
||||||
|
font-weight: bold;
|
||||||
|
color: #048;
|
||||||
|
text-shadow: -0.06em -0.06em 0.06em #fff, 0.13em 0.13em 0.13em #000;
|
||||||
|
padding: 0;
|
||||||
|
margin: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.preset .options {
|
||||||
|
-moz-appearance: none;
|
||||||
|
|
||||||
|
border: 0;
|
||||||
|
background: none;
|
||||||
|
font-size: 1em;
|
||||||
|
width: 1em;
|
||||||
|
height: 1em;
|
||||||
|
|
||||||
|
opacity: 0;
|
||||||
|
position: absolute;
|
||||||
|
bottom: 0.88em;
|
||||||
|
left: 1.13em;
|
||||||
|
|
||||||
|
pointer-events: none;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
.preset:hover input.preset:checked ~ .options {
|
||||||
|
display: block;
|
||||||
|
opacity: 1;
|
||||||
|
bottom: 0.38em;
|
||||||
|
|
||||||
|
}
|
||||||
|
input.preset[value="T_TRUSTED"] {
|
||||||
|
background-image: url(/img/ui-temp64.png);
|
||||||
|
}
|
||||||
|
|
||||||
|
input.preset[value="TRUSTED"] {
|
||||||
|
background-image: url(/img/ui-yes64.png)
|
||||||
|
}
|
||||||
|
input.preset[value="UNTRUSTED"] {
|
||||||
|
background-image: url(/img/ui-black64.png)
|
||||||
|
}
|
||||||
|
input.preset[value="CUSTOM"] {
|
||||||
|
background-image: url(/img/ui-custom64.png)
|
||||||
|
}
|
||||||
|
|
||||||
|
input.temp {
|
||||||
|
font-size: 1em;
|
||||||
|
-moz-appearance: none;
|
||||||
|
margin: 0;
|
||||||
|
padding: 0;
|
||||||
|
border: 0;
|
||||||
|
opacity: 0;
|
||||||
|
background: url(/img/ui-clock64.png) no-repeat center;
|
||||||
|
background-size: 60%;
|
||||||
|
width: 1.5em;
|
||||||
|
height: 1.5em;
|
||||||
|
transition: 0.2s all;
|
||||||
|
right: 0;
|
||||||
|
top: 0;
|
||||||
|
pointer-events: none;
|
||||||
|
position: absolute;
|
||||||
|
}
|
||||||
|
|
||||||
|
input.temp + label {
|
||||||
|
display: none;
|
||||||
|
}
|
||||||
|
|
||||||
|
input.preset:checked ~ input.temp {
|
||||||
|
opacity: .5;
|
||||||
|
right: .5em;
|
||||||
|
pointer-events: all;
|
||||||
|
}
|
||||||
|
.presets input.preset:checked ~ input.temp:checked {
|
||||||
|
opacity: 1 !important;
|
||||||
|
background-size: 100%;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
.customizing input.preset:checked, #presets input.preset:checked, .customizer fieldset {
|
||||||
|
background-color: #ffb !important;
|
||||||
|
border-radius: 0.5em 0.5em 0 0;
|
||||||
|
margin: 0 0.06em 0.06em 0.06em;
|
||||||
|
}
|
||||||
|
.customizing input.preset:checked, #presets input.preset, #presets input.preset:checked {
|
||||||
|
margin: 0 1em -0.2em 1em;
|
||||||
|
border-radius: 0.5em 0.5em 0 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
.customizing input.preset:checked + label.preset {
|
||||||
|
padding-left: 3em;
|
||||||
|
}
|
||||||
|
|
||||||
|
.customizing, .customizer {
|
||||||
|
background-color: #cca !important;
|
||||||
|
}
|
||||||
|
|
||||||
|
.customizer div {
|
||||||
|
transition: 0.2s height;
|
||||||
|
padding: 0;
|
||||||
|
margin: 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.cap {
|
||||||
|
white-space: nowrap;
|
||||||
|
display: inline-block;
|
||||||
|
}
|
||||||
|
|
||||||
|
.customizer.closed .customizer-controls {
|
||||||
|
height: 0;
|
||||||
|
overflow: hidden;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.cap {
|
||||||
|
padding: 0.5em;
|
||||||
|
font-weight: normal;
|
||||||
|
}
|
||||||
|
|
||||||
|
span.cap.needed {
|
||||||
|
font-weight: bold;
|
||||||
|
background-color: #c88;
|
||||||
|
}
|
||||||
|
|
||||||
|
fieldset {
|
||||||
|
border: 0;
|
||||||
|
padding: 1.5em 0.5em 0.5em 0.5em;
|
||||||
|
margin: 0;
|
||||||
|
position: relative;
|
||||||
|
}
|
||||||
|
|
||||||
|
legend {
|
||||||
|
font-weight: bold;
|
||||||
|
display: inline;
|
||||||
|
position: absolute;
|
||||||
|
top: 0.25em;
|
||||||
|
left: 1em;
|
||||||
|
white-space: nowrap;
|
||||||
|
}
|
||||||
|
.customizer legend {
|
||||||
|
font-weight: bold;
|
||||||
|
font-size: 0.75em;
|
||||||
|
}
|
||||||
|
|
||||||
|
#presets .https-only {
|
||||||
|
display: none;
|
||||||
|
}
|
|
@ -0,0 +1,661 @@
|
||||||
|
'use strict';
|
||||||
|
var UI = (() => {
|
||||||
|
|
||||||
|
var UI = {
|
||||||
|
initialized: false,
|
||||||
|
|
||||||
|
presets: {
|
||||||
|
"DEFAULT": "Default",
|
||||||
|
"T_TRUSTED": "Trusted_temporary",
|
||||||
|
"TRUSTED": "Trusted_permanent",
|
||||||
|
"UNTRUSTED": "Untrusted",
|
||||||
|
"CUSTOM": "Custom",
|
||||||
|
},
|
||||||
|
|
||||||
|
async init(tabId = -1) {
|
||||||
|
UI.tabId = tabId;
|
||||||
|
let scripts = [
|
||||||
|
"/ui/ui.css",
|
||||||
|
"/lib/punycode.js",
|
||||||
|
"/lib/tld.js",
|
||||||
|
"/common/Policy.js",
|
||||||
|
];
|
||||||
|
this.mobile = !("windows" in browser);
|
||||||
|
if (this.mobile) {
|
||||||
|
document.documentElement.classList.toggle("mobile", true);
|
||||||
|
scripts.push("/lib/fastclick.js");
|
||||||
|
}
|
||||||
|
await include(scripts);
|
||||||
|
|
||||||
|
detectHighContrast();
|
||||||
|
|
||||||
|
let inited = new Promise(resolve => {
|
||||||
|
let listener = m => {
|
||||||
|
if (m.type === "settings") {
|
||||||
|
UI.policy = new Policy(m.policy);
|
||||||
|
UI.snapshot = UI.policy.snapshot;
|
||||||
|
UI.seen = m.seen;
|
||||||
|
UI.unrestrictedTab = m.unrestrictedTab;
|
||||||
|
UI.xssUserChoices = m.xssUserChoices;
|
||||||
|
UI.local = m.local;
|
||||||
|
UI.sync = m.sync;
|
||||||
|
if (UI.local && !UI.local.debug) {
|
||||||
|
debug = () => {}; // be quiet!
|
||||||
|
}
|
||||||
|
resolve();
|
||||||
|
if (UI.onSettings) UI.onSettings();
|
||||||
|
}
|
||||||
|
};
|
||||||
|
browser.runtime.onMessage.addListener(listener);
|
||||||
|
|
||||||
|
if (this.mobile) FastClick.attach(document.body);
|
||||||
|
UI.pullSettings();
|
||||||
|
});
|
||||||
|
|
||||||
|
await inited;
|
||||||
|
|
||||||
|
this.initialized = true;
|
||||||
|
debug("Imported", Policy);
|
||||||
|
},
|
||||||
|
async pullSettings() {
|
||||||
|
browser.runtime.sendMessage({type: "NoScript.broadcastSettings", tabId: UI.tabId});
|
||||||
|
},
|
||||||
|
async updateSettings({policy, xssUserChoices, unrestrictedTab, local, sync, reloadAffected}) {
|
||||||
|
if (policy) policy = policy.dry(true);
|
||||||
|
return await browser.runtime.sendMessage({type: "NoScript.updateSettings",
|
||||||
|
policy,
|
||||||
|
xssUserChoices,
|
||||||
|
unrestrictedTab,
|
||||||
|
local,
|
||||||
|
sync,
|
||||||
|
reloadAffected,
|
||||||
|
tabId: UI.tabId,
|
||||||
|
});
|
||||||
|
},
|
||||||
|
|
||||||
|
async exportSettings() {
|
||||||
|
return await browser.runtime.sendMessage({type: "NoScript.exportSettings"});
|
||||||
|
},
|
||||||
|
async importSettings(data) {
|
||||||
|
return await browser.runtime.sendMessage({type: "NoScript.importSettings", data});
|
||||||
|
},
|
||||||
|
|
||||||
|
async revokeTemp() {
|
||||||
|
let policy = this.policy;
|
||||||
|
Policy.hydrate(policy.dry(), policy);
|
||||||
|
if (this.isDirty(true)) {
|
||||||
|
await this.updateSettings({policy, reloadAffected: true});
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
isDirty(reset = false) {
|
||||||
|
let currentSnapshot = this.policy.snapshot;
|
||||||
|
let dirty = currentSnapshot != this.snapshot;
|
||||||
|
if (reset) this.snapshot = currentSnapshot;
|
||||||
|
return dirty;
|
||||||
|
},
|
||||||
|
|
||||||
|
async openSiteInfo(domain) {
|
||||||
|
let url = `/ui/siteInfo.html#${encodeURIComponent(domain)};${UI.tabId}`;
|
||||||
|
browser.tabs.create({url});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
function detectHighContrast() {
|
||||||
|
// detect high contrast
|
||||||
|
let canary = document.createElement("input");
|
||||||
|
canary.className="https-only";
|
||||||
|
canary.style.display = "none";
|
||||||
|
document.body.appendChild(canary);
|
||||||
|
if (UI.highContrast = window.getComputedStyle(canary).backgroundImage === "none") {
|
||||||
|
include("/ui/ui-hc.css");
|
||||||
|
document.documentElement.classList.toggle("hc");
|
||||||
|
}
|
||||||
|
canary.parentNode.removeChild(canary);
|
||||||
|
}
|
||||||
|
|
||||||
|
function fireOnChange(sitesUI, data) {
|
||||||
|
if (UI.isDirty(true)) {
|
||||||
|
UI.updateSettings({policy: UI.policy});
|
||||||
|
if (sitesUI.onChange) sitesUI.onChange(data, this);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function compareBy(prop, a, b) {
|
||||||
|
let x = a[prop], y = b[prop];
|
||||||
|
return x > y ? 1 : x < y ? -1 : 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
const TEMPLATE = `
|
||||||
|
<table class="sites">
|
||||||
|
<tr class="site">
|
||||||
|
|
||||||
|
<td class="presets">
|
||||||
|
<span class="preset">
|
||||||
|
<input id="preset" class="preset" type="radio" name="preset"><label for="preset" class="preset">PRESET</label>
|
||||||
|
<button class="options tiny">⚙</button>
|
||||||
|
<input id="temp" class="temp" type="checkbox"><label for="temp">Temporary</input>
|
||||||
|
</span>
|
||||||
|
</td>
|
||||||
|
|
||||||
|
<td class="url" data-key="secure">
|
||||||
|
<input class="https-only" id="https-only" type="checkbox"><label for="https-only" class="https-only"></label>
|
||||||
|
<span class="full-address">
|
||||||
|
<span class="protocol">https://</span><span class="sub">www.</span><span class="domain">noscript.net</span><span class="path"></span>
|
||||||
|
</span>
|
||||||
|
</td>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</tr>
|
||||||
|
<tr class="customizer">
|
||||||
|
<td colspan="2">
|
||||||
|
<div class="customizer-controls">
|
||||||
|
<fieldset><legend></legend>
|
||||||
|
<span class="cap">
|
||||||
|
<input class="cap" type="checkbox" value="script" />
|
||||||
|
<label class="cap">script</label>
|
||||||
|
</span>
|
||||||
|
</fieldset>
|
||||||
|
</div>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</table>
|
||||||
|
`;
|
||||||
|
|
||||||
|
const TEMP_PRESETS = ["CUSTOM"];
|
||||||
|
const DEF_PRESETS = {
|
||||||
|
// name: customizable,
|
||||||
|
"DEFAULT": false,
|
||||||
|
"T_TRUSTED": false,
|
||||||
|
"TRUSTED": false,
|
||||||
|
"UNTRUSTED": false,
|
||||||
|
"CUSTOM": true,
|
||||||
|
};
|
||||||
|
|
||||||
|
UI.Sites = class {
|
||||||
|
constructor(parentNode, presets = DEF_PRESETS) {
|
||||||
|
this.parentNode = parentNode;
|
||||||
|
let policy = UI.policy;
|
||||||
|
this.uiCount = UI.Sites.count = (UI.Sites.count || 0) + 1;
|
||||||
|
this.sites = policy.sites;
|
||||||
|
this.presets = presets;
|
||||||
|
this.customizing = null;
|
||||||
|
this.typesMap = new Map();
|
||||||
|
this.clear();
|
||||||
|
}
|
||||||
|
|
||||||
|
initRow(table = this.table) {
|
||||||
|
let row = table.querySelector("tr.site");
|
||||||
|
|
||||||
|
// PRESETS
|
||||||
|
{
|
||||||
|
let presets = row.querySelector(".presets");
|
||||||
|
let [span, input, label, options] = presets.querySelectorAll("span.preset, input.preset, label.preset, .options");
|
||||||
|
span.remove();
|
||||||
|
options.title = _("Options");
|
||||||
|
for (let [preset, customizable] of Object.entries(this.presets)) {
|
||||||
|
let messageKey = UI.presets[preset];
|
||||||
|
input.value = preset;
|
||||||
|
label.textContent = label.title = input.title = _(messageKey);
|
||||||
|
let clone = span.cloneNode(true);
|
||||||
|
clone.classList.add(preset);
|
||||||
|
let temp = clone.querySelector(".temp");
|
||||||
|
if (TEMP_PRESETS.includes(preset)) {
|
||||||
|
temp.title = _("allowTemp", `(${label.title.toUpperCase()})`);
|
||||||
|
temp.nextElementSibling.textContent = _("allowTemp", ""); // label;
|
||||||
|
} else {
|
||||||
|
temp.nextElementSibling.remove();
|
||||||
|
temp.remove();
|
||||||
|
}
|
||||||
|
if (customizable) {
|
||||||
|
clone.querySelector(".options").remove();
|
||||||
|
}
|
||||||
|
presets.appendChild(clone);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// URL
|
||||||
|
{
|
||||||
|
let [input, label] = row.querySelectorAll("input.https-only, label.https-only");
|
||||||
|
input.title = label.title = label.textContent = _("httpsOnly");
|
||||||
|
}
|
||||||
|
|
||||||
|
// CUSTOMIZER ROW
|
||||||
|
{
|
||||||
|
let [customizer, legend, cap, capInput, capLabel] = table.querySelectorAll(".customizer, legend, span.cap, input.cap, label.cap");
|
||||||
|
row._customizer = customizer;
|
||||||
|
customizer.remove();
|
||||||
|
let capParent = cap.parentNode;
|
||||||
|
capParent.removeChild(cap);
|
||||||
|
legend.textContent = _("allow");
|
||||||
|
let idSuffix = UI.Sites.count;
|
||||||
|
for (let capability of Permissions.ALL) {
|
||||||
|
capInput.id = `capability-${capability}-${idSuffix}`
|
||||||
|
capLabel.setAttribute("for", capInput.id);
|
||||||
|
capInput.value = capability;
|
||||||
|
capInput.title = capLabel.textContent = _(`cap_${capability}`);
|
||||||
|
let clone = capParent.appendChild(cap.cloneNode(true));
|
||||||
|
clone.classList.add(capability);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// debug(table.outerHTML);
|
||||||
|
return row;
|
||||||
|
}
|
||||||
|
|
||||||
|
allSiteRows() {
|
||||||
|
return this.table.querySelectorAll("tr.site");
|
||||||
|
}
|
||||||
|
clear() {
|
||||||
|
debug("Clearing list", this.table);
|
||||||
|
|
||||||
|
this.template = document.createElement("template");
|
||||||
|
this.template.innerHTML = TEMPLATE;
|
||||||
|
this.fragment = this.template.content;
|
||||||
|
this.table = this.fragment.querySelector("table.sites");
|
||||||
|
this.rowTemplate = this.initRow();
|
||||||
|
|
||||||
|
for (let r of this.allSiteRows()) {
|
||||||
|
r.parentNode.removeChild(r);
|
||||||
|
}
|
||||||
|
this.customize(null);
|
||||||
|
this.sitesCount = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
siteNeeds(site, type) {
|
||||||
|
let siteTypes = this.typesMap && this.typesMap.get(site);
|
||||||
|
return !!siteTypes && siteTypes.has(type);
|
||||||
|
}
|
||||||
|
|
||||||
|
handleEvent(ev) {
|
||||||
|
let target = ev.target;
|
||||||
|
let customizer = target.closest(".customizer");
|
||||||
|
let row = customizer ? customizer.parentNode.querySelector("tr.customizing") : target.closest("tr.site");
|
||||||
|
if (!row) return;
|
||||||
|
row.temp2perm = false;
|
||||||
|
let isTemp = target.matches("input.temp");
|
||||||
|
let preset = target.matches("input.preset") ? target
|
||||||
|
: customizer || isTemp ? row.querySelector("input.preset:checked")
|
||||||
|
: target.closest("input.preset");
|
||||||
|
debug("%s target %o\n\trow %s, perms %o\npreset %s %s",
|
||||||
|
ev.type,
|
||||||
|
target, row && row.siteMatch, row && row.perms,
|
||||||
|
preset && preset.value, preset && preset.checked);
|
||||||
|
|
||||||
|
if (!preset) {
|
||||||
|
if (target.matches("input.https-only") && ev.type === "change") {
|
||||||
|
this.toggleSecure(row, target.checked);
|
||||||
|
fireOnChange(this, row);
|
||||||
|
} else if (target.matches(".domain")) {
|
||||||
|
UI.openSiteInfo(row.domain);
|
||||||
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
let policy = UI.policy;
|
||||||
|
let {siteMatch, contextMatch, perms} = row;
|
||||||
|
let presetValue = preset.value;
|
||||||
|
let policyPreset = presetValue.startsWith("T_") ? policy[presetValue.substring(2)].tempTwin : policy[presetValue];
|
||||||
|
|
||||||
|
if (policyPreset) {
|
||||||
|
if (row.perms !== policyPreset) {
|
||||||
|
row.temp2perm = row.perms && policyPreset.tempTwin === row.perms;
|
||||||
|
row.perms = policyPreset;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
let isCap = customizer && target.matches(".cap");
|
||||||
|
let tempToggle = preset.parentNode.querySelector("input.temp");
|
||||||
|
|
||||||
|
if (ev.type === "change") {
|
||||||
|
if (preset.checked) {
|
||||||
|
row.dataset.preset = preset.value;
|
||||||
|
}
|
||||||
|
if (isCap) {
|
||||||
|
perms.set(target.value, target.checked);
|
||||||
|
} else if (policyPreset) {
|
||||||
|
if (tempToggle && tempToggle.checked) {
|
||||||
|
policyPreset = policyPreset.tempTwin;
|
||||||
|
}
|
||||||
|
row.contextMatch = null;
|
||||||
|
row.perms = policyPreset;
|
||||||
|
delete row._customPerms;
|
||||||
|
debug("Site match", siteMatch);
|
||||||
|
if (siteMatch) {
|
||||||
|
policy.set(siteMatch, policyPreset);
|
||||||
|
} else {
|
||||||
|
this.customize(policyPreset, preset, row);
|
||||||
|
}
|
||||||
|
|
||||||
|
} else if (preset.value === "CUSTOM") {
|
||||||
|
if (isTemp) {
|
||||||
|
row.perms.temp = target.checked;
|
||||||
|
} else {
|
||||||
|
let temp = preset.parentNode.querySelector("input.temp").checked;
|
||||||
|
let perms = row._customPerms ||
|
||||||
|
(row._customPerms = new Permissions(new Set(row.perms.capabilities), temp));
|
||||||
|
row.perms = perms;
|
||||||
|
policy.set(siteMatch, perms);
|
||||||
|
this.customize(perms, preset, row);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
fireOnChange(this, row);
|
||||||
|
} else if (!(isCap || isTemp) && ev.type === "click") {
|
||||||
|
this.customize(row.perms, preset, row);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
customize(perms, preset, row) {
|
||||||
|
debug("Customize preset %s (%o) - Dirty: %s", preset && preset.value, perms, this.dirty);
|
||||||
|
for(let r of this.table.querySelectorAll("tr.customizing")) {
|
||||||
|
r.classList.toggle("customizing", false);
|
||||||
|
}
|
||||||
|
let customizer = this.rowTemplate._customizer;
|
||||||
|
customizer.classList.toggle("closed", true);
|
||||||
|
|
||||||
|
if (!(perms && row && preset &&
|
||||||
|
row.dataset.preset === preset.value &&
|
||||||
|
this.presets[preset.value] &&
|
||||||
|
preset !== customizer._preset)) {
|
||||||
|
delete customizer._preset;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
customizer._preset = preset;
|
||||||
|
row.classList.toggle("customizing", true);
|
||||||
|
let immutable = Permissions.IMMUTABLE[preset.value] || {};
|
||||||
|
for (let input of customizer.querySelectorAll("input")) {
|
||||||
|
let type = input.value;
|
||||||
|
if (type in immutable) {
|
||||||
|
input.disabled = true;
|
||||||
|
input.checked = immutable[type];
|
||||||
|
} else {
|
||||||
|
input.checked = perms.allowing(type);
|
||||||
|
input.disabled = false;
|
||||||
|
}
|
||||||
|
input.parentNode.classList.toggle("needed", this.siteNeeds(row._site, type));
|
||||||
|
row.parentNode.insertBefore(customizer, row.nextElementSibling);
|
||||||
|
customizer.classList.toggle("closed", false);
|
||||||
|
customizer.onkeydown = e => {
|
||||||
|
switch(e.keyCode) {
|
||||||
|
case 38:
|
||||||
|
case 8:
|
||||||
|
e.preventDefault();
|
||||||
|
this.onkeydown = null;
|
||||||
|
this.customize(null);
|
||||||
|
preset.focus();
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
window.setTimeout(() => customizer.querySelector("input").focus(), 50);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
render(sites = this.sites, sorter = this.sorter) {
|
||||||
|
let parentNode = this.parentNode;
|
||||||
|
debug("Rendering %o inside %o", sites, parentNode);
|
||||||
|
if (sites) this._populate(sites, sorter);
|
||||||
|
parentNode.innerHTML = "";
|
||||||
|
parentNode.appendChild(this.fragment);
|
||||||
|
let root = parentNode.querySelector("table.sites");
|
||||||
|
debug("Wiring", root);
|
||||||
|
if (!root.wiredBy) {
|
||||||
|
root.addEventListener("click", this, true);
|
||||||
|
root.addEventListener("change", this, true);
|
||||||
|
root.wiredBy = this;
|
||||||
|
}
|
||||||
|
return root;
|
||||||
|
}
|
||||||
|
|
||||||
|
_populate(sites, sorter) {
|
||||||
|
this.clear();
|
||||||
|
if (sites instanceof Sites) {
|
||||||
|
for (let [site, perms] of sites) {
|
||||||
|
this.append(site, site, perms);
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
for (let site of sites) {
|
||||||
|
let context = null;
|
||||||
|
if (site.site) {
|
||||||
|
site = site.site;
|
||||||
|
context = site.context;
|
||||||
|
}
|
||||||
|
let {siteMatch, perms, contextMatch} = UI.policy.get(site, context);
|
||||||
|
this.append(site, siteMatch, perms, contextMatch);
|
||||||
|
}
|
||||||
|
this.sites = sites;
|
||||||
|
}
|
||||||
|
this.sort(sorter);
|
||||||
|
window.setTimeout(() => this.focus(), 50);
|
||||||
|
}
|
||||||
|
|
||||||
|
focus() {
|
||||||
|
let firstPreset = this.table.querySelector("input.preset:checked");
|
||||||
|
if (firstPreset) firstPreset.focus();
|
||||||
|
}
|
||||||
|
|
||||||
|
sort(sorter = this.sorter) {
|
||||||
|
if (this.mainDomain) {
|
||||||
|
let md = this.mainDomain;
|
||||||
|
let wrappedCompare = sorter;
|
||||||
|
sorter = (a, b) => {
|
||||||
|
let x = a.domain, y = b.domain;
|
||||||
|
if (x === md) {
|
||||||
|
if (y !== md) {
|
||||||
|
return -1;
|
||||||
|
}
|
||||||
|
} else if (y === md) {
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
return wrappedCompare(a, b);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let rows = [...this.allSiteRows()].sort(sorter);
|
||||||
|
if (this.mainSite) {
|
||||||
|
let mainLabel = "." + this.mainDomain;
|
||||||
|
let topIdx = rows.findIndex(r => r._label === mainLabel);
|
||||||
|
if (topIdx === -1) rows.findIndex(r => r._site === this.mainSite);
|
||||||
|
if (topIdx !== -1) {
|
||||||
|
// move the row to the top
|
||||||
|
let topRow = rows.splice(topIdx, 1)[0];
|
||||||
|
rows.unshift(topRow);
|
||||||
|
topRow.classList.toggle("main", true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
this.clear();
|
||||||
|
for (let row of rows) this.table.appendChild(row);
|
||||||
|
this.table.appendChild(this.rowTemplate._customizer);
|
||||||
|
}
|
||||||
|
|
||||||
|
sorter(a, b) {
|
||||||
|
return compareBy("domain", a, b) || compareBy("_label", a, b);
|
||||||
|
}
|
||||||
|
|
||||||
|
async tempTrustAll() {
|
||||||
|
let {policy} = UI;
|
||||||
|
let changed = 0;
|
||||||
|
for (let row of this.allSiteRows()) {
|
||||||
|
if (row._preset === "DEFAULT") {
|
||||||
|
policy.set(row._site, policy.TRUSTED.tempTwin);
|
||||||
|
changed++;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (changed && UI.isDirty(true)) {
|
||||||
|
await UI.updateSettings({policy, reloadAffected: true});
|
||||||
|
}
|
||||||
|
return changed;
|
||||||
|
}
|
||||||
|
|
||||||
|
createSiteRow(site, siteMatch, perms, contextMatch = null, sitesCount = this.sitesCount++) {
|
||||||
|
debug("Creating row for site: %s, matching %s / %s, %o", site, siteMatch, contextMatch, perms);
|
||||||
|
|
||||||
|
let row = this.rowTemplate.cloneNode(true);
|
||||||
|
row.sitesCount = sitesCount;
|
||||||
|
let url;
|
||||||
|
try {
|
||||||
|
url = new URL(site);
|
||||||
|
} catch (e) {
|
||||||
|
let protocol = Sites.isSecureDomainKey(site) ? "https:" : "http:";
|
||||||
|
let hostname = Sites.toggleSecureDomainKey(site, false);
|
||||||
|
url = {protocol, hostname, origin: `${protocol}://${site}`, pathname: "/"};
|
||||||
|
}
|
||||||
|
|
||||||
|
let hostname = Sites.toExternal(url.hostname);
|
||||||
|
let domain = tld.getDomain(hostname);
|
||||||
|
|
||||||
|
if (!siteMatch) {
|
||||||
|
// siteMatch = url.protocol === "https:" ? Sites.secureDomainKey(domain) : site;
|
||||||
|
siteMatch = site;
|
||||||
|
}
|
||||||
|
let secure = Sites.isSecureDomainKey(siteMatch);
|
||||||
|
let keyStyle = secure ? "secure"
|
||||||
|
: !domain || /^\w+:/.test(siteMatch) ?
|
||||||
|
(url.protocol === "https:" ? "full" : "unsafe")
|
||||||
|
: domain === hostname ? "domain" : "host";
|
||||||
|
|
||||||
|
let urlContainer = row.querySelector(".url");
|
||||||
|
urlContainer.dataset.key = keyStyle;
|
||||||
|
row._site = site;
|
||||||
|
|
||||||
|
row.siteMatch = siteMatch;
|
||||||
|
row.contextMatch = contextMatch;
|
||||||
|
row.perms = perms;
|
||||||
|
row.domain = domain || siteMatch;
|
||||||
|
if (domain) { // "normal" URL
|
||||||
|
let justDomain = hostname === domain;
|
||||||
|
let domainEntry = secure || domain === site;
|
||||||
|
row._label = domainEntry ? "." + domain : site;
|
||||||
|
row.querySelector(".protocol").textContent = `${url.protocol}//`;
|
||||||
|
row.querySelector(".sub").textContent = justDomain ?
|
||||||
|
(keyStyle === "full" || keyStyle == "unsafe"
|
||||||
|
? "" : "…")
|
||||||
|
: hostname.substring(0, hostname.length - domain.length);
|
||||||
|
|
||||||
|
row.querySelector(".domain").textContent = domain;
|
||||||
|
row.querySelector(".path").textContent = siteMatch.length > url.origin.length ? url.pathname : "";
|
||||||
|
let httpsOnly = row.querySelector("input.https-only");
|
||||||
|
httpsOnly.checked = keyStyle === "full" || keyStyle === "secure";
|
||||||
|
} else {
|
||||||
|
row._label = siteMatch;
|
||||||
|
urlContainer.querySelector(".full-address").textContent = siteMatch;
|
||||||
|
}
|
||||||
|
|
||||||
|
let presets = row.querySelectorAll("input.preset");
|
||||||
|
let idSuffix = `-${this.uiCount}-${sitesCount}`;
|
||||||
|
for (let p of presets) {
|
||||||
|
p.id = `${p.value}${idSuffix}`;
|
||||||
|
p.name = `preset${idSuffix}`;
|
||||||
|
let label = p.nextElementSibling;
|
||||||
|
label.setAttribute("for", p.id);
|
||||||
|
let temp = p.parentNode.querySelector("input.temp");
|
||||||
|
if (temp) {
|
||||||
|
temp.id = `temp-${p.id}`;
|
||||||
|
label = temp.nextElementSibling;
|
||||||
|
label.setAttribute("for", temp.id);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let policy = UI.policy;
|
||||||
|
|
||||||
|
let presetName = "CUSTOM";
|
||||||
|
for (let p of ["TRUSTED", "UNTRUSTED", "DEFAULT"]) {
|
||||||
|
let preset = policy[p];
|
||||||
|
switch (perms) {
|
||||||
|
case preset:
|
||||||
|
presetName = p;
|
||||||
|
break;
|
||||||
|
case preset.tempTwin:
|
||||||
|
presetName = `T_${p}`;
|
||||||
|
if (!presetName in UI.presets) {
|
||||||
|
presetName = p;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let tempFirst = true; // TODO: make it a preference
|
||||||
|
let unsafeMatch = keyStyle !== "secure" && keyStyle !== "full";
|
||||||
|
if (presetName === "DEFAULT" && (tempFirst || unsafeMatch)) {
|
||||||
|
// prioritize temporary privileges over permanent
|
||||||
|
for (let p of TEMP_PRESETS) {
|
||||||
|
if (p in this.presets && (unsafeMatch || tempFirst && p === "TRUSTED")) {
|
||||||
|
row.querySelector(`.presets input[value="${p}"]`).parentNode.querySelector("input.temp").checked = true;
|
||||||
|
perms = policy.TRUSTED.tempTwin;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let preset = row.querySelector(`.presets input[value="${presetName}"]`);
|
||||||
|
if (!preset) {
|
||||||
|
debug(`Preset %s not found in %s!`, presetName, row.innerHTML);
|
||||||
|
} else {
|
||||||
|
preset.checked = true;
|
||||||
|
row.dataset.preset = row._preset = presetName;
|
||||||
|
if (TEMP_PRESETS.includes(presetName)) {
|
||||||
|
let temp = preset.parentNode.querySelector("input.temp");
|
||||||
|
if (temp) {
|
||||||
|
temp.checked = perms.temp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return row;
|
||||||
|
}
|
||||||
|
|
||||||
|
append(site, siteMatch, perms, contextMatch) {
|
||||||
|
this.table.appendChild(this.createSiteRow(...arguments));
|
||||||
|
}
|
||||||
|
|
||||||
|
toggleSecure(row, secure = !!row.querySelector("https-only:checked")) {
|
||||||
|
this.customize(null);
|
||||||
|
let site = row.siteMatch;
|
||||||
|
site = site.replace(/^https?:/, secure ? "https:" : "http:");
|
||||||
|
if (site === row.siteMatch) {
|
||||||
|
site = Sites.toggleSecureDomainKey(site, secure);
|
||||||
|
}
|
||||||
|
if (site !== row.siteMatch) {
|
||||||
|
let {policy} = UI;
|
||||||
|
policy.set(row.siteMatch, policy.DEFAULT);
|
||||||
|
policy.set(site, row.perms);
|
||||||
|
for(let r of this.allSiteRows()) {
|
||||||
|
if (r !== row && r.siteMatch === site && r.contextMatch === row.contextMatch) {
|
||||||
|
r.parentNode.removeChild(r);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let newRow = this.createSiteRow(site, site, row.perms, row.contextMatch, row.sitesCount);
|
||||||
|
row.parentNode.replaceChild(newRow, row);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
highlight(key) {
|
||||||
|
key = Sites.toExternal(key);
|
||||||
|
for (let r of this.allSiteRows()) {
|
||||||
|
if (r.querySelector(".full-address").textContent.trim().includes(key)) {
|
||||||
|
let url = r.lastElementChild;
|
||||||
|
url.style.transition = r.style.transition = "none";
|
||||||
|
r.style.backgroundColor = "#850";
|
||||||
|
url.style.transform = "scale(2)";
|
||||||
|
r.querySelector("input.preset:checked").focus();
|
||||||
|
window.setTimeout(() => {
|
||||||
|
r.style.transition = "1s background-color";
|
||||||
|
url.style.transition = "1s transform";
|
||||||
|
r.style.backgroundColor = "";
|
||||||
|
url.style.transform = "none";
|
||||||
|
r.scrollIntoView();
|
||||||
|
}, 50);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
filterSites(key) {
|
||||||
|
key = Sites.toExternal(key);
|
||||||
|
for (let r of this.allSiteRows()) {
|
||||||
|
if (r.querySelector(".full-address").textContent.trim().includes(key)) {
|
||||||
|
r.style.display = "";
|
||||||
|
} else {
|
||||||
|
r.style.display = "none";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return UI;
|
||||||
|
})();
|
|
@ -0,0 +1,45 @@
|
||||||
|
|
||||||
|
.cssload-container{
|
||||||
|
position:relative;
|
||||||
|
}
|
||||||
|
|
||||||
|
.cssload-whirlpool,
|
||||||
|
.cssload-whirlpool::before,
|
||||||
|
.cssload-whirlpool::after {
|
||||||
|
position: absolute;
|
||||||
|
top: 50%;
|
||||||
|
left: 50%;
|
||||||
|
border: 1px solid rgb(204,204,204);
|
||||||
|
border-left-color: rgb(0,0,0);
|
||||||
|
border-radius: 974px;
|
||||||
|
}
|
||||||
|
|
||||||
|
.cssload-whirlpool {
|
||||||
|
margin: -24px 0 0 -24px;
|
||||||
|
height: 49px;
|
||||||
|
width: 49px;
|
||||||
|
animation: cssload-rotate 1150ms linear infinite;
|
||||||
|
}
|
||||||
|
|
||||||
|
.cssload-whirlpool::before {
|
||||||
|
content: "";
|
||||||
|
margin: -22px 0 0 -22px;
|
||||||
|
height: 43px;
|
||||||
|
width: 43px;
|
||||||
|
animation: cssload-rotate 1150ms linear infinite;
|
||||||
|
}
|
||||||
|
|
||||||
|
.cssload-whirlpool::after {
|
||||||
|
content: "";
|
||||||
|
margin: -28px 0 0 -28px;
|
||||||
|
height: 55px;
|
||||||
|
width: 55px;
|
||||||
|
animation: cssload-rotate 2300ms linear infinite;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@keyframes cssload-rotate {
|
||||||
|
100% {
|
||||||
|
transform: rotate(360deg);
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,638 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
var ASPIdiocy = XSS.ASPIdiocy = {
|
||||||
|
_replaceRx: /%u([0-9a-fA-F]{4})/g,
|
||||||
|
_affectsRx: /%u[0-9a-fA-F]{4}/,
|
||||||
|
_badPercentRx: /%(?!u[0-9a-fA-F]{4}|[0-9a-fA-F]{2})|%(?:00|u0000)[^&=]*/g,
|
||||||
|
|
||||||
|
hasBadPercents(s) {
|
||||||
|
return this._badPercentRx.test(s)
|
||||||
|
},
|
||||||
|
removeBadPercents(s) {
|
||||||
|
return s.replace(this._badPercentRx, '');
|
||||||
|
},
|
||||||
|
affects(s) {
|
||||||
|
return this._affectsRx.test(s);
|
||||||
|
},
|
||||||
|
process(s) {
|
||||||
|
s = this.filter(s);
|
||||||
|
return /[\uff5f-\uffff]/.test(s) ? s + '&' + s.replace(/[\uff5f-\uffff]/g, '?') : s;
|
||||||
|
},
|
||||||
|
filter(s) {
|
||||||
|
return this.removeBadPercents(s).replace(this._replaceRx, this._replace)
|
||||||
|
},
|
||||||
|
|
||||||
|
coalesceQuery(s) { // HPP protection, see https://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf
|
||||||
|
let qm = s.indexOf("?");
|
||||||
|
if (qm < 0) return s;
|
||||||
|
let p = s.substring(0, qm);
|
||||||
|
let q = s.substring(qm + 1);
|
||||||
|
if (!q) return s;
|
||||||
|
|
||||||
|
let unchanged = true;
|
||||||
|
let emptyParams = false;
|
||||||
|
|
||||||
|
let pairs = (function rearrange(joinNames) {
|
||||||
|
let pairs = q.split("&");
|
||||||
|
let accumulator = {
|
||||||
|
__proto__: null
|
||||||
|
};
|
||||||
|
for (let j = 0, len = pairs.length; j < len; j++) {
|
||||||
|
let nv = pairs[j];
|
||||||
|
let eq = nv.indexOf("=");
|
||||||
|
if (eq === -1) {
|
||||||
|
emptyParams = true;
|
||||||
|
if (joinNames && j < len - 1) {
|
||||||
|
pairs[j + 1] = nv + "&" + pairs[j + 1];
|
||||||
|
delete pairs[j];
|
||||||
|
}
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
let key = "#" + unescape(nv.substring(0, eq)).toLowerCase();
|
||||||
|
if (key in accumulator) {
|
||||||
|
delete pairs[j];
|
||||||
|
pairs[accumulator[key]] += ", " + nv.substring(eq + 1);
|
||||||
|
unchanged = false;
|
||||||
|
} else {
|
||||||
|
accumulator[key] = j;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return (emptyParams && !(unchanged || joinNames)) ?
|
||||||
|
pairs.concat(rearrange(true).filter(p => pairs.indexOf(p) === -1)) :
|
||||||
|
pairs;
|
||||||
|
})();
|
||||||
|
|
||||||
|
if (unchanged) return s;
|
||||||
|
for (let j = pairs.length; j-- > 0;)
|
||||||
|
if (!pairs[j]) pairs.splice(j, 1);
|
||||||
|
return p + pairs.join("&");
|
||||||
|
},
|
||||||
|
|
||||||
|
_replace(match, hex) {
|
||||||
|
const k = parseInt(hex, 16);
|
||||||
|
const map = ASPIdiocy.map;
|
||||||
|
if (k in map) return map[k];
|
||||||
|
const range = ASPIdiocy._findRange(k);
|
||||||
|
return range && range.data || String.fromCharCode(k);
|
||||||
|
},
|
||||||
|
_findRange(k) {
|
||||||
|
const ranges = this.ranges;
|
||||||
|
for (let low = 0, high = ranges.length - 1; low <= high;) {
|
||||||
|
let i = parseInt((low + high) / 2);
|
||||||
|
let r = ranges[i];
|
||||||
|
let comparison = k < r.start ? 1 : k > r.end ? -1 : 0;
|
||||||
|
if (comparison < 0) low = i + 1;
|
||||||
|
else if (comparison > 0) high = i - 1;
|
||||||
|
else return r;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
XSS.ASPIdiocy.map = {
|
||||||
|
0x100: "\x41",
|
||||||
|
0x101: "\x61",
|
||||||
|
0x102: "\x41",
|
||||||
|
0x103: "\x61",
|
||||||
|
0x104: "\x41",
|
||||||
|
0x105: "\x61",
|
||||||
|
0x106: "\x43",
|
||||||
|
0x107: "\x63",
|
||||||
|
0x108: "\x43",
|
||||||
|
0x109: "\x63",
|
||||||
|
0x10a: "\x43",
|
||||||
|
0x10b: "\x63",
|
||||||
|
0x10c: "\x43",
|
||||||
|
0x10d: "\x63",
|
||||||
|
0x10e: "\x44",
|
||||||
|
0x10f: "\x64",
|
||||||
|
0x110: "\ufffd",
|
||||||
|
0x111: "\x64",
|
||||||
|
0x112: "\x45",
|
||||||
|
0x113: "\x65",
|
||||||
|
0x114: "\x45",
|
||||||
|
0x115: "\x65",
|
||||||
|
0x116: "\x45",
|
||||||
|
0x117: "\x65",
|
||||||
|
0x118: "\x45",
|
||||||
|
0x119: "\x65",
|
||||||
|
0x11a: "\x45",
|
||||||
|
0x11b: "\x65",
|
||||||
|
0x11c: "\x47",
|
||||||
|
0x11d: "\x67",
|
||||||
|
0x11e: "\x47",
|
||||||
|
0x11f: "\x67",
|
||||||
|
0x120: "\x47",
|
||||||
|
0x121: "\x67",
|
||||||
|
0x122: "\x47",
|
||||||
|
0x123: "\x67",
|
||||||
|
0x124: "\x48",
|
||||||
|
0x125: "\x68",
|
||||||
|
0x126: "\x48",
|
||||||
|
0x127: "\x68",
|
||||||
|
0x128: "\x49",
|
||||||
|
0x129: "\x69",
|
||||||
|
0x12a: "\x49",
|
||||||
|
0x12b: "\x69",
|
||||||
|
0x12c: "\x49",
|
||||||
|
0x12d: "\x69",
|
||||||
|
0x12e: "\x49",
|
||||||
|
0x12f: "\x69",
|
||||||
|
0x130: "\x49",
|
||||||
|
0x131: "\x69",
|
||||||
|
0x134: "\x4a",
|
||||||
|
0x135: "\x6a",
|
||||||
|
0x136: "\x4b",
|
||||||
|
0x137: "\x6b",
|
||||||
|
0x138: "\x3f",
|
||||||
|
0x139: "\x4c",
|
||||||
|
0x13a: "\x6c",
|
||||||
|
0x13b: "\x4c",
|
||||||
|
0x13c: "\x6c",
|
||||||
|
0x13d: "\x4c",
|
||||||
|
0x13e: "\x6c",
|
||||||
|
0x141: "\x4c",
|
||||||
|
0x142: "\x6c",
|
||||||
|
0x143: "\x4e",
|
||||||
|
0x144: "\x6e",
|
||||||
|
0x145: "\x4e",
|
||||||
|
0x146: "\x6e",
|
||||||
|
0x147: "\x4e",
|
||||||
|
0x148: "\x6e",
|
||||||
|
0x14c: "\x4f",
|
||||||
|
0x14d: "\x6f",
|
||||||
|
0x14e: "\x4f",
|
||||||
|
0x14f: "\x6f",
|
||||||
|
0x150: "\x4f",
|
||||||
|
0x151: "\x6f",
|
||||||
|
0x154: "\x52",
|
||||||
|
0x155: "\x72",
|
||||||
|
0x156: "\x52",
|
||||||
|
0x157: "\x72",
|
||||||
|
0x158: "\x52",
|
||||||
|
0x159: "\x72",
|
||||||
|
0x15a: "\x53",
|
||||||
|
0x15b: "\x73",
|
||||||
|
0x15c: "\x53",
|
||||||
|
0x15d: "\x73",
|
||||||
|
0x15e: "\x53",
|
||||||
|
0x15f: "\x73",
|
||||||
|
0x162: "\x54",
|
||||||
|
0x163: "\x74",
|
||||||
|
0x164: "\x54",
|
||||||
|
0x165: "\x74",
|
||||||
|
0x166: "\x54",
|
||||||
|
0x167: "\x74",
|
||||||
|
0x168: "\x55",
|
||||||
|
0x169: "\x75",
|
||||||
|
0x16a: "\x55",
|
||||||
|
0x16b: "\x75",
|
||||||
|
0x16c: "\x55",
|
||||||
|
0x16d: "\x75",
|
||||||
|
0x16e: "\x55",
|
||||||
|
0x16f: "\x75",
|
||||||
|
0x170: "\x55",
|
||||||
|
0x171: "\x75",
|
||||||
|
0x172: "\x55",
|
||||||
|
0x173: "\x75",
|
||||||
|
0x174: "\x57",
|
||||||
|
0x175: "\x77",
|
||||||
|
0x176: "\x59",
|
||||||
|
0x177: "\x79",
|
||||||
|
0x178: "\ufffd",
|
||||||
|
0x179: "\x5a",
|
||||||
|
0x17a: "\x7a",
|
||||||
|
0x17b: "\x5a",
|
||||||
|
0x17c: "\x7a",
|
||||||
|
0x17f: "\x3f",
|
||||||
|
0x180: "\x62",
|
||||||
|
0x189: "\ufffd",
|
||||||
|
0x197: "\x49",
|
||||||
|
0x19a: "\x6c",
|
||||||
|
0x1a1: "\x6f",
|
||||||
|
0x1ab: "\x74",
|
||||||
|
0x1ae: "\x54",
|
||||||
|
0x1af: "\x55",
|
||||||
|
0x1b0: "\x75",
|
||||||
|
0x1b6: "\x7a",
|
||||||
|
0x1c0: "\x7c",
|
||||||
|
0x1c3: "\x21",
|
||||||
|
0x1cd: "\x41",
|
||||||
|
0x1ce: "\x61",
|
||||||
|
0x1cf: "\x49",
|
||||||
|
0x1d0: "\x69",
|
||||||
|
0x1d1: "\x4f",
|
||||||
|
0x1d2: "\x6f",
|
||||||
|
0x1d3: "\x55",
|
||||||
|
0x1d4: "\x75",
|
||||||
|
0x1d5: "\x55",
|
||||||
|
0x1d6: "\x75",
|
||||||
|
0x1d7: "\x55",
|
||||||
|
0x1d8: "\x75",
|
||||||
|
0x1d9: "\x55",
|
||||||
|
0x1da: "\x75",
|
||||||
|
0x1db: "\x55",
|
||||||
|
0x1dc: "\x75",
|
||||||
|
0x1dd: "\x3f",
|
||||||
|
0x1de: "\x41",
|
||||||
|
0x1df: "\x61",
|
||||||
|
0x1e4: "\x47",
|
||||||
|
0x1e5: "\x67",
|
||||||
|
0x1e6: "\x47",
|
||||||
|
0x1e7: "\x67",
|
||||||
|
0x1e8: "\x4b",
|
||||||
|
0x1e9: "\x6b",
|
||||||
|
0x1ea: "\x4f",
|
||||||
|
0x1eb: "\x6f",
|
||||||
|
0x1ec: "\x4f",
|
||||||
|
0x1ed: "\x6f",
|
||||||
|
0x1f0: "\x6a",
|
||||||
|
0x261: "\x67",
|
||||||
|
0x2b9: "\x27",
|
||||||
|
0x2ba: "\x22",
|
||||||
|
0x2bb: "\x3f",
|
||||||
|
0x2bc: "\x27",
|
||||||
|
0x2c4: "\x5e",
|
||||||
|
0x2c5: "\x3f",
|
||||||
|
0x2c6: "\ufffd",
|
||||||
|
0x2c7: "\x3f",
|
||||||
|
0x2c8: "\x27",
|
||||||
|
0x2cb: "\x60",
|
||||||
|
0x2cc: "\x3f",
|
||||||
|
0x2cd: "\x5f",
|
||||||
|
0x2da: "\ufffd",
|
||||||
|
0x2db: "\x3f",
|
||||||
|
0x2dc: "\ufffd",
|
||||||
|
0x300: "\x60",
|
||||||
|
0x301: "\ufffd",
|
||||||
|
0x302: "\x5e",
|
||||||
|
0x303: "\x7e",
|
||||||
|
0x308: "\ufffd",
|
||||||
|
0x309: "\x3f",
|
||||||
|
0x30a: "\ufffd",
|
||||||
|
0x30e: "\x22",
|
||||||
|
0x327: "\ufffd",
|
||||||
|
0x37e: "\x3b",
|
||||||
|
0x393: "\x47",
|
||||||
|
0x398: "\x54",
|
||||||
|
0x3a3: "\x53",
|
||||||
|
0x3a6: "\x46",
|
||||||
|
0x3a9: "\x4f",
|
||||||
|
0x3b1: "\x61",
|
||||||
|
0x3b2: "\ufffd",
|
||||||
|
0x3b3: "\x3f",
|
||||||
|
0x3b4: "\x64",
|
||||||
|
0x3b5: "\x65",
|
||||||
|
0x3bc: "\ufffd",
|
||||||
|
0x3c0: "\x70",
|
||||||
|
0x3c3: "\x73",
|
||||||
|
0x3c4: "\x74",
|
||||||
|
0x3c5: "\x3f",
|
||||||
|
0x3c6: "\x66",
|
||||||
|
0x4bb: "\x68",
|
||||||
|
0x589: "\x3a",
|
||||||
|
0x66a: "\x25",
|
||||||
|
0x2012: "\x3f",
|
||||||
|
0x2017: "\x3d",
|
||||||
|
0x201b: "\x3f",
|
||||||
|
0x201f: "\x3f",
|
||||||
|
0x2023: "\x3f",
|
||||||
|
0x2024: "\ufffd",
|
||||||
|
0x2025: "\x3f",
|
||||||
|
0x2026: "\ufffd",
|
||||||
|
0x2030: "\ufffd",
|
||||||
|
0x2031: "\x3f",
|
||||||
|
0x2032: "\x27",
|
||||||
|
0x2035: "\x60",
|
||||||
|
0x2044: "\x2f",
|
||||||
|
0x2070: "\ufffd",
|
||||||
|
0x2074: "\x34",
|
||||||
|
0x2075: "\x35",
|
||||||
|
0x2076: "\x36",
|
||||||
|
0x2077: "\x37",
|
||||||
|
0x2078: "\x38",
|
||||||
|
0x207f: "\x6e",
|
||||||
|
0x2080: "\x30",
|
||||||
|
0x2081: "\x31",
|
||||||
|
0x2082: "\x32",
|
||||||
|
0x2083: "\x33",
|
||||||
|
0x2084: "\x34",
|
||||||
|
0x2085: "\x35",
|
||||||
|
0x2086: "\x36",
|
||||||
|
0x2087: "\x37",
|
||||||
|
0x2088: "\x38",
|
||||||
|
0x2089: "\x39",
|
||||||
|
0x20a1: "\ufffd",
|
||||||
|
0x20a4: "\ufffd",
|
||||||
|
0x20a7: "\x50",
|
||||||
|
0x20ac: "\ufffd",
|
||||||
|
0x2102: "\x43",
|
||||||
|
0x2107: "\x45",
|
||||||
|
0x210a: "\x67",
|
||||||
|
0x210e: "\x68",
|
||||||
|
0x210f: "\x3f",
|
||||||
|
0x2112: "\x4c",
|
||||||
|
0x2113: "\x6c",
|
||||||
|
0x2114: "\x3f",
|
||||||
|
0x2115: "\x4e",
|
||||||
|
0x211a: "\x51",
|
||||||
|
0x2122: "\ufffd",
|
||||||
|
0x2123: "\x3f",
|
||||||
|
0x2124: "\x5a",
|
||||||
|
0x2128: "\x5a",
|
||||||
|
0x2129: "\x3f",
|
||||||
|
0x212a: "\x4b",
|
||||||
|
0x212b: "\ufffd",
|
||||||
|
0x212c: "\x42",
|
||||||
|
0x212d: "\x43",
|
||||||
|
0x2130: "\x45",
|
||||||
|
0x2131: "\x46",
|
||||||
|
0x2132: "\x3f",
|
||||||
|
0x2133: "\x4d",
|
||||||
|
0x2134: "\x6f",
|
||||||
|
0x2205: "\ufffd",
|
||||||
|
0x2212: "\x2d",
|
||||||
|
0x2213: "\ufffd",
|
||||||
|
0x2214: "\x3f",
|
||||||
|
0x2215: "\x2f",
|
||||||
|
0x2216: "\x5c",
|
||||||
|
0x2217: "\x2a",
|
||||||
|
0x221a: "\x76",
|
||||||
|
0x221e: "\x38",
|
||||||
|
0x2223: "\x7c",
|
||||||
|
0x2229: "\x6e",
|
||||||
|
0x2236: "\x3a",
|
||||||
|
0x223c: "\x7e",
|
||||||
|
0x2248: "\ufffd",
|
||||||
|
0x2261: "\x3d",
|
||||||
|
0x22c5: "\ufffd",
|
||||||
|
0x2302: "\ufffd",
|
||||||
|
0x2303: "\x5e",
|
||||||
|
0x2310: "\ufffd",
|
||||||
|
0x2320: "\x28",
|
||||||
|
0x2321: "\x29",
|
||||||
|
0x2329: "\x3c",
|
||||||
|
0x232a: "\x3e",
|
||||||
|
0x2500: "\x2d",
|
||||||
|
0x2501: "\x3f",
|
||||||
|
0x2502: "\ufffd",
|
||||||
|
0x250c: "\x2b",
|
||||||
|
0x2510: "\x2b",
|
||||||
|
0x2514: "\x2b",
|
||||||
|
0x2518: "\x2b",
|
||||||
|
0x251c: "\x2b",
|
||||||
|
0x2524: "\ufffd",
|
||||||
|
0x252c: "\x2d",
|
||||||
|
0x2534: "\x2d",
|
||||||
|
0x253c: "\x2b",
|
||||||
|
0x2550: "\x2d",
|
||||||
|
0x2551: "\ufffd",
|
||||||
|
0x2580: "\ufffd",
|
||||||
|
0x2584: "\x5f",
|
||||||
|
0x2588: "\ufffd",
|
||||||
|
0x258c: "\ufffd",
|
||||||
|
0x25a0: "\ufffd",
|
||||||
|
0x263c: "\ufffd",
|
||||||
|
0x2758: "\x7c",
|
||||||
|
0x3000: "\x20",
|
||||||
|
0x3008: "\x3c",
|
||||||
|
0x3009: "\x3e",
|
||||||
|
0x301a: "\x5b",
|
||||||
|
0x301b: "\x5d",
|
||||||
|
0x30fb: "\ufffd",
|
||||||
|
0xff01: "\x21",
|
||||||
|
0xff02: "\x22",
|
||||||
|
0xff03: "\x23",
|
||||||
|
0xff04: "\x24",
|
||||||
|
0xff05: "\x25",
|
||||||
|
0xff06: "\x26",
|
||||||
|
0xff07: "\x27",
|
||||||
|
0xff08: "\x28",
|
||||||
|
0xff09: "\x29",
|
||||||
|
0xff0a: "\x2a",
|
||||||
|
0xff0b: "\x2b",
|
||||||
|
0xff0c: "\x2c",
|
||||||
|
0xff0d: "\x2d",
|
||||||
|
0xff0e: "\x2e",
|
||||||
|
0xff0f: "\x2f",
|
||||||
|
0xff10: "\x30",
|
||||||
|
0xff11: "\x31",
|
||||||
|
0xff12: "\x32",
|
||||||
|
0xff13: "\x33",
|
||||||
|
0xff14: "\x34",
|
||||||
|
0xff15: "\x35",
|
||||||
|
0xff16: "\x36",
|
||||||
|
0xff17: "\x37",
|
||||||
|
0xff18: "\x38",
|
||||||
|
0xff19: "\x39",
|
||||||
|
0xff1a: "\x3a",
|
||||||
|
0xff1b: "\x3b",
|
||||||
|
0xff1c: "\x3c",
|
||||||
|
0xff1d: "\x3d",
|
||||||
|
0xff1e: "\x3e",
|
||||||
|
0xff1f: "\x3f",
|
||||||
|
0xff20: "\x40",
|
||||||
|
0xff21: "\x41",
|
||||||
|
0xff22: "\x42",
|
||||||
|
0xff23: "\x43",
|
||||||
|
0xff24: "\x44",
|
||||||
|
0xff25: "\x45",
|
||||||
|
0xff26: "\x46",
|
||||||
|
0xff27: "\x47",
|
||||||
|
0xff28: "\x48",
|
||||||
|
0xff29: "\x49",
|
||||||
|
0xff2a: "\x4a",
|
||||||
|
0xff2b: "\x4b",
|
||||||
|
0xff2c: "\x4c",
|
||||||
|
0xff2d: "\x4d",
|
||||||
|
0xff2e: "\x4e",
|
||||||
|
0xff2f: "\x4f",
|
||||||
|
0xff30: "\x50",
|
||||||
|
0xff31: "\x51",
|
||||||
|
0xff32: "\x52",
|
||||||
|
0xff33: "\x53",
|
||||||
|
0xff34: "\x54",
|
||||||
|
0xff35: "\x55",
|
||||||
|
0xff36: "\x56",
|
||||||
|
0xff37: "\x57",
|
||||||
|
0xff38: "\x58",
|
||||||
|
0xff39: "\x59",
|
||||||
|
0xff3a: "\x5a",
|
||||||
|
0xff3b: "\x5b",
|
||||||
|
0xff3c: "\x5c",
|
||||||
|
0xff3d: "\x5d",
|
||||||
|
0xff3e: "\x5e",
|
||||||
|
0xff3f: "\x5f",
|
||||||
|
0xff40: "\x60",
|
||||||
|
0xff41: "\x61",
|
||||||
|
0xff42: "\x62",
|
||||||
|
0xff43: "\x63",
|
||||||
|
0xff44: "\x64",
|
||||||
|
0xff45: "\x65",
|
||||||
|
0xff46: "\x66",
|
||||||
|
0xff47: "\x67",
|
||||||
|
0xff48: "\x68",
|
||||||
|
0xff49: "\x69",
|
||||||
|
0xff4a: "\x6a",
|
||||||
|
0xff4b: "\x6b",
|
||||||
|
0xff4c: "\x6c",
|
||||||
|
0xff4d: "\x6d",
|
||||||
|
0xff4e: "\x6e",
|
||||||
|
0xff4f: "\x6f",
|
||||||
|
0xff50: "\x70",
|
||||||
|
0xff51: "\x71",
|
||||||
|
0xff52: "\x72",
|
||||||
|
0xff53: "\x73",
|
||||||
|
0xff54: "\x74",
|
||||||
|
0xff55: "\x75",
|
||||||
|
0xff56: "\x76",
|
||||||
|
0xff57: "\x77",
|
||||||
|
0xff58: "\x78",
|
||||||
|
0xff59: "\x79",
|
||||||
|
0xff5a: "\x7a",
|
||||||
|
0xff5b: "\x7b",
|
||||||
|
0xff5c: "\x7c",
|
||||||
|
0xff5d: "\x7d",
|
||||||
|
0xff5e: "\x7e"
|
||||||
|
};
|
||||||
|
|
||||||
|
{
|
||||||
|
let Range = class {
|
||||||
|
constructor(start, end, data) {
|
||||||
|
this.start = start;
|
||||||
|
this.end = end;
|
||||||
|
this.data = data;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
XSS.ASPIdiocy.ranges = [
|
||||||
|
new Range(0x80, 0xff, "\ufffd"),
|
||||||
|
new Range(0x132, 0x133, "\x3f"),
|
||||||
|
new Range(0x13f, 0x140, "\x3f"),
|
||||||
|
new Range(0x149, 0x14b, "\x3f"),
|
||||||
|
new Range(0x152, 0x153, "\ufffd"),
|
||||||
|
new Range(0x160, 0x161, "\ufffd"),
|
||||||
|
new Range(0x17d, 0x17e, "\ufffd"),
|
||||||
|
new Range(0x181, 0x188, "\x3f"),
|
||||||
|
new Range(0x18a, 0x190, "\x3f"),
|
||||||
|
new Range(0x191, 0x192, "\ufffd"),
|
||||||
|
new Range(0x193, 0x196, "\x3f"),
|
||||||
|
new Range(0x198, 0x199, "\x3f"),
|
||||||
|
new Range(0x19b, 0x19e, "\x3f"),
|
||||||
|
new Range(0x19f, 0x1a0, "\x4f"),
|
||||||
|
new Range(0x1a2, 0x1aa, "\x3f"),
|
||||||
|
new Range(0x1ac, 0x1ad, "\x3f"),
|
||||||
|
new Range(0x1b1, 0x1b5, "\x3f"),
|
||||||
|
new Range(0x1b7, 0x1bf, "\x3f"),
|
||||||
|
new Range(0x1c1, 0x1c2, "\x3f"),
|
||||||
|
new Range(0x1c4, 0x1cc, "\x3f"),
|
||||||
|
new Range(0x1e0, 0x1e3, "\x3f"),
|
||||||
|
new Range(0x1ee, 0x1ef, "\x3f"),
|
||||||
|
new Range(0x1f1, 0x260, "\x3f"),
|
||||||
|
new Range(0x262, 0x2b8, "\x3f"),
|
||||||
|
new Range(0x2bd, 0x2c3, "\x3f"),
|
||||||
|
new Range(0x2c9, 0x2ca, "\ufffd"),
|
||||||
|
new Range(0x2ce, 0x2d9, "\x3f"),
|
||||||
|
new Range(0x2dd, 0x2ff, "\x3f"),
|
||||||
|
new Range(0x304, 0x305, "\ufffd"),
|
||||||
|
new Range(0x306, 0x307, "\x3f"),
|
||||||
|
new Range(0x30b, 0x30d, "\x3f"),
|
||||||
|
new Range(0x30f, 0x326, "\x3f"),
|
||||||
|
new Range(0x328, 0x330, "\x3f"),
|
||||||
|
new Range(0x331, 0x332, "\x5f"),
|
||||||
|
new Range(0x333, 0x37d, "\x3f"),
|
||||||
|
new Range(0x37f, 0x392, "\x3f"),
|
||||||
|
new Range(0x394, 0x397, "\x3f"),
|
||||||
|
new Range(0x399, 0x3a2, "\x3f"),
|
||||||
|
new Range(0x3a4, 0x3a5, "\x3f"),
|
||||||
|
new Range(0x3a7, 0x3a8, "\x3f"),
|
||||||
|
new Range(0x3aa, 0x3b0, "\x3f"),
|
||||||
|
new Range(0x3b6, 0x3bb, "\x3f"),
|
||||||
|
new Range(0x3bd, 0x3bf, "\x3f"),
|
||||||
|
new Range(0x3c1, 0x3c2, "\x3f"),
|
||||||
|
new Range(0x3c7, 0x4ba, "\x3f"),
|
||||||
|
new Range(0x4bc, 0x588, "\x3f"),
|
||||||
|
new Range(0x58a, 0x669, "\x3f"),
|
||||||
|
new Range(0x66b, 0x1fff, "\x3f"),
|
||||||
|
new Range(0x2000, 0x2006, "\x20"),
|
||||||
|
new Range(0x2007, 0x200f, "\x3f"),
|
||||||
|
new Range(0x2010, 0x2011, "\x2d"),
|
||||||
|
new Range(0x2013, 0x2014, "\ufffd"),
|
||||||
|
new Range(0x2015, 0x2016, "\x3f"),
|
||||||
|
new Range(0x2018, 0x201a, "\ufffd"),
|
||||||
|
new Range(0x201c, 0x201e, "\ufffd"),
|
||||||
|
new Range(0x2020, 0x2022, "\ufffd"),
|
||||||
|
new Range(0x2027, 0x202f, "\x3f"),
|
||||||
|
new Range(0x2033, 0x2034, "\x3f"),
|
||||||
|
new Range(0x2036, 0x2038, "\x3f"),
|
||||||
|
new Range(0x2039, 0x203a, "\ufffd"),
|
||||||
|
new Range(0x203b, 0x2043, "\x3f"),
|
||||||
|
new Range(0x2045, 0x206f, "\x3f"),
|
||||||
|
new Range(0x2071, 0x2073, "\x3f"),
|
||||||
|
new Range(0x2079, 0x207e, "\x3f"),
|
||||||
|
new Range(0x208a, 0x20a0, "\x3f"),
|
||||||
|
new Range(0x20a2, 0x20a3, "\x3f"),
|
||||||
|
new Range(0x20a5, 0x20a6, "\x3f"),
|
||||||
|
new Range(0x20a8, 0x20ab, "\x3f"),
|
||||||
|
new Range(0x20ad, 0x2101, "\x3f"),
|
||||||
|
new Range(0x2103, 0x2106, "\x3f"),
|
||||||
|
new Range(0x2108, 0x2109, "\x3f"),
|
||||||
|
new Range(0x210b, 0x210d, "\x48"),
|
||||||
|
new Range(0x2110, 0x2111, "\x49"),
|
||||||
|
new Range(0x2116, 0x2117, "\x3f"),
|
||||||
|
new Range(0x2118, 0x2119, "\x50"),
|
||||||
|
new Range(0x211b, 0x211d, "\x52"),
|
||||||
|
new Range(0x211e, 0x2121, "\x3f"),
|
||||||
|
new Range(0x2125, 0x2127, "\x3f"),
|
||||||
|
new Range(0x212e, 0x212f, "\x65"),
|
||||||
|
new Range(0x2135, 0x2204, "\x3f"),
|
||||||
|
new Range(0x2206, 0x2211, "\x3f"),
|
||||||
|
new Range(0x2218, 0x2219, "\ufffd"),
|
||||||
|
new Range(0x221b, 0x221d, "\x3f"),
|
||||||
|
new Range(0x221f, 0x2222, "\x3f"),
|
||||||
|
new Range(0x2224, 0x2228, "\x3f"),
|
||||||
|
new Range(0x222a, 0x2235, "\x3f"),
|
||||||
|
new Range(0x2237, 0x223b, "\x3f"),
|
||||||
|
new Range(0x223d, 0x2247, "\x3f"),
|
||||||
|
new Range(0x2249, 0x2260, "\x3f"),
|
||||||
|
new Range(0x2262, 0x2263, "\x3f"),
|
||||||
|
new Range(0x2264, 0x2265, "\x3d"),
|
||||||
|
new Range(0x2266, 0x2269, "\x3f"),
|
||||||
|
new Range(0x226a, 0x226b, "\ufffd"),
|
||||||
|
new Range(0x226c, 0x22c4, "\x3f"),
|
||||||
|
new Range(0x22c6, 0x2301, "\x3f"),
|
||||||
|
new Range(0x2304, 0x230f, "\x3f"),
|
||||||
|
new Range(0x2311, 0x231f, "\x3f"),
|
||||||
|
new Range(0x2322, 0x2328, "\x3f"),
|
||||||
|
new Range(0x232b, 0x24ff, "\x3f"),
|
||||||
|
new Range(0x2503, 0x250b, "\x3f"),
|
||||||
|
new Range(0x250d, 0x250f, "\x3f"),
|
||||||
|
new Range(0x2511, 0x2513, "\x3f"),
|
||||||
|
new Range(0x2515, 0x2517, "\x3f"),
|
||||||
|
new Range(0x2519, 0x251b, "\x3f"),
|
||||||
|
new Range(0x251d, 0x2523, "\x3f"),
|
||||||
|
new Range(0x2525, 0x252b, "\x3f"),
|
||||||
|
new Range(0x252d, 0x2533, "\x3f"),
|
||||||
|
new Range(0x2535, 0x253b, "\x3f"),
|
||||||
|
new Range(0x253d, 0x254f, "\x3f"),
|
||||||
|
new Range(0x2552, 0x255d, "\x2b"),
|
||||||
|
new Range(0x255e, 0x2563, "\ufffd"),
|
||||||
|
new Range(0x2564, 0x2569, "\x2d"),
|
||||||
|
new Range(0x256a, 0x256c, "\x2b"),
|
||||||
|
new Range(0x256d, 0x257f, "\x3f"),
|
||||||
|
new Range(0x2581, 0x2583, "\x3f"),
|
||||||
|
new Range(0x2585, 0x2587, "\x3f"),
|
||||||
|
new Range(0x2589, 0x258b, "\x3f"),
|
||||||
|
new Range(0x258d, 0x258f, "\x3f"),
|
||||||
|
new Range(0x2590, 0x2593, "\ufffd"),
|
||||||
|
new Range(0x2594, 0x259f, "\x3f"),
|
||||||
|
new Range(0x25a1, 0x263b, "\x3f"),
|
||||||
|
new Range(0x263d, 0x2757, "\x3f"),
|
||||||
|
new Range(0x2759, 0x2fff, "\x3f"),
|
||||||
|
new Range(0x3001, 0x3007, "\x3f"),
|
||||||
|
new Range(0x300a, 0x300b, "\ufffd"),
|
||||||
|
new Range(0x300c, 0x3019, "\x3f"),
|
||||||
|
new Range(0x301c, 0x30fa, "\x3f"),
|
||||||
|
new Range(0x30fc, 0xff00, "\x3f")
|
||||||
|
];
|
||||||
|
}
|
|
@ -0,0 +1,238 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
XSS.Exceptions = (() => {
|
||||||
|
|
||||||
|
var Exceptions = {
|
||||||
|
get legacyExceptions() {
|
||||||
|
delete this.legacyExceptions;
|
||||||
|
this.legacyExceptions =
|
||||||
|
Legacy.getRxPref("filterXExceptions",
|
||||||
|
Legacy.RX.multi, "g", /^https?:[a-z:/@.?-]*$/i);
|
||||||
|
return this.legacyExceptions;
|
||||||
|
},
|
||||||
|
|
||||||
|
async getWhitelist() {
|
||||||
|
return (await Storage.get("sync", "xssWhitelist")).xssWhitelist;
|
||||||
|
},
|
||||||
|
async setWhitelist(xssWhitelist) {
|
||||||
|
await Storage.set("sync", {xssWhitelist});
|
||||||
|
},
|
||||||
|
|
||||||
|
async shouldIgnore(xssReq) {
|
||||||
|
function logEx(...args) {
|
||||||
|
debug("[XSS preprocessing] Ignoring %o", xssReq, ...args);
|
||||||
|
}
|
||||||
|
|
||||||
|
let {
|
||||||
|
srcObj,
|
||||||
|
destObj,
|
||||||
|
srcUrl,
|
||||||
|
destUrl,
|
||||||
|
srcOrigin,
|
||||||
|
destOrigin,
|
||||||
|
unescapedDest,
|
||||||
|
isGet,
|
||||||
|
isPost
|
||||||
|
} = xssReq;
|
||||||
|
|
||||||
|
// same srcUrl
|
||||||
|
if (srcOrigin === destOrigin) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
// same domain + https: source
|
||||||
|
if (/^https:/.test(srcOrigin) && xssReq.srcDomain === xssReq.destDomain) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^(?:chrome|resource|moz-extension|about):/.test(srcOrigin)) {
|
||||||
|
debug("Privileged origin", srcOrigin);
|
||||||
|
}
|
||||||
|
|
||||||
|
// destination or @source matching legacy regexp
|
||||||
|
if (this.legacyExceptions.test(unescapedDest) &&
|
||||||
|
!this.isBadException(destObj.hostname) ||
|
||||||
|
this.legacyExceptions.test("@" + unescape(srcUrl))) {
|
||||||
|
logEx("Legacy exception", this.legacyExceptions);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!srcObj && isGet) {
|
||||||
|
if (/^https?:\/\/msdn\.microsoft\.com\/query\/[^<]+$/.test(unescapedDest)) {
|
||||||
|
return true; // MSDN from Microsoft VS
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (srcOrigin) { // srcUrl-specific exceptions
|
||||||
|
|
||||||
|
if (/^about:(?!blank)/.test(srcOrigin))
|
||||||
|
return true; // any about: URL except about:blank
|
||||||
|
|
||||||
|
if (srcOrigin === "https://www.youtube.com" &&
|
||||||
|
/^https:\/\/(?:plus\.googleapis|apis\.google)\.com\/[\w/]+\/widget\/render\/comments\?/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.yt_comments")
|
||||||
|
) {
|
||||||
|
logEx("YouTube comments exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isPost) {
|
||||||
|
|
||||||
|
if (srcOrigin === "https://sso.post.ch" && destOrigin === "https://app.swisspost.ch") {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (srcOrigin === "https://twitter.com" && /^https:\/\/.*\.twitter\.com$/.test(destOrigin)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
let rx = /^https:\/\/(?:[a-z]+\.)?unionbank\.com$/;
|
||||||
|
if (rx.test(srcOrigin) && rx.test(destOrigin)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^https?:\/\/csr\.ebay\.(?:\w{2,3}|co\.uk)\/cse\/start\.jsf$/.test(srcUrl) &&
|
||||||
|
/^https?:\/\/msa-lfn\.ebay\.(?:\w{2,3}|co\.uk)\/ws\/eBayISAPI\.dll\?[^<'"%]*$/.test(unescapedDest) &&
|
||||||
|
destObj.protocol === srcObj.protocol &&
|
||||||
|
Legacy.getPref("filterXException.ebay")) {
|
||||||
|
logEx("Ebay exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^https:\/\/(?:cap\.securecode\.com|www\.securesuite\.net|(?:.*?\.)?firstdata\.(?:l[tv]|com))$/.test(srcUrl) &&
|
||||||
|
Legacy.getPref("filterXException.visa")) {
|
||||||
|
logEx("Verified by Visa exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/\.verizon\.com$/.test(srcOrigin) &&
|
||||||
|
/^https:\/\/signin\.verizon\.com\/sso\/authsso\/forumLogin\.jsp$/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.verizon")) {
|
||||||
|
logEx("Verizon login exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^https?:\/\/mail\.lycos\.com\/lycos\/mail\/MailCompose\.lycos$/.test(srcUrl) &&
|
||||||
|
/\.lycosmail\.lycos\.com$/.test(destOrigin) &&
|
||||||
|
Legacy.getPref("filterXExceptions.lycosmail")) {
|
||||||
|
logEx("Lycos Mail exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/\.livejournal\.com$/.test(srcOrigin) &&
|
||||||
|
/^https?:\/\/www\.livejournal\.com\/talkpost_do\.bml$/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.livejournal")) {
|
||||||
|
logEx("Livejournal comments exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (srcOrigin == "https://ssl.rapidshare.com" &&
|
||||||
|
xssReq.srcDomain == "rapidshare.com") {
|
||||||
|
logEx("Rapidshare upload exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (srcOrigin == "http://wm.letitbit.net" &&
|
||||||
|
/^http:\/\/http\.letitbit\.net:81\/cgi-bin\/multi\/upload\.cgi\?/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.letitibit")
|
||||||
|
) {
|
||||||
|
logEx("letitbit.net upload exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/\.deviantart\.com$/.test(srcOrigin) &&
|
||||||
|
/^http:\/\/my\.deviantart\.com\/journal\/update\b/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.deviantart")
|
||||||
|
) {
|
||||||
|
logEx("deviantart.com journal post exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (srcOrigin == "https://www.mymedicare.gov" &&
|
||||||
|
destOrigin == "https://myporal.medicare.gov" &&
|
||||||
|
Legacy.getPref("filterXExceptions.medicare")
|
||||||
|
) {
|
||||||
|
logEx("mymedicare.gov exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^https?:\/\/(?:draft|www)\.blogger\.com\/template-editor\.g\?/.test(srcUrl) &&
|
||||||
|
/^https?:\/\/[\w\-]+\.blogspot\.com\/b\/preview\?/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.blogspot")
|
||||||
|
) {
|
||||||
|
logEx("blogspot.com template preview exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^https?:\/\/www\.readability\.com\/articles\/queue$/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.readability")) {
|
||||||
|
logEx("Readability exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (/^https?:\/\/pdf\.printfriendly\.com\/pdfs\/make$/.test(destUrl) &&
|
||||||
|
Legacy.getPref("filterXExceptions.printfriendly")) {
|
||||||
|
logEx("Printfriendly exception");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
isBadException(host) {
|
||||||
|
// TLD check for Google search
|
||||||
|
let m = host.match(/\bgoogle\.((?:[a-z]{1,3}\.)?[a-z]+)$/i);
|
||||||
|
return m && tld.getPublicSuffix(host) != m[1];
|
||||||
|
},
|
||||||
|
|
||||||
|
partial(xssReq) {
|
||||||
|
let {
|
||||||
|
srcObj,
|
||||||
|
destObj,
|
||||||
|
srcUrl,
|
||||||
|
destUrl,
|
||||||
|
srcOrigin,
|
||||||
|
destOrigin,
|
||||||
|
} = xssReq;
|
||||||
|
|
||||||
|
let skipParams, skipRx;
|
||||||
|
if (/^https:\/\/www\.paypal\.com\/(?:[\w\-]+\/)?cgi-bin\/webscr\b/.test(destUrl)) {
|
||||||
|
// Paypal buttons encrypted parameter causes a DOS, strip it out
|
||||||
|
skipParams = ['encrypted'];
|
||||||
|
} else if (/\.adnxs\.com$/.test(srcOrigin) && /\.adnxs\.com$/.test(destOrigin)) {
|
||||||
|
skipParams = ['udj'];
|
||||||
|
} else if (/^https?:\/\/www\.mendeley\.com\/import\/bookmarklet\/$/.test(destUrl)) {
|
||||||
|
skipParams = ['html'];
|
||||||
|
} else if (destObj.hash && /^https:/.test(srcOrigin) &&
|
||||||
|
(/^https?:\/\/api\.facebook\.com\//.test(srcUrl) ||
|
||||||
|
/^https:\/\/tbpl\.mozilla\.org\//.test(srcUrl) || // work-around for hg reftest DOS
|
||||||
|
/^https:\/\/[^\/]+\.googleusercontent\.com\/gadgets\/ifr\?/.test(destUrl) // Google gadgets
|
||||||
|
)) {
|
||||||
|
skipRx = /#[^#]+$/; // remove receiver's hash
|
||||||
|
} else if (/^https?:\/\/apps\.facebook\.com\//.test(srcUrl) && Legacy.getPref("filterXExceptions.fbconnect")) {
|
||||||
|
skipRx = /&invite_url=javascript[^&]+/; // Zynga stuff
|
||||||
|
} else if (/^https?:\/\/l\.yimg\.com\/j\/static\/frame\?e=/.test(destUrl) &&
|
||||||
|
/\.yahoo\.com$/.test(srcOrigin) &&
|
||||||
|
Legacy.getPref("filterXExceptions.yahoo")) {
|
||||||
|
skipParams = ['e'];
|
||||||
|
} else if (/^https?:\/\/wpcomwidgets\.com\/\?/.test(destUrl)) {
|
||||||
|
skipParams = ["_data"];
|
||||||
|
} else if (/^https:\/\/docs\.google\.com\/picker\?/.test(destUrl)) {
|
||||||
|
skipParams = ["nav", "pp"];
|
||||||
|
} else if (/^https:\/\/.*[\?&]scope=/.test(destUrl)) {
|
||||||
|
skipRx = /[\?&]scope=[+\w]+(?=&|$)/;
|
||||||
|
}
|
||||||
|
if (skipParams) {
|
||||||
|
skipRx = new RegExp("(?:^|[&?])(?:" + skipParams.join('|') + ")=[^&]+", "g");
|
||||||
|
}
|
||||||
|
return {
|
||||||
|
skipParams,
|
||||||
|
skipRx
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
};
|
||||||
|
return Exceptions;
|
||||||
|
})();
|
|
@ -0,0 +1,147 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
XSS.FlashIdiocy = {
|
||||||
|
_affectsRx: /%(?:[8-9a-f]|[0-7]?[^0-9a-f])/i, // high (non-ASCII) percent encoding or invalid second digit
|
||||||
|
affects(s) {
|
||||||
|
return this._affectsRx.test(s);
|
||||||
|
},
|
||||||
|
|
||||||
|
purgeBadEncodings(s) {
|
||||||
|
return s.replace(/%(?:[0-9a-f]?(?:[^0-9a-f]|$))/ig, "");
|
||||||
|
},
|
||||||
|
|
||||||
|
platformDecode(s) {
|
||||||
|
return s.replace(/%[8-9a-f][0-9a-f]/ig, s => this.map[s.substring(1).toLowerCase()]);
|
||||||
|
},
|
||||||
|
|
||||||
|
map: {
|
||||||
|
"80": "?",
|
||||||
|
"81": "",
|
||||||
|
"82": "?",
|
||||||
|
"83": "?",
|
||||||
|
"84": "?",
|
||||||
|
"85": "?",
|
||||||
|
"86": "?",
|
||||||
|
"87": "?",
|
||||||
|
"88": "?",
|
||||||
|
"89": "?",
|
||||||
|
"8a": "?",
|
||||||
|
"8b": "?",
|
||||||
|
"8c": "?",
|
||||||
|
"8d": "",
|
||||||
|
"8e": "?",
|
||||||
|
"8f": "",
|
||||||
|
"90": "",
|
||||||
|
"91": "?",
|
||||||
|
"92": "?",
|
||||||
|
"93": "?",
|
||||||
|
"94": "?",
|
||||||
|
"95": "?",
|
||||||
|
"96": "?",
|
||||||
|
"97": "?",
|
||||||
|
"98": "?",
|
||||||
|
"99": "?",
|
||||||
|
"9a": "?",
|
||||||
|
"9b": "?",
|
||||||
|
"9c": "?",
|
||||||
|
"9d": "",
|
||||||
|
"9e": "?",
|
||||||
|
"9f": "?",
|
||||||
|
"a0": " ",
|
||||||
|
"a1": "¡",
|
||||||
|
"a2": "¢",
|
||||||
|
"a3": "£",
|
||||||
|
"a4": "¤",
|
||||||
|
"a5": "¥",
|
||||||
|
"a6": "¦",
|
||||||
|
"a7": "§",
|
||||||
|
"a8": "¨",
|
||||||
|
"a9": "©",
|
||||||
|
"aa": "ª",
|
||||||
|
"ab": "«",
|
||||||
|
"ac": "¬",
|
||||||
|
"ad": "",
|
||||||
|
"ae": "®",
|
||||||
|
"af": "¯",
|
||||||
|
"b0": "°",
|
||||||
|
"b1": "±",
|
||||||
|
"b2": "²",
|
||||||
|
"b3": "³",
|
||||||
|
"b4": "´",
|
||||||
|
"b5": "µ",
|
||||||
|
"b6": "¶",
|
||||||
|
"b7": "·",
|
||||||
|
"b8": "¸",
|
||||||
|
"b9": "¹",
|
||||||
|
"ba": "º",
|
||||||
|
"bb": "»",
|
||||||
|
"bc": "¼",
|
||||||
|
"bd": "½",
|
||||||
|
"be": "¾",
|
||||||
|
"bf": "¿",
|
||||||
|
"c0": "À",
|
||||||
|
"c1": "Á",
|
||||||
|
"c2": "Â",
|
||||||
|
"c3": "Ã",
|
||||||
|
"c4": "Ä",
|
||||||
|
"c5": "Å",
|
||||||
|
"c6": "Æ",
|
||||||
|
"c7": "Ç",
|
||||||
|
"c8": "È",
|
||||||
|
"c9": "É",
|
||||||
|
"ca": "Ê",
|
||||||
|
"cb": "Ë",
|
||||||
|
"cc": "Ì",
|
||||||
|
"cd": "Í",
|
||||||
|
"ce": "Î",
|
||||||
|
"cf": "Ï",
|
||||||
|
"d0": "Ð",
|
||||||
|
"d1": "Ñ",
|
||||||
|
"d2": "Ò",
|
||||||
|
"d3": "Ó",
|
||||||
|
"d4": "Ô",
|
||||||
|
"d5": "Õ",
|
||||||
|
"d6": "Ö",
|
||||||
|
"d7": "×",
|
||||||
|
"d8": "Ø",
|
||||||
|
"d9": "Ù",
|
||||||
|
"da": "Ú",
|
||||||
|
"db": "Û",
|
||||||
|
"dc": "Ü",
|
||||||
|
"dd": "Ý",
|
||||||
|
"de": "Þ",
|
||||||
|
"df": "ß",
|
||||||
|
"e0": "à",
|
||||||
|
"e1": "á",
|
||||||
|
"e2": "â",
|
||||||
|
"e3": "ã",
|
||||||
|
"e4": "ä",
|
||||||
|
"e5": "å",
|
||||||
|
"e6": "æ",
|
||||||
|
"e7": "ç",
|
||||||
|
"e8": "è",
|
||||||
|
"e9": "é",
|
||||||
|
"ea": "ê",
|
||||||
|
"eb": "ë",
|
||||||
|
"ec": "ì",
|
||||||
|
"ed": "í",
|
||||||
|
"ee": "î",
|
||||||
|
"ef": "ï",
|
||||||
|
"f0": "ð",
|
||||||
|
"f1": "ñ",
|
||||||
|
"f2": "ò",
|
||||||
|
"f3": "ó",
|
||||||
|
"f4": "ô",
|
||||||
|
"f5": "õ",
|
||||||
|
"f6": "ö",
|
||||||
|
"f7": "÷",
|
||||||
|
"f8": "ø",
|
||||||
|
"f9": "ù",
|
||||||
|
"fa": "ú",
|
||||||
|
"fb": "û",
|
||||||
|
"fc": "ü",
|
||||||
|
"fd": "ý",
|
||||||
|
"fe": "þ",
|
||||||
|
"ff": "ÿ",
|
||||||
|
}
|
||||||
|
};
|
|
@ -0,0 +1,246 @@
|
||||||
|
'use strict';
|
||||||
|
|
||||||
|
var XSS = (() => {
|
||||||
|
|
||||||
|
const ABORT = {cancel: true}, ALLOW = {};
|
||||||
|
|
||||||
|
let promptsMap = new Map();
|
||||||
|
|
||||||
|
async function getUserResponse(xssReq) {
|
||||||
|
let {originKey} = xssReq;
|
||||||
|
await promptsMap.get(originKey);
|
||||||
|
// promptsMap.delete(originKey);
|
||||||
|
switch (await XSS.getUserChoice(originKey)) {
|
||||||
|
case "allow":
|
||||||
|
return ALLOW;
|
||||||
|
case "block":
|
||||||
|
log("Blocking request from %s to %s by previous XSS prompt user choice",
|
||||||
|
xssReq.srcUrl, xssReq.destUrl);
|
||||||
|
return ABORT;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
async function requestListener(request) {
|
||||||
|
|
||||||
|
if (ns.isEnforced(request.tabId)) {
|
||||||
|
let {policy} = ns;
|
||||||
|
let {type} = request;
|
||||||
|
if (type !== "main_frame") {
|
||||||
|
if (type === "sub_frame") type = "frame";
|
||||||
|
if (!policy.can(request.url, type, request.originUrl)) {
|
||||||
|
return ALLOW; // it will be blocked by RequestGuard
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
let xssReq = XSS.parseRequest(request);
|
||||||
|
if (!xssReq) return null;
|
||||||
|
let userResponse = await getUserResponse(xssReq);
|
||||||
|
if (userResponse) return userResponse;
|
||||||
|
|
||||||
|
let data;
|
||||||
|
let reasons;
|
||||||
|
try {
|
||||||
|
reasons = await XSS.maybe(xssReq);
|
||||||
|
if (!reasons) return ALLOW;
|
||||||
|
|
||||||
|
data = [];
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "XSS filter processing %o", xssReq);
|
||||||
|
reasons = { urlInjection: true };
|
||||||
|
data = [e.toString()];
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
let prompting = (async () => {
|
||||||
|
userResponse = await getUserResponse(xssReq);
|
||||||
|
if (userResponse) return userResponse;
|
||||||
|
|
||||||
|
let {srcOrigin, destOrigin, unescapedDest} = xssReq;
|
||||||
|
let block = !!(reasons.urlInjection || reasons.postInjection)
|
||||||
|
|
||||||
|
if (reasons.protectName) {
|
||||||
|
RequestUtil.executeOnStart(request, {
|
||||||
|
file: "/xss/sanitizeName.js",
|
||||||
|
});
|
||||||
|
if (!block) return ALLOW;
|
||||||
|
}
|
||||||
|
if (reasons.urlInjection) data.push(`(URL) ${unescapedDest}`);
|
||||||
|
if (reasons.postInjection) data.push(`(POST) ${reasons.postInjection}`);
|
||||||
|
|
||||||
|
let source = srcOrigin && srcOrigin !== "null" ? srcOrigin : "[...]";
|
||||||
|
|
||||||
|
let {button, option} = await Prompts.prompt({
|
||||||
|
title: _("XSS_promptTitle"),
|
||||||
|
message: _("XSS_promptMessage", [source, destOrigin, data.join(",")]),
|
||||||
|
options: [
|
||||||
|
{label: _(`XSS_opt${block ? 'Block' : 'Sanitize'}`), checked: true}, // 0
|
||||||
|
{label: _("XSS_optAlwaysBlock", [source, destOrigin])}, // 1
|
||||||
|
{label: _("XSS_optAllow")}, // 2
|
||||||
|
{label: _("XSS_optAlwaysAllow", [source, destOrigin])}, // 3
|
||||||
|
],
|
||||||
|
|
||||||
|
buttons: [_("Ok")],
|
||||||
|
multiple: "focus",
|
||||||
|
width: 600,
|
||||||
|
height: 480,
|
||||||
|
});
|
||||||
|
|
||||||
|
if (button === 0 && option >= 2) {
|
||||||
|
if (option === 3) { // always allow
|
||||||
|
await XSS.setUserChoice(xssReq.originKey, "allow");
|
||||||
|
await XSS.saveUserChoices();
|
||||||
|
}
|
||||||
|
return ALLOW;
|
||||||
|
}
|
||||||
|
if (option === 1) { // always block
|
||||||
|
block = true;
|
||||||
|
await XSS.setUserChoice(xssReq.originKey, "block");
|
||||||
|
await XSS.saveUserChoices();
|
||||||
|
}
|
||||||
|
return block ? ABORT : ALLOW;
|
||||||
|
})();
|
||||||
|
promptsMap.set(xssReq.originKey, prompting);
|
||||||
|
try {
|
||||||
|
return await prompting;
|
||||||
|
} catch (e) {
|
||||||
|
error(e);
|
||||||
|
return ABORT;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
return {
|
||||||
|
async start() {
|
||||||
|
let {onBeforeRequest} = browser.webRequest;
|
||||||
|
if (onBeforeRequest.hasListener(requestListener)) return;
|
||||||
|
|
||||||
|
await include("/legacy/Legacy.js");
|
||||||
|
await include("/xss/Exceptions.js");
|
||||||
|
|
||||||
|
this._userChoices = (await Storage.get("sync", "xssUserChoices")).xssUserChoices || {};
|
||||||
|
|
||||||
|
// conver old style whitelist if stored
|
||||||
|
let oldWhitelist = await XSS.Exceptions.getWhitelist();
|
||||||
|
if (oldWhitelist) {
|
||||||
|
for (let [destOrigin, sources] of Object.entries(oldWhitelist)) {
|
||||||
|
for (let srcOrigin of sources) {
|
||||||
|
this._userChoices[`${srcOrigin}>${destOrigin}`] = "allow";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
XSS.Exceptions.setWhitelist(null);
|
||||||
|
}
|
||||||
|
|
||||||
|
onBeforeRequest.addListener(requestListener, {
|
||||||
|
urls: ["*://*/*"],
|
||||||
|
types: ["main_frame", "sub_frame", "object"]
|
||||||
|
}, ["blocking", "requestBody"]);
|
||||||
|
},
|
||||||
|
|
||||||
|
stop() {
|
||||||
|
let {onBeforeRequest} = browser.webRequest;
|
||||||
|
if (onBeforeRequest.hasListener(requestListener)) {
|
||||||
|
onBeforeRequest.removeListener(requestListener);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
|
||||||
|
parseRequest(request) {
|
||||||
|
let {
|
||||||
|
url: destUrl,
|
||||||
|
originUrl: srcUrl,
|
||||||
|
method
|
||||||
|
} = request;
|
||||||
|
let destObj;
|
||||||
|
try {
|
||||||
|
destObj = new URL(destUrl);
|
||||||
|
} catch (e) {
|
||||||
|
error(e, "Cannot create URL object for %s", destUrl);
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
let srcObj = null;
|
||||||
|
if (srcUrl) {
|
||||||
|
try {
|
||||||
|
srcObj = new URL(srcUrl);
|
||||||
|
} catch (e) {}
|
||||||
|
} else {
|
||||||
|
srcUrl = "";
|
||||||
|
}
|
||||||
|
|
||||||
|
let unescapedDest = unescape(destUrl);
|
||||||
|
let srcOrigin = srcObj ? srcObj.origin : "";
|
||||||
|
let destOrigin = destObj.origin;
|
||||||
|
|
||||||
|
let isGet = method === "GET";
|
||||||
|
return {
|
||||||
|
xssUnparsed: request,
|
||||||
|
srcUrl,
|
||||||
|
destUrl,
|
||||||
|
srcObj,
|
||||||
|
destObj,
|
||||||
|
srcOrigin,
|
||||||
|
destOrigin,
|
||||||
|
get srcDomain() {
|
||||||
|
delete this.srcDomain;
|
||||||
|
return this.srcDomain = srcObj && srcObj.hostname && tld.getDomain(srcObj.hostname) || "";
|
||||||
|
},
|
||||||
|
get destDomain() {
|
||||||
|
delete this.destDomain;
|
||||||
|
return this.destDomain = tld.getDomain(destObj.hostname);
|
||||||
|
},
|
||||||
|
get originKey() {
|
||||||
|
delete this.originKey;
|
||||||
|
return this.originKey = `${srcOrigin}>${destOrigin}`;
|
||||||
|
},
|
||||||
|
unescapedDest,
|
||||||
|
isGet,
|
||||||
|
isPost: !isGet && method === "POST",
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
async saveUserChoices(xssUserChoices = this._userChoices || {}) {
|
||||||
|
this._userChoices = xssUserChoices;
|
||||||
|
await Storage.set("sync", {xssUserChoices});
|
||||||
|
},
|
||||||
|
getUserChoices() {
|
||||||
|
return this._userChoices;
|
||||||
|
},
|
||||||
|
setUserChoice(originKey, choice) {
|
||||||
|
this._userChoices[originKey] = choice;
|
||||||
|
},
|
||||||
|
getUserChoice(originKey) {
|
||||||
|
return this._userChoices[originKey];
|
||||||
|
},
|
||||||
|
|
||||||
|
async maybe(request) { // return reason or null if everything seems fine
|
||||||
|
let xssReq = request.xssUnparsed ? request : this.parseRequest(request);
|
||||||
|
request = xssReq.xssUnparsed;
|
||||||
|
|
||||||
|
if (await this.Exceptions.shouldIgnore(xssReq)) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
let {
|
||||||
|
skipParams,
|
||||||
|
skipRx
|
||||||
|
} = this.Exceptions.partial(xssReq);
|
||||||
|
|
||||||
|
let {destUrl} = xssReq;
|
||||||
|
|
||||||
|
await include("/xss/InjectionChecker.js");
|
||||||
|
let ic = await this.InjectionChecker;
|
||||||
|
ic.reset();
|
||||||
|
|
||||||
|
let postInjection = xssReq.isPost &&
|
||||||
|
request.requestBody && request.requestBody.formData &&
|
||||||
|
ic.checkPost(request.requestBody.formData, skipParams);
|
||||||
|
|
||||||
|
let protectName = ic.nameAssignment;
|
||||||
|
let urlInjection = ic.checkUrl(destUrl, skipRx);
|
||||||
|
protectName = protectName || ic.nameAssignment;
|
||||||
|
ic.reset();
|
||||||
|
return !(protectName || postInjection || urlInjection) ? null
|
||||||
|
: { protectName, postInjection, urlInjection };
|
||||||
|
}
|
||||||
|
};
|
||||||
|
})();
|
|
@ -0,0 +1,4 @@
|
||||||
|
if (/[<"'\`(=:]/.test(window.name)) {
|
||||||
|
console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL);
|
||||||
|
window.name = "";
|
||||||
|
}
|