Protect against possible page modification to addEventListener

This commit is contained in:
Raymond Hill 2023-04-28 07:58:23 -04:00
parent 11c3f30376
commit 6c29ae82f2
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 10 additions and 12 deletions

View File

@ -49,6 +49,8 @@ function safeSelf() {
'RegExp': self.RegExp, 'RegExp': self.RegExp,
'RegExp_test': self.RegExp.prototype.test, 'RegExp_test': self.RegExp.prototype.test,
'RegExp_exec': self.RegExp.prototype.exec, 'RegExp_exec': self.RegExp.prototype.exec,
'addEventListener': self.EventTarget.prototype.addEventListener,
'removeEventListener': self.EventTarget.prototype.removeEventListener,
'log': console.log.bind(console), 'log': console.log.bind(console),
'uboLog': function(msg) { 'uboLog': function(msg) {
if ( msg === '' ) { return; } if ( msg === '' ) { return; }
@ -122,6 +124,9 @@ function shouldLog(details) {
builtinScriptlets.push({ builtinScriptlets.push({
name: 'run-at.fn', name: 'run-at.fn',
fn: runAt, fn: runAt,
dependencies: [
'safe-self.fn',
],
}); });
function runAt(fn, when) { function runAt(fn, when) {
const intFromReadyState = state => { const intFromReadyState = state => {
@ -137,13 +142,14 @@ function runAt(fn, when) {
if ( intFromReadyState(document.readyState) >= runAt ) { if ( intFromReadyState(document.readyState) >= runAt ) {
fn(); return; fn(); return;
} }
const options = { capture: true };
const onStateChange = ( ) => { const onStateChange = ( ) => {
if ( intFromReadyState(document.readyState) < runAt ) { return; } if ( intFromReadyState(document.readyState) < runAt ) { return; }
fn(); fn();
document.removeEventListener('readystatechange', onStateChange, options); safe.removeEventListener.apply(document, args);
}; };
document.addEventListener('readystatechange', onStateChange, options); const safe = safeSelf();
const args = [ 'readystatechange', onStateChange, { capture: true } ];
safe.addEventListener.apply(document, args);
} }
/******************************************************************************* /*******************************************************************************
@ -475,7 +481,7 @@ function addEventListenerDefuser(
const details = typeof arg1 !== 'object' const details = typeof arg1 !== 'object'
? { type: arg1, pattern: arg2 } ? { type: arg1, pattern: arg2 }
: arg1; : arg1;
let { type = '', pattern = '' } = details; const { type = '', pattern = '' } = details;
if ( typeof type !== 'string' ) { return; } if ( typeof type !== 'string' ) { return; }
if ( typeof pattern !== 'string' ) { return; } if ( typeof pattern !== 'string' ) { return; }
const safe = safeSelf(); const safe = safeSelf();
@ -510,14 +516,6 @@ function addEventListenerDefuser(
self.EventTarget.prototype.addEventListener, self.EventTarget.prototype.addEventListener,
eventListenerHandler eventListenerHandler
); );
self.document.addEventListener = new Proxy(
self.document.addEventListener,
eventListenerHandler
);
self.addEventListener = new Proxy(
self.addEventListener,
eventListenerHandler
);
}; };
runAt(( ) => { runAt(( ) => {
trapEddEventListeners(); trapEddEventListeners();