Forbid subscribing to filter lists with invalid URLs

Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/1797
This commit is contained in:
Raymond Hill 2021-11-04 08:52:06 -04:00
parent 25823f0819
commit 8b8b7da8d9
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
3 changed files with 19 additions and 12 deletions

View File

@ -35,6 +35,9 @@ import './codemirror/ubo-static-filtering.js';
const assetKey = subscribeParams.get('url');
if ( assetKey === null ) { return; }
// https://github.com/uBlockOrigin/uBlock-issues/issues/1797
if ( /^(file|https?):\/\//.test(assetKey) === false ) { return; }
const subscribeElem = subscribeParams.get('subscribe') !== null
? document.getElementById('subscribe')
: null;

View File

@ -1863,6 +1863,8 @@ const onMessage = function(request, sender, callback) {
const hash = µb.selectedFilterLists.indexOf(request.location) !== -1
? '#subscribed'
: '';
// https://github.com/uBlockOrigin/uBlock-issues/issues/1797
if ( /^(file|https?):\/\//.test(url) === false ) { break; }
vAPI.tabs.open({
url: `/asset-viewer.html?url=${url}&title=${title}&subscribe=1${hash}`,
select: true,

View File

@ -41,15 +41,7 @@ if ( document instanceof HTMLDocument === false ) { return; }
// Maybe uBO has gone away meanwhile.
if ( typeof vAPI !== 'object' || vAPI === null ) { return; }
// https://github.com/easylist/EasyListHebrew/issues/89
// Ensure trusted events only.
const onMaybeSubscriptionLinkClicked = function(ev) {
if ( ev.button !== 0 || ev.isTrusted === false ) { return; }
const target = ev.target.closest('a');
if ( target instanceof HTMLAnchorElement === false ) { return; }
const onMaybeSubscriptionLinkClicked = function(target) {
if ( vAPI instanceof Object === false ) {
document.removeEventListener('click', onMaybeSubscriptionLinkClicked);
return;
@ -70,18 +62,28 @@ const onMaybeSubscriptionLinkClicked = function(ev) {
const location = subscribeURL.searchParams.get('location') || '';
const title = subscribeURL.searchParams.get('title') || '';
if ( location === '' || title === '' ) { return; }
// https://github.com/uBlockOrigin/uBlock-issues/issues/1797
if ( /^(file|https?):\/\//.test(location) === false ) { return; }
vAPI.messaging.send('scriptlets', {
what: 'subscribeTo',
location,
title,
});
ev.stopPropagation();
ev.preventDefault();
} catch (_) {
}
};
document.addEventListener('click', onMaybeSubscriptionLinkClicked);
// https://github.com/easylist/EasyListHebrew/issues/89
// Ensure trusted events only.
document.addEventListener('click', ev => {
if ( ev.button !== 0 || ev.isTrusted === false ) { return; }
const target = ev.target.closest('a');
if ( target instanceof HTMLAnchorElement === false ) { return; }
onMaybeSubscriptionLinkClicked(target);
ev.stopPropagation();
ev.preventDefault();
});
/******************************************************************************/