mirror of https://github.com/gorhill/uBlock.git
Forbid subscribing to filter lists with invalid URLs
Related issue: - https://github.com/uBlockOrigin/uBlock-issues/issues/1797
This commit is contained in:
parent
25823f0819
commit
8b8b7da8d9
|
@ -35,6 +35,9 @@ import './codemirror/ubo-static-filtering.js';
|
|||
const assetKey = subscribeParams.get('url');
|
||||
if ( assetKey === null ) { return; }
|
||||
|
||||
// https://github.com/uBlockOrigin/uBlock-issues/issues/1797
|
||||
if ( /^(file|https?):\/\//.test(assetKey) === false ) { return; }
|
||||
|
||||
const subscribeElem = subscribeParams.get('subscribe') !== null
|
||||
? document.getElementById('subscribe')
|
||||
: null;
|
||||
|
|
|
@ -1863,6 +1863,8 @@ const onMessage = function(request, sender, callback) {
|
|||
const hash = µb.selectedFilterLists.indexOf(request.location) !== -1
|
||||
? '#subscribed'
|
||||
: '';
|
||||
// https://github.com/uBlockOrigin/uBlock-issues/issues/1797
|
||||
if ( /^(file|https?):\/\//.test(url) === false ) { break; }
|
||||
vAPI.tabs.open({
|
||||
url: `/asset-viewer.html?url=${url}&title=${title}&subscribe=1${hash}`,
|
||||
select: true,
|
||||
|
|
|
@ -41,15 +41,7 @@ if ( document instanceof HTMLDocument === false ) { return; }
|
|||
// Maybe uBO has gone away meanwhile.
|
||||
if ( typeof vAPI !== 'object' || vAPI === null ) { return; }
|
||||
|
||||
// https://github.com/easylist/EasyListHebrew/issues/89
|
||||
// Ensure trusted events only.
|
||||
|
||||
const onMaybeSubscriptionLinkClicked = function(ev) {
|
||||
if ( ev.button !== 0 || ev.isTrusted === false ) { return; }
|
||||
|
||||
const target = ev.target.closest('a');
|
||||
if ( target instanceof HTMLAnchorElement === false ) { return; }
|
||||
|
||||
const onMaybeSubscriptionLinkClicked = function(target) {
|
||||
if ( vAPI instanceof Object === false ) {
|
||||
document.removeEventListener('click', onMaybeSubscriptionLinkClicked);
|
||||
return;
|
||||
|
@ -70,18 +62,28 @@ const onMaybeSubscriptionLinkClicked = function(ev) {
|
|||
const location = subscribeURL.searchParams.get('location') || '';
|
||||
const title = subscribeURL.searchParams.get('title') || '';
|
||||
if ( location === '' || title === '' ) { return; }
|
||||
// https://github.com/uBlockOrigin/uBlock-issues/issues/1797
|
||||
if ( /^(file|https?):\/\//.test(location) === false ) { return; }
|
||||
vAPI.messaging.send('scriptlets', {
|
||||
what: 'subscribeTo',
|
||||
location,
|
||||
title,
|
||||
});
|
||||
ev.stopPropagation();
|
||||
ev.preventDefault();
|
||||
} catch (_) {
|
||||
}
|
||||
};
|
||||
|
||||
document.addEventListener('click', onMaybeSubscriptionLinkClicked);
|
||||
// https://github.com/easylist/EasyListHebrew/issues/89
|
||||
// Ensure trusted events only.
|
||||
|
||||
document.addEventListener('click', ev => {
|
||||
if ( ev.button !== 0 || ev.isTrusted === false ) { return; }
|
||||
const target = ev.target.closest('a');
|
||||
if ( target instanceof HTMLAnchorElement === false ) { return; }
|
||||
onMaybeSubscriptionLinkClicked(target);
|
||||
ev.stopPropagation();
|
||||
ev.preventDefault();
|
||||
});
|
||||
|
||||
/******************************************************************************/
|
||||
|
||||
|
|
Loading…
Reference in New Issue