From 8c4249a870c026ab0e5253efda8a6fd77a786c71 Mon Sep 17 00:00:00 2001
From: Raymond Hill <rhill@raymondhill.net>
Date: Tue, 12 Feb 2019 11:11:58 -0500
Subject: [PATCH] Try to not rely on UA to lookup environment flavor

The environment flavor is used to by uBO to for self-configuration.

For users with spoofed UA at the `about:config` level, this might
cause uBO to misconfigure itself. Avoid UA and strictly rely on
browserInfo() for looking up environment parameters.
---
 platform/chromium/vapi-common.js | 72 +++++++++++++++-----------------
 1 file changed, 33 insertions(+), 39 deletions(-)

diff --git a/platform/chromium/vapi-common.js b/platform/chromium/vapi-common.js
index d198b74b9..8e577f441 100644
--- a/platform/chromium/vapi-common.js
+++ b/platform/chromium/vapi-common.js
@@ -1,7 +1,7 @@
 /*******************************************************************************
 
     uBlock Origin - a browser extension to block requests.
-    Copyright (C) 2014-2018 The uBlock Origin authors
+    Copyright (C) 2014-present The uBlock Origin authors
 
     This program is free software: you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -28,8 +28,6 @@
 
 (function(self) {
 
-var chrome = self.chrome;
-
 /******************************************************************************/
 
 vAPI.setTimeout = vAPI.setTimeout || self.setTimeout.bind(self);
@@ -42,10 +40,10 @@ vAPI.webextFlavor = {
 };
 
 (function() {
-    var ua = navigator.userAgent,
-        flavor = vAPI.webextFlavor,
-        soup = flavor.soup;
-    var dispatch = function() {
+    const ua = navigator.userAgent;
+    const flavor = vAPI.webextFlavor;
+    const soup = flavor.soup;
+    const dispatch = function() {
         window.dispatchEvent(new CustomEvent('webextFlavor'));
     };
 
@@ -62,33 +60,36 @@ vAPI.webextFlavor = {
     }
 
     // Asynchronous
-    var async = self.browser instanceof Object &&
-                typeof self.browser.runtime.getBrowserInfo === 'function';
-    if ( async ) {
-        self.browser.runtime.getBrowserInfo().then(function(info) {
-            flavor.major = parseInt(info.version, 10) || 0;
+    if (
+        self.browser instanceof Object &&
+        typeof self.browser.runtime.getBrowserInfo === 'function'
+    ) {
+        self.browser.runtime.getBrowserInfo().then(info => {
+            flavor.major = parseInt(info.version, 10) || 60;
             soup.add(info.vendor.toLowerCase())
                 .add(info.name.toLowerCase());
-            soup.delete('user_stylesheet');
-            if ( flavor.major >= 53 ) { soup.add('user_stylesheet'); }
-            soup.delete('html_filtering');
-            if ( flavor.major >= 57 ) { soup.add('html_filtering'); }
+            if ( soup.has('firefox') && flavor.major < 57 ) {
+                soup.delete('html_filtering');
+            }
             dispatch();
         });
+        if ( self.browser.runtime.getURL('').startsWith('moz-extension://') ) {
+            soup.add('mozilla')
+                .add('firefox')
+                .add('user_stylesheet')
+                .add('html_filtering');
+            flavor.major = 60;
+        }
+        return;
     }
 
     // Synchronous -- order of tests is important
-    var match;
-    if ( (match = /\bFirefox\/(\d+)/.exec(ua)) !== null ) {
-        flavor.major = parseInt(match[1], 10) || 0;
-        soup.add('mozilla').add('firefox');
-        if ( flavor.major >= 53 ) { soup.add('user_stylesheet'); }
-        if ( flavor.major >= 57 ) { soup.add('html_filtering'); }
-    } else if ( (match = /\bEdge\/(\d+)/.exec(ua)) !== null ) {
+    let match;
+    if ( (match = /\bEdge\/(\d+)/.exec(ua)) !== null ) {
         flavor.major = parseInt(match[1], 10) || 0;
         soup.add('microsoft').add('edge');
     } else if ( (match = /\bOPR\/(\d+)/.exec(ua)) !== null ) {
-        var reEx = /\bChrom(?:e|ium)\/([\d.]+)/;
+        const reEx = /\bChrom(?:e|ium)\/([\d.]+)/;
         if ( reEx.test(ua) ) { match = reEx.exec(ua); }
         flavor.major = parseInt(match[1], 10) || 0;
         soup.add('opera').add('chromium');
@@ -109,24 +110,11 @@ vAPI.webextFlavor = {
     }
 
     // Don't starve potential listeners
-    if ( !async ) {
-        vAPI.setTimeout(dispatch, 97);
-    }
+    vAPI.setTimeout(dispatch, 97);
 })();
 
 /******************************************************************************/
 
-// http://www.w3.org/International/questions/qa-scripts#directions
-
-var setScriptDirection = function(language) {
-    document.body.setAttribute(
-        'dir',
-        ['ar', 'he', 'fa', 'ps', 'ur'].indexOf(language) !== -1 ? 'rtl' : 'ltr'
-    );
-};
-
-/******************************************************************************/
-
 vAPI.download = function(details) {
     if ( !details.url ) {
         return;
@@ -147,7 +135,13 @@ vAPI.getURL = chrome.runtime.getURL;
 
 vAPI.i18n = chrome.i18n.getMessage;
 
-setScriptDirection(vAPI.i18n('@@ui_locale'));
+// http://www.w3.org/International/questions/qa-scripts#directions
+document.body.setAttribute(
+    'dir',
+    ['ar', 'he', 'fa', 'ps', 'ur'].indexOf(vAPI.i18n('@@ui_locale')) !== -1
+        ? 'rtl'
+        : 'ltr'
+);
 
 /******************************************************************************/