Try to not rely on UA to lookup environment flavor

The environment flavor is used to by uBO to for self-configuration.

For users with spoofed UA at the `about:config` level, this might
cause uBO to misconfigure itself. Avoid UA and strictly rely on
browserInfo() for looking up environment parameters.
This commit is contained in:
Raymond Hill 2019-02-12 11:11:58 -05:00
parent e4f3559db1
commit 8c4249a870
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 33 additions and 39 deletions

View File

@ -1,7 +1,7 @@
/*******************************************************************************
uBlock Origin - a browser extension to block requests.
Copyright (C) 2014-2018 The uBlock Origin authors
Copyright (C) 2014-present The uBlock Origin authors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -28,8 +28,6 @@
(function(self) {
var chrome = self.chrome;
/******************************************************************************/
vAPI.setTimeout = vAPI.setTimeout || self.setTimeout.bind(self);
@ -42,10 +40,10 @@ vAPI.webextFlavor = {
};
(function() {
var ua = navigator.userAgent,
flavor = vAPI.webextFlavor,
soup = flavor.soup;
var dispatch = function() {
const ua = navigator.userAgent;
const flavor = vAPI.webextFlavor;
const soup = flavor.soup;
const dispatch = function() {
window.dispatchEvent(new CustomEvent('webextFlavor'));
};
@ -62,33 +60,36 @@ vAPI.webextFlavor = {
}
// Asynchronous
var async = self.browser instanceof Object &&
typeof self.browser.runtime.getBrowserInfo === 'function';
if ( async ) {
self.browser.runtime.getBrowserInfo().then(function(info) {
flavor.major = parseInt(info.version, 10) || 0;
if (
self.browser instanceof Object &&
typeof self.browser.runtime.getBrowserInfo === 'function'
) {
self.browser.runtime.getBrowserInfo().then(info => {
flavor.major = parseInt(info.version, 10) || 60;
soup.add(info.vendor.toLowerCase())
.add(info.name.toLowerCase());
soup.delete('user_stylesheet');
if ( flavor.major >= 53 ) { soup.add('user_stylesheet'); }
if ( soup.has('firefox') && flavor.major < 57 ) {
soup.delete('html_filtering');
if ( flavor.major >= 57 ) { soup.add('html_filtering'); }
}
dispatch();
});
if ( self.browser.runtime.getURL('').startsWith('moz-extension://') ) {
soup.add('mozilla')
.add('firefox')
.add('user_stylesheet')
.add('html_filtering');
flavor.major = 60;
}
return;
}
// Synchronous -- order of tests is important
var match;
if ( (match = /\bFirefox\/(\d+)/.exec(ua)) !== null ) {
flavor.major = parseInt(match[1], 10) || 0;
soup.add('mozilla').add('firefox');
if ( flavor.major >= 53 ) { soup.add('user_stylesheet'); }
if ( flavor.major >= 57 ) { soup.add('html_filtering'); }
} else if ( (match = /\bEdge\/(\d+)/.exec(ua)) !== null ) {
let match;
if ( (match = /\bEdge\/(\d+)/.exec(ua)) !== null ) {
flavor.major = parseInt(match[1], 10) || 0;
soup.add('microsoft').add('edge');
} else if ( (match = /\bOPR\/(\d+)/.exec(ua)) !== null ) {
var reEx = /\bChrom(?:e|ium)\/([\d.]+)/;
const reEx = /\bChrom(?:e|ium)\/([\d.]+)/;
if ( reEx.test(ua) ) { match = reEx.exec(ua); }
flavor.major = parseInt(match[1], 10) || 0;
soup.add('opera').add('chromium');
@ -109,24 +110,11 @@ vAPI.webextFlavor = {
}
// Don't starve potential listeners
if ( !async ) {
vAPI.setTimeout(dispatch, 97);
}
})();
/******************************************************************************/
// http://www.w3.org/International/questions/qa-scripts#directions
var setScriptDirection = function(language) {
document.body.setAttribute(
'dir',
['ar', 'he', 'fa', 'ps', 'ur'].indexOf(language) !== -1 ? 'rtl' : 'ltr'
);
};
/******************************************************************************/
vAPI.download = function(details) {
if ( !details.url ) {
return;
@ -147,7 +135,13 @@ vAPI.getURL = chrome.runtime.getURL;
vAPI.i18n = chrome.i18n.getMessage;
setScriptDirection(vAPI.i18n('@@ui_locale'));
// http://www.w3.org/International/questions/qa-scripts#directions
document.body.setAttribute(
'dir',
['ar', 'he', 'fa', 'ps', 'ur'].indexOf(vAPI.i18n('@@ui_locale')) !== -1
? 'rtl'
: 'ltr'
);
/******************************************************************************/