Harden aeld scriptlet against page's tampering

Related feedback:
- https://github.com/uBlockOrigin/uBlock-discussions/discussions/1#discussioncomment-5433222
This commit is contained in:
Raymond Hill 2023-03-26 14:02:21 -04:00
parent 69e54e5db7
commit c8af55e27a
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 6 additions and 4 deletions

View File

@ -279,9 +279,9 @@ builtinScriptlets.push({
aliases: [ 'aost.js' ],
fn: abortOnStackTrace,
dependencies: [
'safe-self.fn',
'pattern-to-regex.fn',
'get-exception-token.fn',
'pattern-to-regex.fn',
'safe-self.fn',
],
});
// Status is currently experimental
@ -387,6 +387,7 @@ builtinScriptlets.push({
fn: addEventListenerDefuser,
dependencies: [
'pattern-to-regex.fn',
'safe-self.fn',
],
});
// https://github.com/uBlockOrigin/uAssets/issues/9123#issuecomment-848255120
@ -400,6 +401,7 @@ function addEventListenerDefuser(
let { type = '', pattern = '' } = details;
if ( typeof type !== 'string' ) { return; }
if ( typeof pattern !== 'string' ) { return; }
const safe = safeSelf();
const reType = patternToRegex(type);
const rePattern = patternToRegex(pattern);
const logfn = console.log.bind(console);
@ -412,8 +414,8 @@ function addEventListenerDefuser(
handler = String(args[1]);
} catch(ex) {
}
const matchesType = reType.test(type);
const matchesHandler = rePattern.test(handler);
const matchesType = safe.RegExp_test.call(reType, type);
const matchesHandler = safe.RegExp_test.call(rePattern, handler);
const matchesEither = matchesType || matchesHandler;
const matchesBoth = matchesType && matchesHandler;
if (