mirror of https://github.com/gorhill/uBlock.git
Harden aeld scriptlet against page's tampering
Related feedback: - https://github.com/uBlockOrigin/uBlock-discussions/discussions/1#discussioncomment-5433222
This commit is contained in:
parent
69e54e5db7
commit
c8af55e27a
|
@ -279,9 +279,9 @@ builtinScriptlets.push({
|
||||||
aliases: [ 'aost.js' ],
|
aliases: [ 'aost.js' ],
|
||||||
fn: abortOnStackTrace,
|
fn: abortOnStackTrace,
|
||||||
dependencies: [
|
dependencies: [
|
||||||
'safe-self.fn',
|
|
||||||
'pattern-to-regex.fn',
|
|
||||||
'get-exception-token.fn',
|
'get-exception-token.fn',
|
||||||
|
'pattern-to-regex.fn',
|
||||||
|
'safe-self.fn',
|
||||||
],
|
],
|
||||||
});
|
});
|
||||||
// Status is currently experimental
|
// Status is currently experimental
|
||||||
|
@ -387,6 +387,7 @@ builtinScriptlets.push({
|
||||||
fn: addEventListenerDefuser,
|
fn: addEventListenerDefuser,
|
||||||
dependencies: [
|
dependencies: [
|
||||||
'pattern-to-regex.fn',
|
'pattern-to-regex.fn',
|
||||||
|
'safe-self.fn',
|
||||||
],
|
],
|
||||||
});
|
});
|
||||||
// https://github.com/uBlockOrigin/uAssets/issues/9123#issuecomment-848255120
|
// https://github.com/uBlockOrigin/uAssets/issues/9123#issuecomment-848255120
|
||||||
|
@ -400,6 +401,7 @@ function addEventListenerDefuser(
|
||||||
let { type = '', pattern = '' } = details;
|
let { type = '', pattern = '' } = details;
|
||||||
if ( typeof type !== 'string' ) { return; }
|
if ( typeof type !== 'string' ) { return; }
|
||||||
if ( typeof pattern !== 'string' ) { return; }
|
if ( typeof pattern !== 'string' ) { return; }
|
||||||
|
const safe = safeSelf();
|
||||||
const reType = patternToRegex(type);
|
const reType = patternToRegex(type);
|
||||||
const rePattern = patternToRegex(pattern);
|
const rePattern = patternToRegex(pattern);
|
||||||
const logfn = console.log.bind(console);
|
const logfn = console.log.bind(console);
|
||||||
|
@ -412,8 +414,8 @@ function addEventListenerDefuser(
|
||||||
handler = String(args[1]);
|
handler = String(args[1]);
|
||||||
} catch(ex) {
|
} catch(ex) {
|
||||||
}
|
}
|
||||||
const matchesType = reType.test(type);
|
const matchesType = safe.RegExp_test.call(reType, type);
|
||||||
const matchesHandler = rePattern.test(handler);
|
const matchesHandler = safe.RegExp_test.call(rePattern, handler);
|
||||||
const matchesEither = matchesType || matchesHandler;
|
const matchesEither = matchesType || matchesHandler;
|
||||||
const matchesBoth = matchesType && matchesHandler;
|
const matchesBoth = matchesType && matchesHandler;
|
||||||
if (
|
if (
|
||||||
|
|
Loading…
Reference in New Issue