Harden aeld scriptlet against page's tampering

Related feedback:
- https://github.com/uBlockOrigin/uBlock-discussions/discussions/1#discussioncomment-5433222
This commit is contained in:
Raymond Hill 2023-03-26 14:02:21 -04:00
parent 69e54e5db7
commit c8af55e27a
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 6 additions and 4 deletions

View File

@ -279,9 +279,9 @@ builtinScriptlets.push({
aliases: [ 'aost.js' ], aliases: [ 'aost.js' ],
fn: abortOnStackTrace, fn: abortOnStackTrace,
dependencies: [ dependencies: [
'safe-self.fn',
'pattern-to-regex.fn',
'get-exception-token.fn', 'get-exception-token.fn',
'pattern-to-regex.fn',
'safe-self.fn',
], ],
}); });
// Status is currently experimental // Status is currently experimental
@ -387,6 +387,7 @@ builtinScriptlets.push({
fn: addEventListenerDefuser, fn: addEventListenerDefuser,
dependencies: [ dependencies: [
'pattern-to-regex.fn', 'pattern-to-regex.fn',
'safe-self.fn',
], ],
}); });
// https://github.com/uBlockOrigin/uAssets/issues/9123#issuecomment-848255120 // https://github.com/uBlockOrigin/uAssets/issues/9123#issuecomment-848255120
@ -400,6 +401,7 @@ function addEventListenerDefuser(
let { type = '', pattern = '' } = details; let { type = '', pattern = '' } = details;
if ( typeof type !== 'string' ) { return; } if ( typeof type !== 'string' ) { return; }
if ( typeof pattern !== 'string' ) { return; } if ( typeof pattern !== 'string' ) { return; }
const safe = safeSelf();
const reType = patternToRegex(type); const reType = patternToRegex(type);
const rePattern = patternToRegex(pattern); const rePattern = patternToRegex(pattern);
const logfn = console.log.bind(console); const logfn = console.log.bind(console);
@ -412,8 +414,8 @@ function addEventListenerDefuser(
handler = String(args[1]); handler = String(args[1]);
} catch(ex) { } catch(ex) {
} }
const matchesType = reType.test(type); const matchesType = safe.RegExp_test.call(reType, type);
const matchesHandler = rePattern.test(handler); const matchesHandler = safe.RegExp_test.call(rePattern, handler);
const matchesEither = matchesType || matchesHandler; const matchesEither = matchesType || matchesHandler;
const matchesBoth = matchesType && matchesHandler; const matchesBoth = matchesType && matchesHandler;
if ( if (