Mirrors
/
uBlock
mirror of https://github.com/gorhill/uBlock.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix potential exfiltration of browsing history by a rogue list author through `csp=` 

As reported internally to ubo-security by https://github.com/distinctmondaylila

One issue is a regression from the rewriting of the static filtering
parser in version 1.47.0, specifically the following commit:
https://github.com/gorhill/uBlock/commit/8ea3b0f64c
The existing regex was no longer suitable to properly detect
some usage of `report-xxx` in the rwritten parser.

Another issue which predates 1.47.0 is that the regex used for
validation was case-sensititive, while the `report-uri` directive
can be written using uppercase letters, i.e. `Report-uri`.
This commit is contained in:
Raymond Hill 2024-02-13 14:35:08 -05:00
parent 2705059d7a
commit db5656f607
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/js/static-filtering-parser.js
View File

@ -896,7 +896,7 @@ export class AstFilterParser {
this.reResponseheaderPattern = /^\^responseheader\(.*\)$/;
this.rePatternScriptletJsonArgs = /^\{.*\}$/;
this.reGoodRegexToken = /[^\x01%0-9A-Za-z][%0-9A-Za-z]{7,}|[^\x01%0-9A-Za-z][%0-9A-Za-z]{1,6}[^\x01%0-9A-Za-z]/;
this.reBadCSP = /(?:=|;)\s*report-(?:to|uri)\b/;
this.reBadCSP = /(?:^|;)\s*report-(?:to|uri)\b/i;
this.reNoopOption = /^_+$/;
this.scriptletArgListParser = new ArgListParser(',');
}