Mirrors
/
uBlock
mirror of https://github.com/gorhill/uBlock.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

code review for #3331: increase restrictions 

Only resources from within current directory will be allowed,
everything else will be silently rejected.
For example, this will forbid pulling lists from different repos
on GitHub, despite the lists being same origin.
This commit is contained in:
Raymond Hill 2017-12-30 11:05:15 -05:00
parent 6ab34efe44
commit f7c02e237f
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/js/assets.js
View File

@ -190,22 +190,22 @@ api.fetchFilterList = function(mainlistURL, onLoad, onError) {
if ( isSublist ) { content.push('\n! ' + '>>>>>>>> ' + details.url); }
content.push(details.content.trim());
if ( isSublist ) { content.push('! <<<<<<<< ' + details.url); }
if ( parsedMainURL !== undefined ) {
if (
parsedMainURL !== undefined &&
parsedMainURL.pathname.length > 0
) {
var reInclude = /^!#include +(\S+)/gm,
match, subURL;
for (;;) {
match = reInclude.exec(details.content);
while ( match !== null ) {
var parsedSubURL = toParsedURL(match[1]);
if ( parsedSubURL === undefined ) {
parsedSubURL = toParsedURL(
parsedMainURL.href.replace(/[^/?]+(?:\?.*)?$/, match[1])
);
if ( parsedSubURL === undefined ) { continue; }
}
if ( parsedSubURL.origin !== parsedMainURL.origin ) { continue; }
if ( loadedSublistURLs.has(parsedSubURL.href) ) { continue; }
pendingSublistURLs.add(parsedSubURL.href);
match = reInclude.exec(details.content);
if ( match === null ) { break; }
if ( toParsedURL(match[1]) !== undefined ) { continue; }
if ( match[1].indexOf('..') !== -1 ) { continue; }
subURL =
parsedMainURL.origin +
parsedMainURL.pathname.replace(/[^/]+$/, match[1]);
if ( loadedSublistURLs.has(subURL) ) { continue; }
pendingSublistURLs.add(subURL);
}
}