Commit Graph

87 Commits

Author SHA1 Message Date
Raymond Hill 1e91fb8733
Fine tune regex used to detect inline script contexts
Related commit:
- b735ac6b6a
2020-09-22 11:18:12 -04:00
Raymond Hill b735ac6b6a
Add abort-on-stack-trace scriptlet
This new scriplet has become necessary as a
countermeasure to new bypass mechanisms by
some websites, as discussed with filter list
maintainers.

Also related discussion:
https://github.com/AdguardTeam/Scriptlets/issues/82

Scriptlet: abort-on-stack-trace

Alias: aost

Argument 1:
  The property to trap in order to launch the
  stack trace matching code, ex. Math.random

Argument 2:
  The string (needle) to match against the stack
  trace. If the empty string, always match. There
  is a special string which can be used to match
  inline script context, <inline-script>.

Argument 3:
Whether to log, and if so how:
  Empty string: do not log
  1: log stack trace for all access to trapped
     property
  2: log stack trace for defused access to trapped
     property
  3: log stack trace for non-defused access to
     trapped property
2020-09-22 09:59:04 -04:00
Raymond Hill 953ba1231f
Object.values() may fail for unknown reasons
Work around this issue by using more reliable
Object.keys().
2020-09-11 08:30:11 -04:00
Raymond Hill 8275690e93
Fix https://github.com/uBlockOrigin/uAssets/issues/5696#issuecomment-675757755 2020-08-20 09:53:11 -04:00
Raymond Hill c33de41660
Support multiple trappers to same property in set-constant
Related issues:
- https://github.com/uBlockOrigin/uBlock-issues/issues/156
- https://github.com/uBlockOrigin/uBlock-issues/issues/1162

Take into account that a trapped property may have been
already trapped, and if so honour previous trapper
getter/setter.
2020-07-19 08:16:40 -04:00
Raymond Hill 975d894419
Stringify argument using implicit rather than explicit conversion
Reported internally by team.

Explicit conversion was causing an exception to be
thrown when the type argument was not supporting
`toString()`, for example when `type` argument was
literal `null`.
2020-07-16 09:55:06 -04:00
Raymond Hill 8f3d8cde7a
Add support to compare delay against literal Number.NaN in nossif/nostif
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/1136
2020-07-02 11:47:49 -04:00
Raymond Hill f433932d86
Add support for wildcard/array in json-prune
Add support for specially-named properties:

`[]`, to iterate through all elements in an array, in
order to deal more graciously with cases where the
property to remove is an element in an array. An
actual case:

    +js(json-prune, playlist.movies.0.adserver playlist.movies.1.adserver ...)

Can be now converted to:

    +js(json-prune, playlist.movies.[].adserver)

`*`, to iterate through all own properties of an object,
in order to deal with random-named properties. For
example (not an actual case):

    +js(json-prune, playlist.*.adserver)

Where `adserver` would be a property member of an
object which is itself a property of `playlist`, but
which name is unknown or is variable.
2020-06-26 10:03:48 -04:00
Raymond Hill c4d39d3763
Fix cookie removal on subdomains of base domain
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/1126
2020-06-24 17:18:14 -04:00
Raymond Hill 5227013a8e
Add `uBO:` prefix to logged output in some scriptlets
As per request.
2020-04-28 11:19:26 -04:00
Raymond Hill 578594bbd7
Improve logging capabilities of json-prune scriptlet
Specifically:

- Log entries as received by client code
- Prettier and more readable console output
- Ability to only log entries matching a
  specific needle

As per internal discussion at
<https://github.com/uBlockOrigin/uAssets>; limited
logging capabilities of json-prune originally raised
by <https://github.com/gwarser>.
2020-04-28 09:47:03 -04:00
Raymond Hill d95b27915f
Bring fingerprint2.js scriptlet up to date
Related issue:
- https://github.com/uBlockOrigin/uAssets/pull/4961
2020-04-18 09:45:07 -04:00
Raymond Hill 1de0e820b8
Replace requestAnimationFrame-if.js with no-requestAnimationFrame-if.js
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/981

To be consistent with no-setTimeout-if.js.

requestAnimationFrame-if.js is deprecated and must no longer be
used, it will be removed in the near future when it's no longer
in use in default filter lists.

no-requestAnimationFrame-if.js is aliased to norafif.js.
2020-04-15 10:06:53 -04:00
Raymond Hill 49d9929191
Add remove-class scriptlet (alias: rc)
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/935

Arguments are similar to that of remove-attr
scriptlet.
2020-03-18 09:44:18 -04:00
Raymond Hill 85cf8f5807
Fix last commit re. set-constant scriptlet
Related commit:
- https://github.com/gorhill/uBlock/commit/40ea9d69d5d0

Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/947

Restore intended behavior with original commit:
- https://github.com/gorhill/uBlock/commit/14ebfbea279c

The purpose of the original change was to be able to
trap properties which values were `null`.
2020-03-16 09:09:48 -04:00
Raymond Hill 40ea9d69d5
Fix regression in set-constant scriptlet
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/947

`Object.prototype` is not an instance of `Object`, but
yet is still a JS object; thus the solution is to
additionally compare against `typeof`.
2020-03-16 08:47:34 -04:00
Raymond Hill 14ebfbea27
Improve set-constant.js scriptlet
The scriptlet will now still try to trap a specific
property if a segment of the chain is not undefined
while yet not an object either.

For example, this now allows to set a value on
`document.body.onselectstart` when `document.body` has
not been instantiated yet by the browser parser,
whereas this would previously fail because
`document.body` would be `null` while the scriptlet
was testing against `undefined`.
2020-03-07 14:16:54 -05:00
Raymond Hill 034c915f3b
Allow re-entrance in abort-current-inline-script
Related feedback:
- https://github.com/DandelionSprout/adfilt/issues/7#issuecomment-590391877

If a property is already trapped with a getter/setter,
propagate to these after validation succeed.
2020-02-24 13:40:17 -05:00
Raymond Hill 1a8571755e
Harden abort-current-inline-script scriplet
Related issue:
- https://github.com/uBlockOrigin/uAssets/issues/6929
2020-02-09 10:35:18 -05:00
Raymond Hill c7dc65fe33
Minor improvement to set-constant scriptlet
Disregard type matching for when the target property
is `null` or is set to `null`.
2020-01-21 10:57:55 -05:00
Raymond Hill 9367a6015b
Convert new setTimeout-if scriptlet to blacklist approach
As per feedback from filter list maintainers, the
whitelist approach has been deemed to confusing.

The scriptlet has been renamed `no-setTimeout-if`
alias `nostif` to reflect the blacklist approach.

`setInterval-if` has been Similarly changed to
`no-setInterval-if` alias `nosiif`.
2019-09-15 11:01:50 -04:00
Raymond Hill 2fd86a66fc
Add json-prune.js scriptlet
The scriptlet will trap calls to JSON.parse, and
if the result of the parsing is an Object, it
will remove specified properties from the result
before returning to the caller.

Usage:

    ##+js(json-prune, arg1, [arg2])

Where:

- arg1: a list of space-separated properties to remove

- arg2: optional, a list of space-separated properties
        which must be all present for the pruning to
        occur

Example:

    ##+js(json-prune, enabled, adpath config)

A property in a list of properties can be a chain
of properties, example: adpath.url.first
2019-09-09 14:06:23 -04:00
Raymond Hill 35854e4baf
Use more descriptive name for raf-if.js
Related feedback:
- 6831967f5f (commitcomment-34979880)
2019-09-06 09:40:04 -04:00
Raymond Hill e3043fadc7
Fix console logging ability in setTimeout-if
Regression from e0fd9750d4
2019-08-25 09:38:08 -04:00
Raymond Hill e0fd9750d4
Further fix new setTimeout-if/setInterval-if scriptlets
Addtionally, a dedicated test page has been added:

https://gorhill.github.io/uBlock/tests/scriptlet-injection-filters-1.html
2019-08-25 09:03:24 -04:00
Raymond Hill e0f0aedad6
Ability to negate delay in new setTimeout-if scriptlet
This also apply to setInterval-if. Thus to defuse
calls to setTimeout(fn, 1000), the filter could be:

    ##+js(stif, , !1000)

Meaning "allow setTimeout if the delay is not 1000".
2019-08-24 13:54:31 -04:00
Raymond Hill c5536577b2
Add two scriptlets: setTimeout-if and setInterval-if
Usage is similar to that of raf-if introduced in
commit 6831967f5f.

The two new scriptlets are meant to replace:
- setTimeout-defuser
- setTimeout-logger
- setInterval-defuser
- setInterval-logger

setTimeout-logger and setInterval-logger have been
removed, since they are not to be used in production.

To log setTimeout and setInterval usage, respectively
(using aliases):
- ##+js(stif)
- ##+js(siif)

To defuse setTimeout unconditionally:
- ##+js(stif, !)

Usage of setTimeout-defuser and setInterval-defuser
is deprecated and will be removed in some future when
they are no longer in use.

Keep in mind that the new scriptlets function on a
whitelist basis, whereas the deprecated ones
function on a blacklist basis. Prefixing the needle
with `!` allow to use the new scriptlets on a
blacklist basis.
2019-08-22 09:32:46 -04:00
Raymond Hill 252ce421c9
Fix `raf-if` scriptlet: bad Proxy target
It was working nonetheless, which made me
miss the mistake.
2019-08-21 10:36:08 -04:00
Raymond Hill 6831967f5f
Add new scriptlet to defuse calls to requestAnimationFrame
Scriptlet name: `raf-if.js`

Usage: `example.com##+js(raf-if, !/(\d+){4}/)`

Argument: one single argument, which is the "needle" to
find in the stringified argument passed to
requestAnimationFrame.

requestAnimationFrame will be defused when:

- The needle is not prefixed with `!` and the needle
  does not match the stringified argument; OR
- The needle is prefixed with `!` and the needle
  matches the stringified argument.

The `raf-if.js` scriptlet will log calls to
requestAnimationFrame to the console when no parameter
is provided, i.e.:

    example.com##+js(raf-if)

Otherwise no logging occurs.
2019-08-21 10:13:23 -04:00
Raymond Hill 3d66bdc8e9
Add shorthand alias for `set-constant.js`: `set.js` 2019-07-29 10:16:36 -04:00
Raymond Hill a89aad0304
Remove trailing spaces
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/679
2019-07-22 07:32:39 -04:00
Raymond Hill ce644c5960
Remove code unused in next release
Since https://github.com/uBlockOrigin/uBlock-issues/issues/156
won't be fixed in next release, no need to ship
with code which will be unused, and anyways only once
the fix is worked on will it be clear exactly what needs
to be used by scriptlets to deal harmoniously with
property listener collisions.
2019-07-11 10:17:06 -04:00
Raymond Hill c499ce82a9
Use `Reflect.construct(t)` rather than `new t()`
Using `new` seemed to work but it's maybe
semantically better to use `Reflect.construct`.
2019-07-11 09:45:53 -04:00
Raymond Hill 9a95fbff94
Restore erroneously remove comments in migration 2019-07-10 08:11:51 -04:00
Raymond Hill e55cae6232
Fine tune new resources-related code
Make sure the parser is safely compatible with old
resources format -- for those users still using
custom resources (via `userResourcesLocation`).

Prepare code for future fix to
<https://github.com/uBlockOrigin/uBlock-issues/issues/156>:

This commit introduces a new private Map() object,
`uBOSafe`, accessible by all injected scriptlets. This
private safe can be used to store data which can be shared
with different scriptlets. The idea is for scriptlets to
use that safe to graciously deal with the need to install
multiple listeners for the same property.
2019-07-08 08:56:36 -04:00
Raymond Hill 4c201c90e1
Remove strat mime type in scriptlets.js
Related ffedback:
- 6f5aa947fb (commitcomment-34205920)
2019-07-06 13:53:36 -04:00
Raymond Hill 6f5aa947fb
Finalize converting resources.txt into immutable resources
With hindsight, I revised decisions made earlier during
this development cycle:

Un-redirectable scriptlets have been removed from
/web_accessible_resources and instead put in the new
/assets/resources/scriptlets.js, which contains all
scriptlets used for web page injection purpose.

uBO will no longer fetch a remote version of built-in
resources.

Advanced setting `userResourcesLocation` will still be
honoured by uBO, and if set, will be fetched every
time at least one asset is updated.
2019-07-06 12:36:28 -04:00