Commit Graph

346 Commits

Author SHA1 Message Date
Raymond Hill 4291c874d9
Fix regression in `prevent-xhr` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3418
2024-10-17 12:11:50 -04:00
Fanboynz 4d982d9972
Add forbidden/forever values (#3925) 2024-10-11 08:26:37 -04:00
Raymond Hill 85877b12ed
Improve `prevent-window-open` scriptlet
Support triggering a `debugger` statement when `window.open()` is
called.

Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25510#issuecomment-2400067735
2024-10-08 19:47:35 -04:00
Raymond Hill 160d7f3c33
Improve `trusted-override-element-method` scriptlet
Support `debug` as valid `disposition` value: to trigger a `debugger`
statement, but only if uBO's logger is opened.

Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25510#issuecomment-2395446342
2024-10-06 11:07:42 -04:00
Raymond Hill 6d2b3375f8
Mind that BroadcastChannel contructor can throw in Firefox
BroadcastChannel constructor throws in Firefox when Enhanced
Tracking Protection is set to "strict".

This behavior could cause scriptlet injection to wholly break
when uBO's logger was opened, as BroadcastChannel() is used
by scriptlets to report information to the logger.

This commit ensures that exceptions from BroadcastChannel
constructor are properly handled.

The scriptlets will fall back to report at the console should
they be unable to report to the logger through BroadcastChannel.
2024-10-05 12:42:30 -04:00
Raymond Hill 95b0ce5e3a
Add `trusted-override-element-method` scriptlet
@description
Override the behavior of a method on matching elements.

@param methodPath
The method which calls must be intercepted.

@param [selector]
A CSS selector which the target element must match. If not specified,
the override will occur for all elements.

@param [disposition]
How the override should be handled. If not specified, the overridden call
will be equivalent to an empty function. If set to `throw`, an exception
will be thrown. Any other value will be validated and returned as a
supported safe constant.

@example
..##+js(trusted-override-element-method, HTMLAnchorElement.prototype.click, a[target="_blank"][style])
2024-10-05 08:35:43 -04:00
Raymond Hill a0a33eb9b9
Code review for new `trusted-prevent-dom-bypass` scriptlet
Related commit:
https://github.com/gorhill/uBlock/commit/1abc864742
2024-10-05 07:41:44 -04:00
Raymond Hill 1abc864742
Add `trusted-prevent-dom-bypass` scriptlet
@description
Prevent the bypassing of uBO scriptlets through anonymous embedded context.

To ensure that a target method in the embedded context is using the
corresponding parent context's method (which is assumed to be
properly patched), or to replace the embedded context with that of the
parent context.

Root issue:
https://issues.chromium.org/issues/40202434

@param methodPath
The method which calls must be intercepted. The arguments
of the intercepted calls are assumed to be HTMLElement, anything else will
be ignored.

@param selector (optional)
A plain CSS selector which will be used in a `document.querySelector()`
call, to validate that the returned element must be processed by the
scriptlet. If no selector is provided, all elements will be processed.

@param targetMethod (optional)
The method in the embedded context which should be delegated to the
parent context. If no method is specified, the embedded context becomes
the parent one, i.e. all  properties of the embedded context will be that
of the parent context.
2024-10-04 12:24:35 -04:00
Raymond Hill fe49ced2ac
Imrpove `prevent-xhr` scriptlet; add `trusted-prevent-xhr` scriptlet
Add support for synchronous `send()` calls.

`trusted-prevent-xhr` is essentially the same as `prevent-xhr` except
that if the `directive` argument is not a known token, it will be
used as is as the response text of the xhr request, whereas `prevent-xhr`
returns an empty string when the directive is unknown.
2024-10-03 13:31:52 -04:00
Raymond Hill 4ccc0d0fda
Minimize memory allocation in scriptlet helper `proxy-apply-fn`
Probably beneficial in cases of proxied method called in a tight
loop.

Additionally, added `throwFunc` as valid constant in script helper
`validate-constant.fn`. Does what the name implies.
2024-09-19 07:49:54 -04:00
Raymond Hill 11c3a16036
Fix exception thrown in `spoof-css` in Firefox
Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25358#issuecomment-2358278979
2024-09-18 10:34:18 -04:00
Raymond Hill fe3846b72f
Oops meant to be 5s, not 300s... 2024-09-17 18:10:09 -04:00
Raymond Hill e8f6f3ddff
Throttle down repeated scriptlet logging information
Related feedback
https://github.com/uBlockOrigin/uBlock-issues/issues/3378#issuecomment-2356422784
2024-09-17 17:33:06 -04:00
Raymond Hill 547fae4842
Improve scriptlet helper `proxy-apply`
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3378
2024-09-17 09:09:19 -04:00
Raymond Hill 60a009c530
Further improve `prevent-fetch` scriptlet 2024-09-05 11:17:36 -04:00
Raymond Hill e8202af11d
Improve `prevent-fetch` scriptlet
- Add support for negated matches
- Log caller's arguments when verbose logging is enabled
2024-09-04 11:32:26 -04:00
Raymond Hill c8307f58a3
Improve `xml-prune` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25164#issuecomment-2326358453
2024-09-03 11:15:16 -04:00
Raymond Hill f552f655cb
Fix `prevent-window-open` for when logger is open
Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/906
2024-08-31 12:36:20 -04:00
Raymond Hill 7f11d6216e
Improve `prevent-window-open` scriptlet
As discussed with filter list maintainers.
2024-08-30 10:25:39 -04:00
Raymond Hill ae5dc6299e
Improve `validate-constant` scriptlet helper
Add support for `json:`-prefixed values.
2024-08-29 13:47:48 -04:00
Raymond Hill 0dcb985601
Improve `trusted-replace-outbound-text` scriptlet
When the replacement starts with `json:`, it will be first
decoded using JSON.parse(). Example:

example.com##+js(trusted-replace-outbound-text, somefn, json:"ok")

The doublequotes are required since this is what JSON.parse()
expects as a valid JSON string.
2024-08-27 12:49:35 -04:00
Raymond Hill 3a249f395c
Improve `prevent-xhr` scriptlet
As per filter list maintainers feedback.
2024-08-26 14:28:53 -04:00
Raymond Hill 79e10323ad
Use helper function to lookup safe cookie values
This helper function is now used by `set-cookie` and
`set-local-storage-item` scriptlets, so changes in the
helper function will benefit both scriptlets.
2024-08-19 14:56:15 -04:00
Fanboynz 3e2171f550
Add checked/unchecked to set-cookie (#3923) 2024-08-19 14:40:33 -04:00
Fanboynz 41c2258f91
Add allowed/denied to set-local-storage (#3922) 2024-08-18 09:14:44 -04:00
Raymond Hill 5287f6e029
Code review of scriptlet helper 2024-08-18 09:12:54 -04:00
Raymond Hill 56dfdd2568
Improve various scriptlets
Specifically, improve proxying of native methods.
2024-08-16 11:49:16 -04:00
Raymond Hill db3dc69bcc
Improve `href-sanitizer` sciptlet
Tolerate unexpected spaces in extracted URL parameters.

Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/issues/3297#issuecomment-2283806183
2024-08-12 13:45:46 -04:00
Raymond Hill fb037e97d0
[mv3] Improve `remove-attr.js` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBOL-home/issues/166
2024-08-06 14:47:03 -04:00
Raymond Hill 3668445679
Use random trusted-types policy name
Related commit:
4f0d1301ab
2024-08-04 00:15:40 -04:00
Raymond Hill 4f0d1301ab
Improve `trusted-replace-node-text` scriptlet
Related discussion:
https://github.com/brave/adblock-resources/pull/194
2024-08-03 20:09:21 -04:00
Raymond Hill ec633887dd
Improve `abort-on-stack-trace` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3314
2024-07-28 10:44:17 -04:00
Fanboynz 76246f2c59
Add dismissed to set-cookie (#3921) 2024-07-27 08:26:59 -04:00
Raymond Hill 84be9cde6d
Improve `href-sanitizer` scriptlet
Support ability to recursively unwrap destination URL. Example:

    ...##+js(href-sanitizer, a.clickTracker, ?r?u)

Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/775#discussioncomment-10120835
2024-07-23 09:21:17 -04:00
Raymond Hill bf75dc2f90
Code review of `trusted-replace-node-text` scriptlet 2024-07-22 09:51:40 -04:00
Raymond Hill 14d90418b8
Fix regression in `trusted-replace-node-text` scriptlet
Related commit:
8afd9e233d
2024-07-21 08:34:18 -04:00
Raymond Hill 62f87b0ea8
Rename parameters as per earlier commit
Related commit:
8afd9e233d
2024-07-20 09:43:08 -04:00
Raymond Hill 8afd9e233d
Improve `trusted-replace-node-text` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uAssets/discussions/23769#discussioncomment-10102276
2024-07-20 08:57:11 -04:00
Raymond Hill 77feb25c4d
Improve `set-constant` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/881#discussioncomment-10072370
2024-07-17 09:36:55 -04:00
Raymond Hill 9ce3056361
Improve `prevent-fetch` scriptlet
Add `statusText` as overridable property in response instance.

Supported values are: `""`, `"Not Found"`. `statusText` defaults
to `"OK"` when not overridden.
2024-07-14 12:15:53 -04:00
Raymond Hill e785b99338
Improve `prevent-fetch` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/848#discussioncomment-10027757

Added support for AdGuard's `responseType` parameter. Extended the
meaning of that 3rd parameter to also be a JSON string with
properties to set on the returned response instance. Currently
supported properties:

- `ok`, supported values: `false`, `true`
- `type, supported values: `"basic"`, `"cors"`, `"opaque"`

Reference:
https://github.com/AdguardTeam/Scriptlets/blob/master/wiki/about-scriptlets.md#-%EF%B8%8F-prevent-fetch
2024-07-13 11:02:54 -04:00
Raymond Hill 66e3a1ad47
Improve `href-sanitizer` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3297

Mind that the sanitized URL can have Unicode characters beyond
ASCII.
2024-07-10 12:43:36 -04:00
Raymond Hill 97d11c03c2
Add `trusted-suppress-native-method` scriptlet
Reference:
https://github.com/AdguardTeam/Scriptlets/blob/5a92d79489/wiki/about-trusted-scriptlets.md#trusted-suppress-native-method

This is a first draft version, see code comments for details.
2024-07-09 13:03:50 -04:00
Raymond Hill a3576ea651
Add support for `$currentISODate$` in `trusted-set-cookie` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uAssets/discussions/20789#discussioncomment-9979107
2024-07-07 11:19:40 -04:00
Fanboynz 37d31a82d8
Add essential and nonessential to set-cookie (#3919) 2024-07-07 09:25:34 -04:00
Raymond Hill 8eb3b19c69
Improve logging in `prevent-addEventListener` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uAssets/discussions/17907#discussioncomment-9871079
2024-06-25 09:08:46 -04:00
Raymond Hill b4d8750f44
Improve `set-cookie` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/issues/3178#issuecomment-2178502856
2024-06-19 08:48:54 -04:00
Raymond Hill cb0f65e035
Improve `trusted-replace-node-text` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uAssets/discussions/24143
2024-06-18 10:03:54 -04:00
Fanboynz bdb99862ce
Add hide and hidden to set-cookie (#3918) 2024-06-14 14:32:11 -04:00
Raymond Hill 9072772f61
Improve `trusted-replace-[fetch|xhr]-response` scriptlets
Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/831#discussioncomment-9750621
2024-06-13 09:32:30 -04:00