Commit Graph

356 Commits

Author SHA1 Message Date
Raymond Hill 51edb13a06
Minor code review 2024-11-16 09:54:19 -05:00
Raymond Hill 5f5e3d730f
Improve `spoof-css` scriptlet
Added special properties to spoof output of getBoundingClientRect().
2024-11-16 09:26:09 -05:00
Raymond Hill c8174d6032
Improve `trusted-set-attr` scriptlet
Related feedback:
11ca4a3923 (commitcomment-149148167)
2024-11-16 08:10:25 -05:00
Raymond Hill e5a088738d
Keep moving related scriptlets into separate files 2024-11-08 11:22:31 -05:00
Raymond Hill ce4908b341
Improve `prevent-xhr` scriptlet 2024-11-08 08:48:07 -05:00
Raymond Hill 41616df866
Improve `trusted-suppress-native-method` scriptlet
Add `debug` as disposition option: if the `how` parameter is `debug`,
the scriptlet will trigger a `debugger` statement and the target
method won't be suppressed. Useful to find out how the method is
being called by page code. To be used for investigation purpose only.
2024-11-08 08:32:19 -05:00
Raymond Hill e613282698
Improve `set-cookie` scriptlet
Allow negative integer as valid value.

Related issue:
https://github.com/gorhill/uBlock/pull/3927

Additionally, move cookie-related scriptlets/helpers into its own
source code file.
2024-11-07 10:23:34 -05:00
Raymond Hill e164250fea
Comment 2024-11-05 09:26:23 -05:00
Raymond Hill 8884f259c1
Improve `prevent-refresh` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uAssets/issues/25859#issuecomment-2449623891
2024-11-01 11:33:34 -04:00
Raymond Hill 11ca4a3923
Add `trusted-set-attr` scriptlet
@trustedScriptlet trusted-set-attr

@description
Sets the specified attribute on the specified elements. This scriptlet runs
once when the page loads then afterward on DOM mutations.

Reference: https://github.com/AdguardTeam/Scriptlets/blob/master/wiki/about-trusted-scriptlets.md#-%EF%B8%8F-trusted-set-attr

@param selector
A CSS selector for the elements to target.

@param attr
The name of the attribute to modify.

@param value
The new value of the attribute. Since the scriptlet requires a trusted
source, the value can be anything.

=====

Additionally, start to move scriptlets into their own source files
for easier maintenance and code review.
2024-10-25 19:12:08 -04:00
Raymond Hill 4291c874d9
Fix regression in `prevent-xhr` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3418
2024-10-17 12:11:50 -04:00
Fanboynz 4d982d9972
Add forbidden/forever values (#3925) 2024-10-11 08:26:37 -04:00
Raymond Hill 85877b12ed
Improve `prevent-window-open` scriptlet
Support triggering a `debugger` statement when `window.open()` is
called.

Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25510#issuecomment-2400067735
2024-10-08 19:47:35 -04:00
Raymond Hill 160d7f3c33
Improve `trusted-override-element-method` scriptlet
Support `debug` as valid `disposition` value: to trigger a `debugger`
statement, but only if uBO's logger is opened.

Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25510#issuecomment-2395446342
2024-10-06 11:07:42 -04:00
Raymond Hill 6d2b3375f8
Mind that BroadcastChannel contructor can throw in Firefox
BroadcastChannel constructor throws in Firefox when Enhanced
Tracking Protection is set to "strict".

This behavior could cause scriptlet injection to wholly break
when uBO's logger was opened, as BroadcastChannel() is used
by scriptlets to report information to the logger.

This commit ensures that exceptions from BroadcastChannel
constructor are properly handled.

The scriptlets will fall back to report at the console should
they be unable to report to the logger through BroadcastChannel.
2024-10-05 12:42:30 -04:00
Raymond Hill 95b0ce5e3a
Add `trusted-override-element-method` scriptlet
@description
Override the behavior of a method on matching elements.

@param methodPath
The method which calls must be intercepted.

@param [selector]
A CSS selector which the target element must match. If not specified,
the override will occur for all elements.

@param [disposition]
How the override should be handled. If not specified, the overridden call
will be equivalent to an empty function. If set to `throw`, an exception
will be thrown. Any other value will be validated and returned as a
supported safe constant.

@example
..##+js(trusted-override-element-method, HTMLAnchorElement.prototype.click, a[target="_blank"][style])
2024-10-05 08:35:43 -04:00
Raymond Hill a0a33eb9b9
Code review for new `trusted-prevent-dom-bypass` scriptlet
Related commit:
https://github.com/gorhill/uBlock/commit/1abc864742
2024-10-05 07:41:44 -04:00
Raymond Hill 1abc864742
Add `trusted-prevent-dom-bypass` scriptlet
@description
Prevent the bypassing of uBO scriptlets through anonymous embedded context.

To ensure that a target method in the embedded context is using the
corresponding parent context's method (which is assumed to be
properly patched), or to replace the embedded context with that of the
parent context.

Root issue:
https://issues.chromium.org/issues/40202434

@param methodPath
The method which calls must be intercepted. The arguments
of the intercepted calls are assumed to be HTMLElement, anything else will
be ignored.

@param selector (optional)
A plain CSS selector which will be used in a `document.querySelector()`
call, to validate that the returned element must be processed by the
scriptlet. If no selector is provided, all elements will be processed.

@param targetMethod (optional)
The method in the embedded context which should be delegated to the
parent context. If no method is specified, the embedded context becomes
the parent one, i.e. all  properties of the embedded context will be that
of the parent context.
2024-10-04 12:24:35 -04:00
Raymond Hill fe49ced2ac
Imrpove `prevent-xhr` scriptlet; add `trusted-prevent-xhr` scriptlet
Add support for synchronous `send()` calls.

`trusted-prevent-xhr` is essentially the same as `prevent-xhr` except
that if the `directive` argument is not a known token, it will be
used as is as the response text of the xhr request, whereas `prevent-xhr`
returns an empty string when the directive is unknown.
2024-10-03 13:31:52 -04:00
Raymond Hill 4ccc0d0fda
Minimize memory allocation in scriptlet helper `proxy-apply-fn`
Probably beneficial in cases of proxied method called in a tight
loop.

Additionally, added `throwFunc` as valid constant in script helper
`validate-constant.fn`. Does what the name implies.
2024-09-19 07:49:54 -04:00
Raymond Hill 11c3a16036
Fix exception thrown in `spoof-css` in Firefox
Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25358#issuecomment-2358278979
2024-09-18 10:34:18 -04:00
Raymond Hill fe3846b72f
Oops meant to be 5s, not 300s... 2024-09-17 18:10:09 -04:00
Raymond Hill e8f6f3ddff
Throttle down repeated scriptlet logging information
Related feedback
https://github.com/uBlockOrigin/uBlock-issues/issues/3378#issuecomment-2356422784
2024-09-17 17:33:06 -04:00
Raymond Hill 547fae4842
Improve scriptlet helper `proxy-apply`
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3378
2024-09-17 09:09:19 -04:00
Raymond Hill 60a009c530
Further improve `prevent-fetch` scriptlet 2024-09-05 11:17:36 -04:00
Raymond Hill e8202af11d
Improve `prevent-fetch` scriptlet
- Add support for negated matches
- Log caller's arguments when verbose logging is enabled
2024-09-04 11:32:26 -04:00
Raymond Hill c8307f58a3
Improve `xml-prune` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/25164#issuecomment-2326358453
2024-09-03 11:15:16 -04:00
Raymond Hill f552f655cb
Fix `prevent-window-open` for when logger is open
Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/906
2024-08-31 12:36:20 -04:00
Raymond Hill 7f11d6216e
Improve `prevent-window-open` scriptlet
As discussed with filter list maintainers.
2024-08-30 10:25:39 -04:00
Raymond Hill ae5dc6299e
Improve `validate-constant` scriptlet helper
Add support for `json:`-prefixed values.
2024-08-29 13:47:48 -04:00
Raymond Hill 0dcb985601
Improve `trusted-replace-outbound-text` scriptlet
When the replacement starts with `json:`, it will be first
decoded using JSON.parse(). Example:

example.com##+js(trusted-replace-outbound-text, somefn, json:"ok")

The doublequotes are required since this is what JSON.parse()
expects as a valid JSON string.
2024-08-27 12:49:35 -04:00
Raymond Hill 3a249f395c
Improve `prevent-xhr` scriptlet
As per filter list maintainers feedback.
2024-08-26 14:28:53 -04:00
Raymond Hill 79e10323ad
Use helper function to lookup safe cookie values
This helper function is now used by `set-cookie` and
`set-local-storage-item` scriptlets, so changes in the
helper function will benefit both scriptlets.
2024-08-19 14:56:15 -04:00
Fanboynz 3e2171f550
Add checked/unchecked to set-cookie (#3923) 2024-08-19 14:40:33 -04:00
Fanboynz 41c2258f91
Add allowed/denied to set-local-storage (#3922) 2024-08-18 09:14:44 -04:00
Raymond Hill 5287f6e029
Code review of scriptlet helper 2024-08-18 09:12:54 -04:00
Raymond Hill 56dfdd2568
Improve various scriptlets
Specifically, improve proxying of native methods.
2024-08-16 11:49:16 -04:00
Raymond Hill db3dc69bcc
Improve `href-sanitizer` sciptlet
Tolerate unexpected spaces in extracted URL parameters.

Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/issues/3297#issuecomment-2283806183
2024-08-12 13:45:46 -04:00
Raymond Hill fb037e97d0
[mv3] Improve `remove-attr.js` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBOL-home/issues/166
2024-08-06 14:47:03 -04:00
Raymond Hill 3668445679
Use random trusted-types policy name
Related commit:
4f0d1301ab
2024-08-04 00:15:40 -04:00
Raymond Hill 4f0d1301ab
Improve `trusted-replace-node-text` scriptlet
Related discussion:
https://github.com/brave/adblock-resources/pull/194
2024-08-03 20:09:21 -04:00
Raymond Hill ec633887dd
Improve `abort-on-stack-trace` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3314
2024-07-28 10:44:17 -04:00
Fanboynz 76246f2c59
Add dismissed to set-cookie (#3921) 2024-07-27 08:26:59 -04:00
Raymond Hill 84be9cde6d
Improve `href-sanitizer` scriptlet
Support ability to recursively unwrap destination URL. Example:

    ...##+js(href-sanitizer, a.clickTracker, ?r?u)

Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/775#discussioncomment-10120835
2024-07-23 09:21:17 -04:00
Raymond Hill bf75dc2f90
Code review of `trusted-replace-node-text` scriptlet 2024-07-22 09:51:40 -04:00
Raymond Hill 14d90418b8
Fix regression in `trusted-replace-node-text` scriptlet
Related commit:
8afd9e233d
2024-07-21 08:34:18 -04:00
Raymond Hill 62f87b0ea8
Rename parameters as per earlier commit
Related commit:
8afd9e233d
2024-07-20 09:43:08 -04:00
Raymond Hill 8afd9e233d
Improve `trusted-replace-node-text` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uAssets/discussions/23769#discussioncomment-10102276
2024-07-20 08:57:11 -04:00
Raymond Hill 77feb25c4d
Improve `set-constant` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/881#discussioncomment-10072370
2024-07-17 09:36:55 -04:00
Raymond Hill 9ce3056361
Improve `prevent-fetch` scriptlet
Add `statusText` as overridable property in response instance.

Supported values are: `""`, `"Not Found"`. `statusText` defaults
to `"OK"` when not overridden.
2024-07-14 12:15:53 -04:00