Commit Graph

269 Commits

Author SHA1 Message Date
Raymond Hill 50ebfb9932
Mind that attribute names are case-insensitive
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3121
2024-02-14 08:37:01 -05:00
Raymond Hill b22b3d729b
Improve `prevent-addEventListener` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/issues/3061#issuecomment-1899042062
2024-02-14 08:23:16 -05:00
Raymond Hill 068b625bef
In `set-attr`, restrict `on...` attributes to empty string only
As per feedback from https://github.com/distinctmondaylilac

Related commit:
https://github.com/gorhill/uBlock/commit/3037ae5f04

Additionally, added logging ability to the scriptlet.
2024-02-13 19:41:25 -05:00
Raymond Hill 6551cab525
Improve loggger output of `prevent-fetch` scriptlet
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3115
2024-02-13 16:12:11 -05:00
Raymond Hill 3037ae5f04
Ignore event handler-related attributes in `set-attr` scriptlet
As suggested by https://github.com/distinctmondaylilac in internal
email to ubo-security:

> As a sidenote, it may be worth considering if `set-attr` should
> be able to set event handler attributes. It could potentially
> be used to copy the contents of e.g. onclick to other event handlers,
> resulting in self-clicking buttons.
2024-02-13 14:59:00 -05:00
Raymond Hill 9b40b2150a
Fix argument list lookup in `trusted-replace-argument` scriptlet 2024-02-02 12:46:59 -05:00
Raymond Hill b4da81f8d4
Improve logging information in `prevent-window-open` scriptlet 2024-02-02 09:36:08 -05:00
Raymond Hill 12a9245164
Remove outdated, unused scriptlet
Related commit:
2b2e0fcb14
2024-01-31 11:31:24 -05:00
Raymond Hill 1db54c47e1
Fix the logging of all `prevent-xhr` calls
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8309729
2024-01-30 20:52:07 -05:00
Raymond Hill 7282d953b6
Fix last commit
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096#discussioncomment-8272470

Related commit:
6cfba082f9
2024-01-28 18:54:37 -05:00
Raymond Hill 6cfba082f9
Add more output to logger re. scriptlets 2024-01-28 10:58:41 -05:00
Raymond Hill 55879e6014
Add more output to logger re. scriptlets 2024-01-28 10:27:46 -05:00
Raymond Hill 6c54731a72
Add `remove-cache-storage-item` scriptlet
Usage:

...##+js(remove-cache-storage-item, cacheNamePattern[, urlPattern])

`cacheNamePattern`: the name of the cache to target. Plain string
  or regex.

`urlPattern`: the URL of the resource to remove. Plain string
  or regex. If no pattern is provided, the whole cache is removed.

Reference:
https://developer.mozilla.org/en-US/docs/Web/API/CacheStorage
2024-01-27 18:17:28 -05:00
Raymond Hill 8be8ac57a7
Bring back ability to log all calls to `JSON.parse`
Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/3096
2024-01-27 06:43:36 -05:00
Raymond Hill 302d2f5670
Fix type
Related issue:
https://github.com/uBlockOrigin/uAssets/pull/22228
2024-01-26 22:38:31 -05:00
Raymond Hill 34da372d7a
Ensure scriptlet logging information make it to destination
Avoid race conditions between isolated world-side broadcast channel
and main-side broadcast channel, so as to not lose logging
information if the isolated world-side is not yet ready to
receive through its broadcast channel.

Additionally, added new scriptlet: `trusted-replace-argument`.

[...]##+js(trusted-replace-argument, fn, argpos, argval [,condition, pattern])

Where:

- `fn` is the function we want to proxy through an `apply` handler.
  This can also be a class, in which case the scriptlet will proxy
  through `construct` handler. At the moment, `fn` must exist at the
  time the scriptlet executes.

- `argpos` is the 0-based position of the argument we want to change

- `argval` is the value we want to have for the argument -- the value
  is interpreted the same way the value for `set-constant` is
  interpreted.

- `condition, pattern` is a vararg which tells the scriptlet to act
  only if `pattern` is found in the argument to overwrite.

Example of usage:

    alliptvlinks.com##+js(trusted-replace-argument, MutationObserver, 0, noopFunc)
2024-01-26 12:18:30 -05:00
Raymond Hill 49a6dc868f
Fix verbose mode not applying to newly injected scriptlets
Related commit:
869a653fdf
2024-01-25 13:30:41 -05:00
Raymond Hill 869a653fdf
Output scriptlet logging information to the logger
This commit brings the following changes to the logger:

All logging output generated by injected scriptlets are now sent to
the logger, the developer console will no longer be used to log
scriptlet logging information.

When the logger is not opened, the scriplets will not output any
logging information.

The goal with this new approach is to allow filter authors to
more easily assess the working of scriptlets without having to
go through scriptlet parameters to enable logging.

Consequently all the previous ways to tell scriptlets to log
information are now obsolete: if the logger is opened, the
scriptlets will log information to the logger.

Another benefit of this approach is that the dev tools do not
need to be open to obtain scriptlets logging information.

Accordingly, new filter expressions have been added to the logger:
"info" and "error". Selecting the "scriptlet" expression will also
keep the logging information from scriptlets.

A new button has been added to the logger (not yet i18n-ed): a
"volume" icon, which allows to enable verbose mode. When verbose
mode is enabled, the scriptlets may choose to output more
information regarding their inner working.

The entries in the logger will automatically expand on mouse hover.
This allows to scroll through entries which text does not fit into
a single row.

Clicking anywhere on an entry in the logger will open the detailed
view when applicable.

Generic information/errors will now be rendered regardless of which
tab is currently selected in the logger (similar to how tabless
entries are already being rendered).
2024-01-25 12:20:38 -05:00
Raymond Hill 45e62c939f
Add support for `extraMatch` in `trusted-click-element` scriptlet
Related issue:
https://github.com/uBlockOrigin/uAssets/issues/20744#issuecomment-1900710708

Reference documentation:
https://github.com/AdguardTeam/Scriptlets/blob/master/wiki/about-trusted-scriptlets.md#-%EF%B8%8F-trusted-click-element

Except that in uBO's implementation, if a regex is given as value
to match, it will be tested against an assembled "key=value"
string.
2024-01-20 10:33:36 -05:00
Raymond Hill 534d877e95
Shield some code paths against potentially tampered global properties
Related feedback:
https://github.com/uBlockOrigin/uAssets/issues/21895#issuecomment-1887472623
2024-01-11 11:41:37 -05:00
Raymond Hill 060f9d68fc
Add `elements` vararg to `prevent-addEventListener` scriptlet
If present, `elements` vararg must be a valid CSS selector, which will
be used to apply the scriptlet to only elements matching the
selector.

Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/3061

Example of usage:

[...]##+js(aeld, click, return"undefined", elements, a.indirect)
2024-01-10 12:46:23 -05:00
Raymond Hill e1ae17ed00
Improve `prevent-fetch` scriptlet
Related issue:
https://github.com/AdguardTeam/AdguardFilters/issues/153796
2024-01-01 10:24:47 -05:00
Raymond Hill d7063a052f
Improve `xml-prune` scriptlet
Related issue:
https://github.com/uBlockOrigin/uAssets/issues/21532
2023-12-22 10:15:37 -05:00
Raymond Hill d01ad24291
Improve `no-xhr-if` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2518
2023-12-10 15:21:29 -05:00
Raymond Hill fddca0b7cb
Log all by default when needle is empty in `aost` scriptlet
As discussed with filter list maintainers.
2023-12-06 10:17:19 -05:00
Raymond Hill a969a672e0
Change official description in source code top comment 2023-12-04 12:10:34 -05:00
Raymond Hill 941077a25c
Support shadow-piercing combinator `>>>` in `trusted-click-element`
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2971

Example usage:

...##+js(trusted-trusted-click-element, #cmpwrapper >>> .cmpboxbtnyes)

The substring before ` >>> ` must select an element with a non-null
shadow root, in which case the substring after ` >>> ` will be used
to find the element in the targeted shadow root. ` >>> ` can be used
recursively when multiple shadow root must be pierced.
2023-12-04 08:02:07 -05:00
Raymond Hill 6aeab2adbc
Improve `prevent-fetch` scriptlet
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2526

Improvements:

Support fulfilling the response with the content of a
`web_accessible_resources` resource, using the syntax already
supported by `prevent-xhr`: `war:[name of resource]`

Support fulfilling the response with randomized text with length
specified using `length:min[-max]` directive.
2023-11-25 11:13:57 -05:00
Raymond Hill a4f8ec6d54
Support AdGuard's `emptyArr`/`emptyObj` for increased compatibility
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2411
2023-11-17 09:28:23 -05:00
Raymond Hill c292a90b90
Fix faulty `as` vararg in `set-constant` scriptlet 2023-11-16 13:18:39 -05:00
Raymond Hill 28d92d38f3
Use `trusted-` prefix for `replace-node-text`
The official name is `trusted-replace-node-text`.

`replace-node-text` is demoted to alias. `trusted-rpnt` added
asan alias. Aliases not prefixed with `trusted-` are deprecated
and will be removed eventually.

Related feedback:
https://github.com/uBlockOrigin/uBlock-issues/discussions/2895#discussioncomment-7567863
2023-11-14 13:53:29 -05:00
Raymond Hill f3d6a21e7a
Add `trusted-set-session-storage-item` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uAssets/issues/20630#issuecomment-1807390945
2023-11-13 10:36:55 -05:00
Raymond Hill 7c562d0c5c
Allow the use of quotes in `set-cookie` scriptlet
Related discussion:
https://github.com/uBlockOrigin/uAssets/issues/20630#issuecomment-1807260357
2023-11-12 19:26:05 -05:00
Raymond Hill decafc5cbf
Allow the use of quotes in `set-[local|session]-storage-item`
Related discussion:
https://github.com/uBlockOrigin/uAssets/issues/20630#issuecomment-1807260357
2023-11-12 19:05:56 -05:00
Fanboynz 32fb93c525
Add a few more cookie names (#3907) 2023-11-12 12:51:58 -05:00
Raymond Hill 3db46c1728
Allow for support of more event types
Related commit:
ef311ddbec
2023-11-12 11:44:24 -05:00
Raymond Hill b3c48fd1ad
Swap canonical name with alias 2023-11-12 10:39:43 -05:00
Raymond Hill ef311ddbec
Add ability to trigger cookie removal on specific events
As discussed with filter list volunteers.

Related discussion:
https://github.com/uBlockOrigin/uBlock-discussions/discussions/834
2023-11-12 10:35:28 -05:00
Raymond Hill f68683f988
Do not use implicit regex flag when pattern is regex
As discussed with filter list volunteers.
2023-11-10 12:31:30 -05:00
Raymond Hill 7dd98258e9
Add `stackToMatch` vararg to `trusted-prune-inbound-object.js`
As discussed with filter list maintainers.
2023-11-09 19:57:51 -05:00
Raymond Hill 7823d98070
Harden scriptlets which need to serialize function code into string
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2907
2023-11-06 09:10:21 -05:00
Raymond Hill cdc3f66a6b
Reset `g` regexes before use in `rmnt`/`rpnt` scriptlets 2023-11-05 20:35:05 -05:00
Fanboynz 4ab1c36ac9
Add t/f to set-cookie (#3905) 2023-11-05 16:07:58 -05:00
Raymond Hill c378d55dfb
Minor 2023-10-29 23:44:43 -04:00
Fanboynz d51b393fdb
Add additional set-cookie names (#3902) 2023-10-29 11:01:32 -04:00
Raymond Hill 5244ad5baf
Do not use `bind` as a way to access native calls 2023-10-29 10:22:54 -04:00
Raymond Hill fc40393c81
Improve `trusted-prune-inbound-object` scriptlet
Trap incoming argument only if it matches the properties to
prune and matches. If there is no match, the inbound object
is passed through untouched.
2023-10-28 07:35:38 -04:00
Raymond Hill d32204f984
Match `type` exactly in `prevent-addEventListener` scriptlet
Unless `type` is a regex of course.

Related feedback:
https://github.com/uBlockOrigin/uAssets/discussions/17907#discussioncomment-7362212
2023-10-23 21:15:00 -04:00
Raymond Hill 82c59b4b6e
Add `domain` vararg to `trusted-set-cookie`
Related issue:
https://github.com/uBlockOrigin/uBlock-issues/issues/2893
2023-10-22 18:19:18 -04:00
Raymond Hill 86f0d6dd97
Add `trusted-prune-outbound-object.js` scriptlet
Essentially a complement of `trusted-prune-inbound-object.js` added in
1c9da227d7

To perform object pruning on any object returned synchronously by
any given call.

The arguments for `trusted-prune-outbound-object` in order are:

- The name of the property to trap. Must be a function, and must
  exist when the scriptlet tries to install the trap.

- The properties to prune (as with `json-prune`)

- The properties which must all be present for pruning to occur
  (as with `json-prune`)

The scriptlets `json-prune.js` and `evaldata-prune.js` essentially
perform the same function, and will eventually be rewritten to
internally delegate to generic `trusted-prune-outbound-object.js`.
2023-10-22 12:35:49 -04:00