Skip to content

Do not expose XMLHttpRequest.prototype.shouldBePrevented in AG CoreLib app's scriptlet #569

Description

@piquark6046

Currently, a webpage can detect what a scriptlet filter in AdGuard CoreLib app 1 tries to mock XMLHttpRequest API. AdGuard Browser Extension MV2 2 (maybe MV3 too) is not affected.

Step to reproduce:

  1. Add example.org#%#//scriptlet('prevent-xhr', 'example.org/call method:OPTIONS')
  2. Open https://example.org/
  3. Open the web browser's dev tool and nagivate to the console tab.
  4. Execute:
(() => {
  function reqListener() {
    alert(this.responseText);
  }
  const xhr = new XMLHttpRequest();
  xhr.open("OPTIONS", "https://example.org/call");
  console.log(xhr.shouldBePrevented)
  xhr.send();
})();

Related to #386

Footnotes

  1. I tested with AdGuard for Windows 7.22.9.

  2. 5.4.3.1 on Firefox Developer Edition 153.0b6.

Metadata

Metadata

Assignees

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions