Fork Sync: Update from parent repository

[github-actions]

diff --git a/assets/assets.json b/assets/assets.json
index 44ccc1bad..bd8fd8455 100644
--- a/assets/assets.json
+++ b/assets/assets.json
@@ -634,7 +634,7 @@
 		"title": "🇭🇺hu: hufilter",
 		"tags": "ads hungarian",
 		"lang": "hu",
-		"contentURL": "https://raw.githubusercontent.com/hufilter/hufilter/master/hufilter-ublock.txt",
+		"contentURL": "https://cdn.jsdelivr.net/gh/hufilter/hufilter@gh-pages/hufilter-ublock.txt",
 		"supportURL": "https://github.com/hufilter/hufilter"
 	},
 	"IDN-0": {

diff --git a/assets/resources/scriptlets.js b/assets/resources/scriptlets.js
index dacfe7f50..18cdfadb5 100644
--- a/assets/resources/scriptlets.js
+++ b/assets/resources/scriptlets.js
@@ -1009,6 +1009,8 @@ function setCookieFn(
             cookieParts.push(`; domain=${options.domain}`);
         }
         cookieParts.push('; Secure');
+    } else if ( /^__(Host|Secure)-/.test(name) ) {
+        cookieParts.push('; Secure');
     }
 
     try {
@@ -1659,7 +1661,9 @@ function addEventListenerDefuser(
         if ( elem instanceof Document ) { return 'document'; }
         if ( elem instanceof Element === false ) { return '?'; }
         const parts = [];
-        if ( elem.id !== '' ) { parts.push(`#${CSS.escape(elem.id)}`); }
+        // https://github.com/uBlockOrigin/uAssets/discussions/17907#discussioncomment-9871079
+        const id = String(elem.id);
+        if ( id !== '' ) { parts.push(`#${CSS.escape(id)}`); }
         for ( let i = 0; i < elem.classList.length; i++ ) {
             parts.push(`.${CSS.escape(elem.classList.item(i))}`);
         }

[github-actions]

[puLL-Merge] - brave/uBlock@256

Description

This PR makes two primary changes:

1. Updates the content URL for the Hungarian filter list in assets/assets.json.
2. Modifies the setCookieFn and addEventListenerDefuser functions in assets/resources/scriptlets.js to enhance cookie handling and improve element identification.

Changes

Changes

1. In assets/assets.json:

   • Updated the contentURL for the Hungarian filter list (hufilter) from a GitHub raw content URL to a jsDelivr CDN URL.

2. In assets/resources/scriptlets.js:

   • Modified setCookieFn:
     • Added a condition to set the 'Secure' flag for cookies with names starting with "__Host-" or "__Secure-".
   • Modified addEventListenerDefuser:
     • Changed the handling of element IDs to explicitly convert them to strings before processing.

Possible Issues

1. The change in the Hungarian filter list URL might lead to potential caching issues or delays in updates if the CDN doesn't refresh its content frequently enough.

2. The modification to setCookieFn assumes that cookies with names starting with "__Host-" or "__Secure-" should always be secure. While this is generally correct, it might override any existing logic that intentionally set these cookies as non-secure for testing or development purposes.

Security Hotspots

1. The change in setCookieFn to automatically set the 'Secure' flag for certain cookie prefixes is a security improvement. However, it's important to ensure that this doesn't conflict with any existing security measures or assumptions in the codebase.

2. The modification in addEventListenerDefuser to explicitly convert element IDs to strings addresses a potential type coercion issue, which could have security implications in certain edge cases. This change improves the robustness of the code.