Skip to content

Commit

Permalink
Prevent URL leaks from media placeholders (thanks NDevTK for report).
Browse files Browse the repository at this point in the history
  • Loading branch information
@hackademix
hackademix committed Oct 7, 2023
1 parent 137dd85 commit 1754429
Show file tree
Hide file tree
Showing 5 changed files with 63 additions and 27 deletions.
30 changes: 14 additions & 16 deletions src/bg/main.js
View file
Expand Up @@ -95,7 +95,7 @@
XSS.stop();
}

Messages.addHandler(messageHandler);


try {
await Messages.send("started");
Expand Down Expand Up @@ -229,23 +229,20 @@
type: "panel"
});
},
async getTheme() {
async getTheme(msg, {tab, frameId}) {
try {
browser.tabs.insertCSS(tab.id, {
code: await Themes.getContentCSS(),
frameId,
runAt: "document_start",
matchAboutBlank: true,
cssOrigin: "user",
});
} catch (e) {
console.error(e);
}
return (await Themes.isVintage()) ? "vintage" : "";
},
async fetchResource({url}) {
url = browser.runtime.getURL(url);
const blob = await (await fetch(url)).blob();
return new Promise((resolve, reject) => {
const reader = new FileReader();
reader.onload = e => {
resolve(reader.result);
};
reader.onerror = e => {
reject(reader.error);
};
reader.readAsDataURL(blob);
});
},

async promptHook(msg, {tabId}) {
await browser.tabs.executeScript(tabId, {
Expand All @@ -262,6 +259,7 @@
await TabGuard.reloadNormally(tabId);
}
};
Messages.addHandler(messageHandler);

function onSyncMessage(msg, sender) {
switch(msg.id) {
Expand Down
38 changes: 38 additions & 0 deletions src/common/themes.js
View file
Expand Up @@ -62,6 +62,7 @@
addEventListener("load", onload, true);
}

let contentCSS;

let root = document.documentElement;
root.classList.add(PARENT_CLASS);
Expand Down Expand Up @@ -141,6 +142,43 @@
return b;
},

async getContentCSS() {
contentCSS = contentCSS || (async () => {
const replaceAsync = async (string, regexp, replacerFunction) => {
const replacements = await Promise.all(
Array.from(string.matchAll(regexp),
match => replacerFunction(...match)));
let i = 0;
return string.replace(regexp, () => replacements[i++]);
}
const fetchAsDataURL = async (url) => {
const blob = await (await fetch(browser.runtime.getURL(url))).blob();
return new Promise((resolve, reject) => {
const reader = new FileReader();
reader.onload = e => {
resolve(reader.result);
};
reader.onerror = e => {
reject(reader.error);
};
reader.readAsDataURL(blob);
});
}
const fetchAsText = async (url) => await (await fetch(browser.runtime.getURL(url))).text();

const themesCSS = (await replaceAsync(await fetchAsText("/common/themes.css"),
/(--img-logo:.*url\("?)(.*\.svg)"?/g,
async (s, prop, url) => `${prop}"${await fetchAsDataURL(url)}"`
))
.replace(/.*\burl\(\.*\/.*\n/g, '')
.replace(/\/\*[^]*?\*\//g, '')
.replace(/\n+/g, "\n");
return (await fetchAsText("/content/content.css"))
.replace(/\b(THEMES_START\b.*\n)[^]*(\n.*\bTHEMES_END)\b/g,
`$1${themesCSS}$2`);
})();
return await contentCSS;
}
};

(async () => {
Expand Down
11 changes: 10 additions & 1 deletion src/content/content.css
View file
Expand Up @@ -4,6 +4,15 @@
* SPDX-License-Identifier: GPL-3.0-or-later
*/

/* THEMES_START */

/*
This section gets replaced at runtime with an extract of /themes/themes.css
stripped of all the references to extension URLs.
*/

/* THEMES_END */

a.__NoScript_PlaceHolder__ {
outline: 2px solid --var(--accent-color);
color: var(--text-color) !important;
Expand All @@ -15,7 +24,7 @@ a.__NoScript_PlaceHolder__ {
cursor: pointer;
opacity: 0.8;
z-index: 2147483647 !important;
background-image: none;
background-image: var(--img-logo);
}

a.__NoScript_PlaceHolder__.mozilla {
Expand Down
9 changes: 0 additions & 9 deletions src/manifest.json
View file
Expand Up @@ -73,15 +73,6 @@
},

"content_scripts": [
{
"matches": ["<all_urls>"],
"match_about_blank": true,
"all_frames": true,
"css": [
"/common/themes.css",
"/content/content.css"
]
},
{
"run_at": "document_start",
"matches": ["<all_urls>"],
Expand Down
2 changes: 1 addition & 1 deletion src/nscl
Submodule nscl updated 2 files
+9 −41 content/PlaceHolder.js
+1 −1 service/NavCache.js

0 comments on commit 1754429

Please sign in to comment.