aboutsummaryrefslogtreecommitdiff
path: root/main_background.js
diff options
context:
space:
mode:
authorNateN1222 <nathannichols454@gmail.com>2017-09-30 12:25:09 -0500
committerNateN1222 <nathannichols454@gmail.com>2017-09-30 12:25:09 -0500
commit4277f5c2ee55d63d911603d66ad9ba853acc4243 (patch)
tree5e629d5e5635bb2581c07c7277a118530e6cce75 /main_background.js
parent9e9b9bf5567641288f2f78c8d418c1603d34254a (diff)
improvements to HTML script extraction
Diffstat (limited to 'main_background.js')
-rw-r--r--main_background.js132
1 files changed, 116 insertions, 16 deletions
diff --git a/main_background.js b/main_background.js
index 8e70a73..d5e3fb8 100644
--- a/main_background.js
+++ b/main_background.js
@@ -688,18 +688,19 @@ function delete_removed_tab_info(tab_id, remove_info){
* Makes it so we can return redirect requests to local blob URLs
*
* TODO: Make it so that it adds the website itself to the permissions of all keys
-*
+* TODO: Is this neccessary now that we aren't loading blob URLs?
*/
function change_csp(e) {
var index = 0;
var csp_header = "";
-
+ /*
for(var i = 0; i < e["responseHeaders"].length; i++){
console.log("%c"+e["responseHeaders"][i]["name"],"color:white");
console.log(e["responseHeaders"][i]["value"]);
}
console.log("done");
+ */
for(var i = 0; i < e["responseHeaders"].length; i++){
if(e["responseHeaders"][i]["name"].toLowerCase() == "content-security-policy"){
@@ -859,7 +860,7 @@ function license_read(script_src,name){
var parts_accepted = false;
while(true){
// TODO: support multiline comments
- var matches = /\/\/\s*?(@license)\s([\S]+)\s([\S]+$)/gm.exec(unedited_src);
+ var matches = /\/\s*?(@license)\s([\S]+)\s([\S]+$)/gm.exec(unedited_src);
if(matches == null){
nontrivial_status = evaluate(unedited_src,name);
if(nontrivial_status[0] == true){
@@ -880,7 +881,7 @@ function license_read(script_src,name){
return [true,edited_src,reason_text];
}
- console.log("Found a license tag");
+onsole.log("Found a license tag");
var before = unedited_src.substr(0,matches["index"]);
nontrivial_status = evaluate(before,name);
if(nontrivial_status[0] == true){
@@ -946,9 +947,41 @@ function get_script(response,url,tabid,wl,index=-1){
var popup_res;
var domain = get_domain(url);
+ //var badge_str = unused_data[tabid]["blocked"].length + unused_data[tabid]["blacklisted"].length;
+ var badge_str = 0;
+
+ if(unused_data[tabid]["blocked"] !== undefined){
+ badge_str += unused_data[tabid]["blocked"].length;
+ }
+
+ if(unused_data[tabid]["blacklisted"] !== undefined){
+ badge_str += unused_data[tabid]["blacklisted"].length;
+ }
+ console.log("amt. blocked on page:"+badge_str);
+ if(badge_str > 0){
+ webex.browserAction.setBadgeText({
+ text: " ",
+ tabId: tabid
+ });
+ webex.browserAction.setBadgeBackgroundColor({
+ color: "red",
+ tabId: tabid
+ });
+ } else{
+ webex.browserAction.setBadgeText({
+ text: " ",
+ tabId: tabid
+ });
+ webex.browserAction.setBadgeBackgroundColor({
+ color: "green",
+ tabId: tabid
+ });
+ }
+
if(verdict == true){
popup_res = add_popup_entry(tabid,src_hash,{"url":domain,"accepted":[scriptname+" ("+src_hash+")",edited[2]]});
} else{
+
popup_res = add_popup_entry(tabid,src_hash,{"url":domain,"blocked":[scriptname+" ("+src_hash+")",edited[2]]});
}
popup_res.then(function(list_verdict){
@@ -1006,7 +1039,72 @@ function read_script(a){
}
+function source_replace(html,replace_this,with_this){
+ // This is absolutely neccessary. Not sure if it can cause bugs.
+ html = html.replace(/\r\n|\r|\n/g,"\n");
+ replace_this = replace_this.replace(/\r\n|\r|\n/g,"\n");
+
+ // Get all match indices
+ var match_indices = [];
+ var watchdog = 0;
+
+ var lower_index = 0;
+
+ while(true){
+ var match_index = html.indexOf(replace_this,lower_index);
+ if(match_index == -1){
+ break;
+ } else{
+ match_indices.push(lower_index + match_index);
+ lower_index += match_index + 1;
+ }
+
+ watchdog++;
+ if(watchdog == 50){
+ debugger;
+ return;
+ }
+ }
+
+ function print_substr(orig,a,str){
+ //console.log(a+","+(a+str.length));
+ console.log(orig.substring(a+str.length,a));
+ }
+
+ if(match_indices.length == 0){
+ console.log("%c No matches","color:red;");
+ debugger;
+ }
+
+ if(match_indices.length == 1){
+ console.log("%c Matched","color:green;");
+ html = html.replace(replace_this,with_this);
+ }
+
+ if(match_indices.length > 1){
+ console.log("%c Multiple matches","color:orange;");
+ }
+
+// for(var i = 0; i < match_indices.length; i++){
+// console.log(match_indices[i]);
+// print_substr(html,match_indices[i],replace_this);
+// }
+
+ return html;
+
+}
+//source_replace("ababababasdasdasbabababaabababdab","ab","xx");
+
+function remove_noscripts(html){
+ // Remove noscript tags with name "librejs-path"
+ // This leaves a trailing </noscript> tag (shouldn't be a big deal) and also is vulnerable to a (harmless) injection
+ return html;
+
+
+}
+
function edit_html(html,url,tabid,wl){
+
return new Promise((resolve, reject) => {
if(wl == true){
// Don't bother, page is whitelisted
@@ -1032,28 +1130,30 @@ function edit_html(html,url,tabid,wl){
if(scripts[i].src == ""){
var edit_script = get_script(scripts[i].innerHTML,url,tabid,wl,i);
edit_script.then(function(edited){
- var edited_source = edited[0].trim();
+ console.groupCollapsed("%c ------ not remote (document.scripts["+edited[1]+"]) ------","color:white");
+
+ var edited_source = edited[0];
var unedited_source = html_doc.scripts[edited[1]].innerHTML.trim();
- console.log("%c ------ not remote (document.scripts["+edited[1]+"]) ------","color:white");
- if(html.indexOf(unedited_source) == -1){
- console.log("NOT in original source");
- debugger;
- }else{
- console.log("Found in original source");
- }
- html = html.replace(unedited_source,edited_source);
+
+ html = source_replace(html,unedited_source,edited_source);
+ html_doc.scripts[edited[1]].innerHTML = edited_source;
amt_scripts++;
+
+ console.groupEnd();
+
if(amt_scripts == total_scripts){
- //resolve(html_doc.documentElement.innerHTML);
- resolve(html);
+ //resolve(remove_noscripts(html_doc.documentElement.innerHTML));
+ resolve(remove_noscripts(html));
}
+
});
}
}
if(total_scripts == 0){
console.log("Nothing to analyze.");
- resolve(html);
+ //resolve(remove_noscripts(html_doc.documentElement.innerHTML));
+ resolve(remove_noscripts(html));
}
});