aboutsummaryrefslogtreecommitdiff
path: root/main_background.js
diff options
context:
space:
mode:
Diffstat (limited to 'main_background.js')
-rw-r--r--main_background.js183
1 files changed, 100 insertions, 83 deletions
diff --git a/main_background.js b/main_background.js
index 030cdc2..4fe55d5 100644
--- a/main_background.js
+++ b/main_background.js
@@ -533,7 +533,7 @@ var ResponseHandler = {
*/
async post(response) {
const { type } = response.request;
- const handle_it = type === 'script' ? handle_script : handle_html;
+ const handle_it = type === 'script' ? handleScript : handle_html;
return await handle_it(response, response.whitelisted);
}
}
@@ -541,7 +541,7 @@ var ResponseHandler = {
/**
* Here we handle external script requests
*/
-async function handle_script(response, whitelisted) {
+async function handleScript(response, whitelisted) {
const { text, request } = response;
const { url, tabId } = request;
return await checkScriptAndUpdateReport(text, ListStore.urlItem(url), tabId, whitelisted, isExternal = true);
@@ -660,119 +660,136 @@ function readMetadata(metaElement) {
* Returns string or null.
*/
async function editHtml(html, documentUrl, tabId, frameId, whitelisted) {
-
const htmlDoc = new DOMParser().parseFromString(html, 'text/html');
-
// moves external licenses reference, if any, before any <SCRIPT> element
ExternalLicenses.optimizeDocument(htmlDoc, { tabId, frameId, documentUrl });
-
const url = ListStore.urlItem(documentUrl);
if (whitelisted) { // don't bother rewriting
await checkScriptAndUpdateReport(html, url, tabId, whitelisted); // generates whitelisted report
return null;
}
+ if (checkFullHtml(html, documentUrl, url, tabId, htmlDoc)) return null;
+ const dejaVu = new Map(); // deduplication map & edited script cache
+ let modified = await checkIntrinsicEvents(html, documentUrl, tabId, htmlDoc, dejaVu);
+ let modifiedInline = await checkInlineScripts(html, documentUrl, tabId, htmlDoc, dejaVu);
- let scripts = htmlDoc.scripts;
-
- const metaElement = htmlDoc.getElementById('LibreJS-info');
- let firstScriptSrc = '';
-
- // get the potential inline source that can contain a license
- for (const script of scripts) {
- // The script must be in-line and exist
- if (script && !script.src) {
- firstScriptSrc = script.textContent;
- break;
+ modified = showConditionalElements(htmlDoc) > 0 || modified || modifiedInline;
+ if (modified) {
+ if (modifiedInline) {
+ forceNoscriptElements(htmlDoc);
}
+ return doc2HTML(htmlDoc);
}
+ return null;
+}
+/**
+ * Checks LibreJS-info element (undocumented) or licensing js in
+ * entire html using @licstart/@licend ("JavaScript embedded on your
+ * page..." in
+ * https://www.gnu.org/software/librejs/free-your-javascript.html)
+ * Returns true if handled, false otherwise.
+ */
+function checkFullHtml(html, documentUrl, url, tabId, htmlDoc) {
+ const firstInlineScript = Array.from(htmlDoc.scripts).find(script => script && !script.src);
+ const firstScriptSrc = firstInlineScript ? firstInlineScript.textContent : '';
const licenseName = checkLib.checkLicenseText(firstScriptSrc);
-
- const findLine = finder => finder.test(html) && html.substring(0, finder.lastIndex).split(/\n/).length || 0;
+ const metaElement = htmlDoc.getElementById('LibreJS-info');
if (readMetadata(metaElement) || licenseName) {
- console.log('Valid license for intrinsic events found');
+ console.log('Valid license for the whole page found (LibreJS-info or @licstart/@licend)');
const [line, extras] = metaElement ?
- [findLine(/id\s*=\s*['"]?LibreJS-info\b/gi), '(0)'] :
+ [findLine(/id\s*=\s*['"]?LibreJS-info\b/gi, html), '(0)'] :
[html.substring(0, html.indexOf(firstScriptSrc)).split(/\n/).length,
'\n' + firstScriptSrc];
let viewUrl = line ? `view-source:${documentUrl}#line${line}(<${metaElement ? metaElement.tagName : 'SCRIPT'}>)${extras}` : url;
addReportEntry(tabId, { url, 'accepted': [viewUrl, `Global license for the page: ${licenseName}`] });
- // Do not process inline scripts
- scripts = [];
- } else {
- let dejaVu = new Map(); // deduplication map & edited script cache
- let modified = false;
- // Deal with intrinsic events
- let intrinsicFinder = /<[a-z][^>]*\b(on\w+|href\s*=\s*['"]?javascript:)/gi;
- for (let element of htmlDoc.querySelectorAll('*')) {
- let line = -1;
- for (let attr of element.attributes) {
- let { name, value } = attr;
- value = value.trim();
- if (name.startsWith('on') || (name === 'href' && value.toLowerCase().startsWith('javascript:'))) {
- if (line === -1) {
- line = findLine(intrinsicFinder);
- }
- try {
- let key = `<${element.tagName} ${name}="${value}">`;
- let edited;
- if (dejaVu.has(key)) {
- edited = dejaVu.get(key);
- } else {
- let url = `view-source:${documentUrl}#line${line}(<${element.tagName} ${name}>)\n${value.trim()}`;
- if (name === 'href') value = decodeURIComponent(value);
- edited = await checkScriptAndUpdateReport(value, url, tabId, whitelist.contains(url));
- dejaVu.set(key, edited);
- }
- if (edited && edited !== value) {
- modified = true;
- attr.value = edited;
- }
- } catch (e) {
- console.error(e);
- }
- }
- }
- }
+ return true;
+ }
+ return false;
+}
- let modifiedInline = false;
- let scriptFinder = /<script\b/ig;
- for (let i = 0, len = scripts.length; i < len; i++) {
- let script = scripts[i];
- let line = findLine(scriptFinder);
- if (!script.src && !(script.type && script.type !== 'text/javascript')) {
- let source = script.textContent.trim();
- let editedSource;
- if (dejaVu.has(source)) {
- editedSource = dejaVu.get(source);
- } else {
- let url = `view-source:${documentUrl}#line${line}(<SCRIPT>)\n${source}`;
- let edited = await checkScriptAndUpdateReport(source, url, tabId, whitelisted);
- editedSource = edited.trim();
- dejaVu.set(url, editedSource);
+/**
+ * Checks intrinsic events, i.e. in event handlers or the href
+ * attribute.
+ * Returns true if htmlDoc is modified, false otherwise.
+ * Mutates htmlDoc and dejaVu.
+ */
+async function checkIntrinsicEvents(html, documentUrl, tabId, htmlDoc, dejaVu) {
+ let modified = false;
+ const intrinsicFinder = /<[a-z][^>]*\b(on\w+|href\s*=\s*['"]?javascript:)/gi;
+ for (const element of htmlDoc.querySelectorAll('*')) {
+ let line = -1;
+ for (const attr of element.attributes) {
+ let { name, value } = attr;
+ value = value.trim();
+ if (name.startsWith('on') || (name === 'href' && value.toLowerCase().startsWith('javascript:'))) {
+ if (line === -1) {
+ line = findLine(intrinsicFinder, html);
}
- if (editedSource) {
- if (source !== editedSource) {
- script.textContent = editedSource;
- modified = modifiedInline = true;
+ try {
+ const key = `<${element.tagName} ${name}="${value}">`;
+ let edited;
+ if (dejaVu.has(key)) {
+ edited = dejaVu.get(key);
+ } else {
+ const url = `view-source:${documentUrl}#line${line}(<${element.tagName} ${name}>)\n${value.trim()}`;
+ if (name === 'href') value = decodeURIComponent(value);
+ edited = await checkScriptAndUpdateReport(value, url, tabId, whitelist.contains(url));
+ dejaVu.set(key, edited);
}
+ if (edited && edited !== value) {
+ modified = true;
+ attr.value = edited;
+ }
+ } catch (e) {
+ console.error(e);
}
}
}
+ }
+ return modified;
+}
- modified = showConditionalElements(htmlDoc) > 0 || modified;
- if (modified) {
- if (modifiedInline) {
- forceNoscriptElements(htmlDoc);
+/**
+ * Checks inline scripts.
+ * Mutates dejaVu and htmlDoc.
+ */
+async function checkInlineScripts(html, documentUrl, tabId, htmlDoc, dejaVu) {
+ let modifiedInline = false;
+ const scriptFinder = /<script\b/ig;
+ for (const script of htmlDoc.scripts) {
+ const line = findLine(scriptFinder, html);
+ if (!script.src && !(script.type && script.type !== 'text/javascript')) {
+ const source = script.textContent.trim();
+ let editedSource;
+ if (dejaVu.has(source)) {
+ editedSource = dejaVu.get(source);
+ } else {
+ const url = `view-source:${documentUrl}#line${line}(<SCRIPT>)\n${source}`;
+ const edited = await checkScriptAndUpdateReport(source, url, tabId, false);
+ editedSource = edited.trim();
+ dejaVu.set(url, editedSource);
+ }
+ if (editedSource) {
+ if (source !== editedSource) {
+ script.textContent = editedSource;
+ modifiedInline = true;
+ }
}
- return doc2HTML(htmlDoc);
}
}
- return null;
+ return modifiedInline;
}
/**
+ * Returns the line of next match for finder.
+ * May mutate finder if it is stateful.
+ */
+const findLine = (finder, html) => finder.test(html) && html.substring(0, finder.lastIndex).split(/\n/).length || 0;
+
+
+/**
* Here we handle html document responses
*/
async function handle_html(response, whitelisted) {
@@ -862,7 +879,7 @@ async function init_addon() {
// export testable functions to the global scope
this.LibreJS = {
editHtml,
- handle_script,
+ handle_script: handleScript,
ExternalLicenses,
ListManager, ListStore, Storage,
};