diff options
Diffstat (limited to 'main_background.js')
-rw-r--r-- | main_background.js | 183 |
1 files changed, 100 insertions, 83 deletions
diff --git a/main_background.js b/main_background.js index 030cdc2..4fe55d5 100644 --- a/main_background.js +++ b/main_background.js @@ -533,7 +533,7 @@ var ResponseHandler = { */ async post(response) { const { type } = response.request; - const handle_it = type === 'script' ? handle_script : handle_html; + const handle_it = type === 'script' ? handleScript : handle_html; return await handle_it(response, response.whitelisted); } } @@ -541,7 +541,7 @@ var ResponseHandler = { /** * Here we handle external script requests */ -async function handle_script(response, whitelisted) { +async function handleScript(response, whitelisted) { const { text, request } = response; const { url, tabId } = request; return await checkScriptAndUpdateReport(text, ListStore.urlItem(url), tabId, whitelisted, isExternal = true); @@ -660,119 +660,136 @@ function readMetadata(metaElement) { * Returns string or null. */ async function editHtml(html, documentUrl, tabId, frameId, whitelisted) { - const htmlDoc = new DOMParser().parseFromString(html, 'text/html'); - // moves external licenses reference, if any, before any <SCRIPT> element ExternalLicenses.optimizeDocument(htmlDoc, { tabId, frameId, documentUrl }); - const url = ListStore.urlItem(documentUrl); if (whitelisted) { // don't bother rewriting await checkScriptAndUpdateReport(html, url, tabId, whitelisted); // generates whitelisted report return null; } + if (checkFullHtml(html, documentUrl, url, tabId, htmlDoc)) return null; + const dejaVu = new Map(); // deduplication map & edited script cache + let modified = await checkIntrinsicEvents(html, documentUrl, tabId, htmlDoc, dejaVu); + let modifiedInline = await checkInlineScripts(html, documentUrl, tabId, htmlDoc, dejaVu); - let scripts = htmlDoc.scripts; - - const metaElement = htmlDoc.getElementById('LibreJS-info'); - let firstScriptSrc = ''; - - // get the potential inline source that can contain a license - for (const script of scripts) { - // The script must be in-line and exist - if (script && !script.src) { - firstScriptSrc = script.textContent; - break; + modified = showConditionalElements(htmlDoc) > 0 || modified || modifiedInline; + if (modified) { + if (modifiedInline) { + forceNoscriptElements(htmlDoc); } + return doc2HTML(htmlDoc); } + return null; +} +/** + * Checks LibreJS-info element (undocumented) or licensing js in + * entire html using @licstart/@licend ("JavaScript embedded on your + * page..." in + * https://www.gnu.org/software/librejs/free-your-javascript.html) + * Returns true if handled, false otherwise. + */ +function checkFullHtml(html, documentUrl, url, tabId, htmlDoc) { + const firstInlineScript = Array.from(htmlDoc.scripts).find(script => script && !script.src); + const firstScriptSrc = firstInlineScript ? firstInlineScript.textContent : ''; const licenseName = checkLib.checkLicenseText(firstScriptSrc); - - const findLine = finder => finder.test(html) && html.substring(0, finder.lastIndex).split(/\n/).length || 0; + const metaElement = htmlDoc.getElementById('LibreJS-info'); if (readMetadata(metaElement) || licenseName) { - console.log('Valid license for intrinsic events found'); + console.log('Valid license for the whole page found (LibreJS-info or @licstart/@licend)'); const [line, extras] = metaElement ? - [findLine(/id\s*=\s*['"]?LibreJS-info\b/gi), '(0)'] : + [findLine(/id\s*=\s*['"]?LibreJS-info\b/gi, html), '(0)'] : [html.substring(0, html.indexOf(firstScriptSrc)).split(/\n/).length, '\n' + firstScriptSrc]; let viewUrl = line ? `view-source:${documentUrl}#line${line}(<${metaElement ? metaElement.tagName : 'SCRIPT'}>)${extras}` : url; addReportEntry(tabId, { url, 'accepted': [viewUrl, `Global license for the page: ${licenseName}`] }); - // Do not process inline scripts - scripts = []; - } else { - let dejaVu = new Map(); // deduplication map & edited script cache - let modified = false; - // Deal with intrinsic events - let intrinsicFinder = /<[a-z][^>]*\b(on\w+|href\s*=\s*['"]?javascript:)/gi; - for (let element of htmlDoc.querySelectorAll('*')) { - let line = -1; - for (let attr of element.attributes) { - let { name, value } = attr; - value = value.trim(); - if (name.startsWith('on') || (name === 'href' && value.toLowerCase().startsWith('javascript:'))) { - if (line === -1) { - line = findLine(intrinsicFinder); - } - try { - let key = `<${element.tagName} ${name}="${value}">`; - let edited; - if (dejaVu.has(key)) { - edited = dejaVu.get(key); - } else { - let url = `view-source:${documentUrl}#line${line}(<${element.tagName} ${name}>)\n${value.trim()}`; - if (name === 'href') value = decodeURIComponent(value); - edited = await checkScriptAndUpdateReport(value, url, tabId, whitelist.contains(url)); - dejaVu.set(key, edited); - } - if (edited && edited !== value) { - modified = true; - attr.value = edited; - } - } catch (e) { - console.error(e); - } - } - } - } + return true; + } + return false; +} - let modifiedInline = false; - let scriptFinder = /<script\b/ig; - for (let i = 0, len = scripts.length; i < len; i++) { - let script = scripts[i]; - let line = findLine(scriptFinder); - if (!script.src && !(script.type && script.type !== 'text/javascript')) { - let source = script.textContent.trim(); - let editedSource; - if (dejaVu.has(source)) { - editedSource = dejaVu.get(source); - } else { - let url = `view-source:${documentUrl}#line${line}(<SCRIPT>)\n${source}`; - let edited = await checkScriptAndUpdateReport(source, url, tabId, whitelisted); - editedSource = edited.trim(); - dejaVu.set(url, editedSource); +/** + * Checks intrinsic events, i.e. in event handlers or the href + * attribute. + * Returns true if htmlDoc is modified, false otherwise. + * Mutates htmlDoc and dejaVu. + */ +async function checkIntrinsicEvents(html, documentUrl, tabId, htmlDoc, dejaVu) { + let modified = false; + const intrinsicFinder = /<[a-z][^>]*\b(on\w+|href\s*=\s*['"]?javascript:)/gi; + for (const element of htmlDoc.querySelectorAll('*')) { + let line = -1; + for (const attr of element.attributes) { + let { name, value } = attr; + value = value.trim(); + if (name.startsWith('on') || (name === 'href' && value.toLowerCase().startsWith('javascript:'))) { + if (line === -1) { + line = findLine(intrinsicFinder, html); } - if (editedSource) { - if (source !== editedSource) { - script.textContent = editedSource; - modified = modifiedInline = true; + try { + const key = `<${element.tagName} ${name}="${value}">`; + let edited; + if (dejaVu.has(key)) { + edited = dejaVu.get(key); + } else { + const url = `view-source:${documentUrl}#line${line}(<${element.tagName} ${name}>)\n${value.trim()}`; + if (name === 'href') value = decodeURIComponent(value); + edited = await checkScriptAndUpdateReport(value, url, tabId, whitelist.contains(url)); + dejaVu.set(key, edited); } + if (edited && edited !== value) { + modified = true; + attr.value = edited; + } + } catch (e) { + console.error(e); } } } + } + return modified; +} - modified = showConditionalElements(htmlDoc) > 0 || modified; - if (modified) { - if (modifiedInline) { - forceNoscriptElements(htmlDoc); +/** + * Checks inline scripts. + * Mutates dejaVu and htmlDoc. + */ +async function checkInlineScripts(html, documentUrl, tabId, htmlDoc, dejaVu) { + let modifiedInline = false; + const scriptFinder = /<script\b/ig; + for (const script of htmlDoc.scripts) { + const line = findLine(scriptFinder, html); + if (!script.src && !(script.type && script.type !== 'text/javascript')) { + const source = script.textContent.trim(); + let editedSource; + if (dejaVu.has(source)) { + editedSource = dejaVu.get(source); + } else { + const url = `view-source:${documentUrl}#line${line}(<SCRIPT>)\n${source}`; + const edited = await checkScriptAndUpdateReport(source, url, tabId, false); + editedSource = edited.trim(); + dejaVu.set(url, editedSource); + } + if (editedSource) { + if (source !== editedSource) { + script.textContent = editedSource; + modifiedInline = true; + } } - return doc2HTML(htmlDoc); } } - return null; + return modifiedInline; } /** + * Returns the line of next match for finder. + * May mutate finder if it is stateful. + */ +const findLine = (finder, html) => finder.test(html) && html.substring(0, finder.lastIndex).split(/\n/).length || 0; + + +/** * Here we handle html document responses */ async function handle_html(response, whitelisted) { @@ -862,7 +879,7 @@ async function init_addon() { // export testable functions to the global scope this.LibreJS = { editHtml, - handle_script, + handle_script: handleScript, ExternalLicenses, ListManager, ListStore, Storage, }; |