1
0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-17 16:02:33 +01:00
uBlock/src/js/traffic.js

1222 lines
39 KiB
JavaScript
Raw Normal View History

2014-06-24 00:42:43 +02:00
/*******************************************************************************
2016-03-22 15:19:41 +01:00
uBlock Origin - a browser extension to block requests.
2018-01-03 05:06:16 +01:00
Copyright (C) 2014-2018 Raymond Hill
2014-06-24 00:42:43 +02:00
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see {http://www.gnu.org/licenses/}.
Home: https://github.com/gorhill/uBlock
*/
2016-07-01 04:03:29 +02:00
'use strict';
2014-06-24 00:42:43 +02:00
/******************************************************************************/
// Start isolation from global scope
µBlock.webRequest = (function() {
/******************************************************************************/
2015-03-26 00:28:22 +01:00
var exports = {};
/******************************************************************************/
2016-11-04 04:42:03 +01:00
// https://github.com/gorhill/uBlock/issues/2067
// Experimental: Block everything until uBO is fully ready.
// TODO: re-work vAPI code to match more closely how listeners are
// registered with the webRequest API. This will simplify implementing
// the feature here: we could have a temporary onBeforeRequest listener
// which blocks everything until all is ready.
// This would allow to avoid the permanent special test at the top of
// the main onBeforeRequest just to implement this.
2017-11-16 06:34:01 +01:00
// https://github.com/gorhill/uBlock/issues/3130
// Don't block root frame.
var onBeforeReady = null;
2017-11-16 16:55:28 +01:00
µBlock.onStartCompletedQueue.push(function(callback) {
vAPI.onLoadAllCompleted();
callback();
});
if ( µBlock.hiddenSettings.suspendTabsUntilReady ) {
onBeforeReady = (function() {
var suspendedTabs = new Set();
µBlock.onStartCompletedQueue.push(function(callback) {
onBeforeReady = null;
for ( var tabId of suspendedTabs ) {
vAPI.tabs.reload(tabId);
}
callback();
});
2017-11-16 06:34:01 +01:00
return function(details) {
if (
details.type !== 'main_frame' &&
vAPI.isBehindTheSceneTabId(details.tabId) === false
) {
suspendedTabs.add(details.tabId);
return true;
}
};
})();
}
2016-11-04 04:42:03 +01:00
/******************************************************************************/
2014-07-26 15:55:12 +02:00
// Intercept and filter web requests.
2014-07-14 17:24:59 +02:00
2014-07-26 01:29:51 +02:00
var onBeforeRequest = function(details) {
2017-11-16 06:34:01 +01:00
if ( onBeforeReady !== null && onBeforeReady(details) ) {
2016-11-04 04:42:03 +01:00
return { cancel: true };
}
2014-07-26 01:29:51 +02:00
// Special handling for root document.
2015-04-07 03:26:05 +02:00
// https://github.com/chrisaljoudi/uBlock/issues/1001
// This must be executed regardless of whether the request is
// behind-the-scene
2015-03-21 21:52:35 +01:00
var requestType = details.type;
if ( requestType === 'main_frame' ) {
2015-03-21 21:52:35 +01:00
return onBeforeRootFrameRequest(details);
2014-07-14 17:24:59 +02:00
}
// Special treatment: behind-the-scene requests
2017-11-16 06:34:01 +01:00
var tabId = details.tabId;
if ( vAPI.isBehindTheSceneTabId(tabId) ) {
return onBeforeBehindTheSceneRequest(details);
}
2014-07-26 01:29:51 +02:00
// Lookup the page store associated with this tab id.
2016-10-14 16:06:34 +02:00
var µb = µBlock,
pageStore = µb.pageStoreFromTabId(tabId);
2014-07-26 01:29:51 +02:00
if ( !pageStore ) {
2015-12-02 06:59:51 +01:00
var tabContext = µb.tabContextManager.mustLookup(tabId);
2015-04-09 00:46:08 +02:00
if ( vAPI.isBehindTheSceneTabId(tabContext.tabId) ) {
return onBeforeBehindTheSceneRequest(details);
}
2015-04-09 00:46:08 +02:00
vAPI.tabs.onNavigation({ tabId: tabId, frameId: 0, url: tabContext.rawURL });
pageStore = µb.pageStoreFromTabId(tabId);
2014-07-14 20:40:40 +02:00
}
2014-07-15 13:38:34 +02:00
2015-04-07 03:26:05 +02:00
// https://github.com/chrisaljoudi/uBlock/issues/886
2015-02-25 20:15:36 +01:00
// For requests of type `sub_frame`, the parent frame id must be used
// to lookup the proper context:
// > If the document of a (sub-)frame is loaded (type is main_frame or
// > sub_frame), frameId indicates the ID of this frame, not the ID of
// > the outer frame.
// > (ref: https://developer.chrome.com/extensions/webRequest)
2015-03-21 21:52:35 +01:00
var isFrame = requestType === 'sub_frame';
2015-04-09 00:46:08 +02:00
// https://github.com/chrisaljoudi/uBlock/issues/114
var requestContext = pageStore.createContextFromFrameId(
isFrame ? details.parentFrameId : details.frameId
);
// Setup context and evaluate
2015-03-21 21:52:35 +01:00
var requestURL = details.url;
requestContext.requestURL = requestURL;
2016-01-22 17:13:29 +01:00
requestContext.requestHostname = µb.URI.hostnameFromURI(requestURL);
requestContext.requestType = requestType;
var result = pageStore.filterRequest(requestContext);
2014-07-14 17:24:59 +02:00
2016-10-08 16:15:31 +02:00
pageStore.journalAddRequest(requestContext.requestHostname, result);
if ( µb.logger.isEnabled() ) {
µb.logger.writeOne(
tabId,
'net',
pageStore.logData,
requestType,
requestURL,
requestContext.rootHostname,
requestContext.pageHostname
);
}
2015-04-09 00:46:08 +02:00
2014-09-14 22:20:40 +02:00
// Not blocked
if ( result !== 1 ) {
2015-04-07 03:26:05 +02:00
// https://github.com/chrisaljoudi/uBlock/issues/114
if ( details.parentFrameId !== -1 && isFrame ) {
pageStore.setFrame(details.frameId, requestURL);
}
2016-07-01 04:03:29 +02:00
requestContext.dispose();
2014-07-14 17:24:59 +02:00
return;
}
2014-07-26 01:29:51 +02:00
// Blocked
// https://github.com/gorhill/uBlock/issues/949
// Redirect blocked request?
if ( µb.hiddenSettings.ignoreRedirectFilters !== true ) {
var url = µb.redirectEngine.toURL(requestContext);
if ( url !== undefined ) {
pageStore.internalRedirectionCount += 1;
if ( µb.logger.isEnabled() ) {
µb.logger.writeOne(
tabId,
'redirect',
{ source: 'redirect', raw: µb.redirectEngine.resourceNameRegister },
requestType,
requestURL,
requestContext.rootHostname,
requestContext.pageHostname
);
}
requestContext.dispose();
return { redirectUrl: url };
2016-01-07 23:30:56 +01:00
}
}
2014-07-14 17:24:59 +02:00
2016-07-01 04:03:29 +02:00
requestContext.dispose();
2015-03-26 00:28:22 +01:00
return { cancel: true };
2014-07-14 17:24:59 +02:00
};
/******************************************************************************/
2015-03-21 21:52:35 +01:00
var onBeforeRootFrameRequest = function(details) {
var tabId = details.tabId,
requestURL = details.url,
µb = µBlock;
2015-03-31 15:07:14 +02:00
2015-04-09 00:46:08 +02:00
µb.tabContextManager.push(tabId, requestURL);
2015-03-26 00:28:22 +01:00
2015-03-21 21:52:35 +01:00
// Special handling for root document.
2015-04-07 03:26:05 +02:00
// https://github.com/chrisaljoudi/uBlock/issues/1001
2015-03-21 21:52:35 +01:00
// This must be executed regardless of whether the request is
// behind-the-scene
var µburi = µb.URI,
requestHostname = µburi.hostnameFromURI(requestURL),
requestDomain = µburi.domainFromHostname(requestHostname) || requestHostname;
2015-03-26 00:28:22 +01:00
var context = {
rootHostname: requestHostname,
rootDomain: requestDomain,
pageHostname: requestHostname,
pageDomain: requestDomain,
requestURL: requestURL,
requestHostname: requestHostname,
requestType: 'main_frame'
2015-03-26 00:28:22 +01:00
};
var result = 0,
logData,
logEnabled = µb.logger.isEnabled();
2015-03-26 00:28:22 +01:00
// If the site is whitelisted, disregard strict blocking
if ( µb.getNetFilteringSwitch(requestURL) === false ) {
result = 2;
if ( logEnabled === true ) {
logData = { engine: 'u', result: 2, raw: 'whitelisted' };
}
}
2015-03-27 18:00:55 +01:00
// Permanently unrestricted?
if ( result === 0 && µb.hnSwitches.evaluateZ('no-strict-blocking', requestHostname) ) {
result = 2;
if ( logEnabled === true ) {
logData = { engine: 'u', result: 2, raw: 'no-strict-blocking: ' + µb.hnSwitches.z + ' true' };
}
2015-03-27 18:00:55 +01:00
}
2015-03-26 00:28:22 +01:00
// Temporarily whitelisted?
if ( result === 0 ) {
result = isTemporarilyWhitelisted(result, requestHostname);
if ( result === 2 && logEnabled === true ) {
logData = { engine: 'u', result: 2, raw: 'no-strict-blocking true (temporary)' };
}
2015-03-21 21:52:35 +01:00
}
2015-03-26 00:28:22 +01:00
2015-07-13 14:49:58 +02:00
// Static filtering: We always need the long-form result here.
var snfe = µb.staticNetFilteringEngine;
2015-07-13 14:49:58 +02:00
// Check for specific block
if ( result === 0 ) {
result = snfe.matchStringExactType(context, requestURL, 'main_frame');
2017-05-28 22:57:02 +02:00
if ( result !== 0 || logEnabled === true ) {
logData = snfe.toLogData();
}
2015-07-13 14:49:58 +02:00
}
// Check for generic block
if ( result === 0 ) {
result = snfe.matchStringExactType(context, requestURL, 'no_type');
2017-05-28 22:57:02 +02:00
if ( result !== 0 || logEnabled === true ) {
logData = snfe.toLogData();
}
// https://github.com/chrisaljoudi/uBlock/issues/1128
// Do not block if the match begins after the hostname, except when
// the filter is specifically of type `other`.
// https://github.com/gorhill/uBlock/issues/490
// Removing this for the time being, will need a new, dedicated type.
if (
result === 1 &&
toBlockDocResult(requestURL, requestHostname, logData) === false
) {
result = 0;
logData = undefined;
2015-03-30 23:42:12 +02:00
}
2015-03-26 00:28:22 +01:00
}
// Log
2015-04-09 00:46:08 +02:00
var pageStore = µb.bindTabToPageStats(tabId, 'beforeRequest');
2015-03-26 00:28:22 +01:00
if ( pageStore ) {
2016-10-08 16:15:31 +02:00
pageStore.journalAddRootFrame('uncommitted', requestURL);
pageStore.journalAddRequest(requestHostname, result);
2015-03-26 00:28:22 +01:00
}
if ( logEnabled ) {
µb.logger.writeOne(
tabId,
'net',
logData,
'main_frame',
requestURL,
requestHostname,
requestHostname
);
}
2015-03-26 00:28:22 +01:00
// Not blocked
if ( result !== 1 ) { return; }
2015-03-26 00:28:22 +01:00
// No log data means no strict blocking (because we need to report why
// the blocking occurs.
if ( logData === undefined ) { return; }
2015-06-12 01:33:30 +02:00
2015-03-26 00:28:22 +01:00
// Blocked
var query = btoa(JSON.stringify({
url: requestURL,
2015-03-30 19:10:29 +02:00
hn: requestHostname,
dn: requestDomain,
fc: logData.compiled,
fs: logData.raw
2015-03-26 00:28:22 +01:00
}));
2015-03-27 18:00:55 +01:00
2015-04-09 00:46:08 +02:00
vAPI.tabs.replace(tabId, vAPI.getURL('document-blocked.html?details=') + query);
2015-03-27 18:00:55 +01:00
return { cancel: true };
2015-03-21 21:52:35 +01:00
};
/******************************************************************************/
// https://github.com/gorhill/uBlock/issues/3208
// Mind case insensitivity.
2017-11-09 21:46:25 +01:00
var toBlockDocResult = function(url, hostname, logData) {
2017-11-09 21:46:25 +01:00
if ( typeof logData.regex !== 'string' ) { return false; }
var re = new RegExp(logData.regex, 'i'),
match = re.exec(url.toLowerCase());
if ( match === null ) { return false; }
2015-03-30 23:42:12 +02:00
// https://github.com/chrisaljoudi/uBlock/issues/1128
// https://github.com/chrisaljoudi/uBlock/issues/1212
// Relax the rule: verify that the match is completely before the path part
2017-11-09 21:46:25 +01:00
return (match.index + match[0].length) <=
(url.indexOf(hostname) + hostname.length + 1);
2015-03-30 23:42:12 +02:00
};
/******************************************************************************/
2016-10-14 16:06:34 +02:00
// Intercept and filter behind-the-scene requests.
2016-03-22 15:19:41 +01:00
// https://github.com/gorhill/uBlock/issues/870
// Finally, Chromium 49+ gained the ability to report network request of type
// `beacon`, so now we can block them according to the state of the
// "Disable hyperlink auditing/beacon" setting.
2015-01-24 18:06:22 +01:00
var onBeforeBehindTheSceneRequest = function(details) {
2016-10-14 16:06:34 +02:00
var µb = µBlock,
2018-02-26 19:59:16 +01:00
pageStore = µb.pageStoreFromTabId(details.tabId);
if ( pageStore === null ) { return; }
2016-10-14 16:06:34 +02:00
2017-05-28 18:21:56 +02:00
var result = 0,
2016-10-14 16:06:34 +02:00
context = pageStore.createContextFromPage(),
requestType = details.type,
requestURL = details.url;
2015-01-24 18:06:22 +01:00
2016-01-22 17:13:29 +01:00
context.requestURL = requestURL;
context.requestHostname = µb.URI.hostnameFromURI(requestURL);
2016-10-14 16:06:34 +02:00
context.requestType = requestType;
2018-02-26 19:59:16 +01:00
if ( details.tabId === vAPI.anyTabId && context.pageHostname === '' ) {
context.pageHostname = µb.URI.hostnameFromURI(details.documentUrl);
context.pageDomain = µb.URI.domainFromHostname(context.pageHostname);
context.rootHostname = context.pageHostname;
context.rootDomain = context.pageDomain;
}
// https://bugs.chromium.org/p/chromium/issues/detail?id=637577#c15
// Do not filter behind-the-scene network request of type `beacon`: there
// is no point. In any case, this will become a non-issue once
// <https://bugs.chromium.org/p/chromium/issues/detail?id=522129> is
// fixed.
2015-01-24 18:06:22 +01:00
// Blocking behind-the-scene requests can break a lot of stuff: prevent
// browser updates, prevent extension updates, prevent extensions from
// working properly, etc.
2017-10-19 15:35:28 +02:00
// So we filter if and only if the "advanced user" mode is selected.
// https://github.com/gorhill/uBlock/issues/3150
// Ability to globally block CSP reports MUST also apply to
// behind-the-scene network requests.
2018-02-26 19:59:16 +01:00
if (
details.tabId !== vAPI.noTabId ||
µb.userSettings.advancedUserEnabled ||
requestType === 'csp_report'
) {
2017-08-03 16:18:05 +02:00
result = pageStore.filterRequest(context);
2015-01-24 18:06:22 +01:00
}
2016-10-08 16:15:31 +02:00
pageStore.journalAddRequest(context.requestHostname, result);
if ( µb.logger.isEnabled() ) {
µb.logger.writeOne(
2018-02-26 19:59:16 +01:00
details.tabId,
'net',
2017-05-28 16:53:13 +02:00
pageStore.logData,
2016-10-14 16:06:34 +02:00
requestType,
2016-01-22 17:13:29 +01:00
requestURL,
context.rootHostname,
context.rootHostname
);
}
2015-01-24 18:06:22 +01:00
2016-07-01 04:03:29 +02:00
context.dispose();
// Blocked?
if ( result === 1 ) {
return { 'cancel': true };
}
2015-01-24 18:06:22 +01:00
};
/******************************************************************************/
2017-10-18 21:00:22 +02:00
// https://github.com/gorhill/uBlock/issues/3140
var onBeforeMaybeSpuriousCSPReport = function(details) {
var tabId = details.tabId;
// Ignore behind-the-scene requests.
if ( vAPI.isBehindTheSceneTabId(tabId) ) { return; }
// Lookup the page store associated with this tab id.
var µb = µBlock,
pageStore = µb.pageStoreFromTabId(tabId);
if ( pageStore === null ) { return; }
// If uBO is disabled for the page, it can't possibly causes CSP reports
// to be triggered.
if ( pageStore.getNetFilteringSwitch() === false ) { return; }
// A resource was redirected to a neutered one?
// TODO: mind injected scripts/styles as well.
if ( pageStore.internalRedirectionCount === 0 ) { return; }
var textDecoder = onBeforeMaybeSpuriousCSPReport.textDecoder;
if (
textDecoder === undefined &&
typeof self.TextDecoder === 'function'
) {
textDecoder =
onBeforeMaybeSpuriousCSPReport.textDecoder = new TextDecoder();
}
// Find out whether the CSP report is a potentially spurious CSP report.
// If from this point on we are unable to parse the CSP report data, the
// safest assumption to protect users is to assume the CSP report is
// spurious.
if (
textDecoder !== undefined &&
details.method === 'POST'
) {
var raw = details.requestBody && details.requestBody.raw;
if (
Array.isArray(raw) &&
raw.length !== 0 &&
raw[0] instanceof Object &&
raw[0].bytes instanceof ArrayBuffer
) {
var data;
try {
data = JSON.parse(textDecoder.decode(raw[0].bytes));
} catch (ex) {
}
if ( data instanceof Object ) {
var report = data['csp-report'];
if ( report instanceof Object ) {
2017-10-19 14:07:00 +02:00
var blocked = report['blocked-uri'] || report['blockedURI'],
validBlocked = typeof blocked === 'string',
source = report['source-file'] || report['sourceFile'],
validSource = typeof source === 'string';
2017-10-18 21:00:22 +02:00
if (
2017-10-19 14:07:00 +02:00
(validBlocked || validSource) &&
(!validBlocked || !blocked.startsWith('data')) &&
(!validSource || !source.startsWith('data'))
2017-10-18 21:00:22 +02:00
) {
return;
}
}
}
}
}
// Potentially spurious CSP report.
if ( µb.logger.isEnabled() ) {
var hostname = µb.URI.hostnameFromURI(details.url);
µb.logger.writeOne(
tabId,
'net',
{ result: 1, source: 'global', raw: 'no-spurious-csp-report' },
'csp_report',
details.url,
hostname,
hostname
);
}
return { cancel: true };
};
onBeforeMaybeSpuriousCSPReport.textDecoder = undefined;
/******************************************************************************/
// To handle:
// - Media elements larger than n kB
// - Scriptlet injection (requires ability to modify response body)
// - HTML filtering (requires ability to modify response body)
// - CSP injection
2014-09-24 23:38:22 +02:00
var onHeadersReceived = function(details) {
// Do not interfere with behind-the-scene requests.
var tabId = details.tabId;
if ( vAPI.isBehindTheSceneTabId(tabId) ) { return; }
2014-09-24 23:38:22 +02:00
var µb = µBlock,
requestType = details.type,
isRootDoc = requestType === 'main_frame',
isDoc = isRootDoc || requestType === 'sub_frame';
if ( isRootDoc ) {
µb.tabContextManager.push(tabId, details.url);
2015-06-11 21:11:01 +02:00
}
2014-09-24 23:38:22 +02:00
var pageStore = µb.pageStoreFromTabId(tabId);
if ( pageStore === null ) {
if ( isRootDoc === false ) { return; }
pageStore = µb.bindTabToPageStats(tabId, 'beforeRequest');
2014-09-24 23:38:22 +02:00
}
if ( pageStore.getNetFilteringSwitch() === false ) { return; }
2015-04-09 00:46:08 +02:00
if ( requestType === 'image' || requestType === 'media' ) {
return foilLargeMediaElement(pageStore, details);
2015-04-09 00:46:08 +02:00
}
if ( isDoc && µb.canFilterResponseBody ) {
2018-01-03 19:59:38 +01:00
filterDocument(pageStore, details);
}
2017-07-22 22:58:08 +02:00
// https://github.com/gorhill/uBlock/issues/2813
// Disable the blocking of large media elements if the document is itself
// a media element: the resource was not prevented from loading so no
// point to further block large media elements for the current document.
if ( isRootDoc ) {
2017-07-22 22:58:08 +02:00
if ( reMediaContentTypes.test(headerValueFromName('content-type', details.responseHeaders)) ) {
pageStore.allowLargeMediaElementsUntil = Date.now() + 86400000;
}
return injectCSP(pageStore, details);
}
if ( isDoc ) {
return injectCSP(pageStore, details);
}
};
2017-07-22 22:58:08 +02:00
var reMediaContentTypes = /^(?:audio|image|video)\//;
/*******************************************************************************
The response body filterer is responsible for:
- Scriptlet filtering
- HTML filtering
In the spirit of efficiency, the response body filterer works this way:
If:
- HTML filtering: no.
- Scriptlet filtering: no.
Then:
No response body filtering is initiated.
If:
- HTML filtering: no.
- Scriptlet filtering: yes.
Then:
Inject scriptlets before first chunk of response body data reported
then immediately disconnect response body data listener.
If:
- HTML filtering: yes.
- Scriptlet filtering: no/yes.
Then:
Assemble all response body data into a single buffer. Once all the
response data has been received, create a document from it. Then:
- Inject scriptlets in the resulting DOM.
- Remove all DOM elements matching HTML filters.
Then serialize the resulting modified document as the new response
body.
This way, the overhead is minimal for when only scriptlets need to be
injected.
If the platform does not support response body filtering, the scriptlets
will be injected the old way, through the content script.
**/
var filterDocument = (function() {
var µb = µBlock,
filterers = new Map(),
domParser, xmlSerializer,
utf8TextDecoder, textDecoder, textEncoder;
2018-02-18 13:16:10 +01:00
var textDecode = function(encoding, buffer) {
if (
textDecoder !== undefined &&
textDecoder.encoding !== encoding
) {
textDecoder = undefined;
}
if ( textDecoder === undefined ) {
textDecoder = new TextDecoder(encoding);
}
return textDecoder.decode(buffer);
};
2018-03-01 20:12:16 +01:00
var reContentTypeDocument = /^(?:text\/html|application\/xhtml\+xml)/i,
2018-01-03 19:59:38 +01:00
reContentTypeCharset = /charset=['"]?([^'" ]+)/i;
2018-03-01 20:12:16 +01:00
var mimeFromContentType = function(contentType) {
var match = reContentTypeDocument.exec(contentType);
if ( match !== null ) {
return match[0].toLowerCase();
}
};
2018-01-05 00:26:52 +01:00
var charsetFromContentType = function(contentType) {
var match = reContentTypeCharset.exec(contentType);
if ( match !== null ) {
return match[1].toLowerCase();
}
};
var charsetFromDoc = function(doc) {
var meta = doc.querySelector('meta[charset]');
if ( meta !== null ) {
return meta.getAttribute('charset').toLowerCase();
}
meta = doc.querySelector(
'meta[http-equiv="content-type" i][content]'
);
if ( meta !== null ) {
return charsetFromContentType(meta.getAttribute('content'));
}
};
// Purpose of following helper is to disconnect from watching the stream
// if all the following conditions are fulfilled:
// - Only need to inject scriptlets.
// - Charset of resource is utf-8.
// - A well-formed doc type declaration is found at the top.
//
// When all the conditions are fulfilled, then the scriptlets are safely
// injected after the doc type declaration, and the stream listener is
// disconnected, thus removing overhead from future streaming data.
//
// If at least one of the condition is not fulfilled and scriptlets need
// to be injected, it will be done the longer way when the whole stream
// has been collated in memory.
var streamJobDone = function(filterer, responseBytes) {
if (
filterer.scriptlets === undefined ||
filterer.selectors !== undefined ||
2018-01-05 00:26:52 +01:00
filterer.charset === undefined
) {
return false;
}
// We need to insert after DOCTYPE, or else the browser may fall into
// quirks mode.
if ( responseBytes.byteLength < 256 ) { return false; }
var bb = new Uint8Array(responseBytes, 0, 256),
i = 0, b;
// Skip BOM if present.
if ( bb[0] === 0xEF && bb[1] === 0xBB && bb[2] === 0xBF ) { i += 3; }
// Scan for '<'
for (;;) {
b = bb[i++];
if ( b === 0x3C /* '<' */ ) { break; }
if ( b > 0x20 || i > 240 ) { return false; }
}
// Case insensitively test for '!doctype'.
if (
bb[i+0] === 0x21 /* '!' */ &&
( bb[i+1] | 0x20 ) === 0x64 /* 'd' */ &&
( bb[i+2] | 0x20 ) === 0x6F /* 'o' */ &&
( bb[i+3] | 0x20 ) === 0x63 /* 'c' */ &&
( bb[i+4] | 0x20 ) === 0x74 /* 't' */ &&
( bb[i+5] | 0x20 ) === 0x79 /* 'y' */ &&
( bb[i+6] | 0x20 ) === 0x70 /* 'p' */ &&
( bb[i+7] | 0x20 ) === 0x65 /* 'e' */
) {
i += 8;
}
// Case insensitively test for 'html'.
else if (
( bb[i+0] | 0x20 ) === 0x68 /* 'h' */ &&
( bb[i+1] | 0x20 ) === 0x74 /* 't' */ &&
( bb[i+2] | 0x20 ) === 0x6D /* 'm' */ &&
( bb[i+3] | 0x20 ) === 0x6C /* 'l' */
) {
i += 4;
} else {
return false;
}
// Scan for '>'.
var qcount = 0;
for (;;) {
b = bb[i++];
if ( b === 0x3E /* '>' */ ) { break; }
if ( b === 0x22 /* '"' */ || b === 0x27 /* "'" */ ) { qcount += 1; }
if ( b > 0x7F || i > 240 ) { return false; }
}
// Bail out if mismatched quotes.
if ( (qcount & 1) !== 0 ) { return false; }
// We found a valid insertion point.
if ( textEncoder === undefined ) { textEncoder = new TextEncoder(); }
filterer.stream.write(new Uint8Array(responseBytes, 0, i));
filterer.stream.write(
textEncoder.encode('<script>' + filterer.scriptlets + '</script>')
);
filterer.stream.write(new Uint8Array(responseBytes, i));
return true;
};
var streamClose = function(filterer, buffer) {
if ( buffer !== undefined ) {
filterer.stream.write(buffer);
} else if ( filterer.buffer !== undefined ) {
filterer.stream.write(filterer.buffer);
}
filterer.stream.close();
};
var onStreamData = function(ev) {
var filterer = filterers.get(this);
if ( filterer === undefined ) {
this.write(ev.data);
this.disconnect();
return;
}
if (
this.status !== 'transferringdata' &&
this.status !== 'finishedtransferringdata'
) {
filterers.delete(this);
this.disconnect();
return;
}
2017-12-30 17:21:23 +01:00
// TODO:
// - Possibly improve buffer growth, if benchmarking shows it's worth
// it.
// - Also evaluate whether keeping a list of buffers and then decoding
// them in sequence using TextDecoder's "stream" option is more
// efficient. Can the data buffers be safely kept around for later
// use?
// - Informal, quick benchmarks seem to show most of the overhead is
// from calling TextDecoder.decode() and TextEncoder.encode(), and if
// confirmed, there is nothing which can be done uBO-side to reduce
// overhead.
if ( filterer.buffer === null ) {
if ( streamJobDone(filterer, ev.data) ) {
filterers.delete(this);
this.disconnect();
return;
}
filterer.buffer = new Uint8Array(ev.data);
return;
}
var buffer = new Uint8Array(
filterer.buffer.byteLength +
ev.data.byteLength
);
buffer.set(filterer.buffer);
buffer.set(new Uint8Array(ev.data), filterer.buffer.byteLength);
filterer.buffer = buffer;
};
var onStreamStop = function() {
var filterer = filterers.get(this);
filterers.delete(this);
if ( filterer === undefined || filterer.buffer === null ) {
this.close();
return;
}
if ( this.status !== 'finishedtransferringdata' ) { return; }
if ( domParser === undefined ) {
domParser = new DOMParser();
xmlSerializer = new XMLSerializer();
}
if ( textEncoder === undefined ) {
textEncoder = new TextEncoder();
}
var doc;
// If stream encoding is still unknnown, try to extract from document.
2018-02-18 13:16:10 +01:00
var charsetFound = filterer.charset,
charsetUsed = charsetFound;
if ( charsetFound === undefined ) {
if ( utf8TextDecoder === undefined ) {
utf8TextDecoder = new TextDecoder();
}
doc = domParser.parseFromString(
2018-02-18 13:16:10 +01:00
utf8TextDecoder.decode(filterer.buffer.slice(0, 1024)),
2018-03-01 20:12:16 +01:00
filterer.mime
);
2018-02-18 13:16:10 +01:00
charsetFound = charsetFromDoc(doc);
charsetUsed = µb.textEncode.normalizeCharset(charsetFound);
if ( charsetUsed === undefined ) {
return streamClose(filterer);
}
}
doc = domParser.parseFromString(
2018-02-18 13:16:10 +01:00
textDecode(charsetUsed, filterer.buffer),
2018-03-01 20:12:16 +01:00
filterer.mime
);
2018-02-18 13:16:10 +01:00
// https://github.com/gorhill/uBlock/issues/3507
// In case of no explicit charset found, try to find one again, but
// this time with the whole document parsed.
if ( charsetFound === undefined ) {
charsetFound = µb.textEncode.normalizeCharset(charsetFromDoc(doc));
if ( charsetFound !== charsetUsed ) {
if ( charsetFound === undefined ) {
return streamClose(filterer);
}
charsetUsed = charsetFound;
doc = domParser.parseFromString(
textDecode(charsetFound, filterer.buffer),
2018-03-01 20:12:16 +01:00
filterer.mime
2018-02-18 13:16:10 +01:00
);
}
}
var modified = false;
if ( filterer.selectors !== undefined ) {
if ( µb.htmlFilteringEngine.apply(doc, filterer) ) {
modified = true;
}
}
if ( filterer.scriptlets !== undefined ) {
if ( µb.scriptletFilteringEngine.apply(doc, filterer) ) {
modified = true;
}
}
if ( modified === false ) {
2018-02-18 13:16:10 +01:00
return streamClose(filterer);
}
// https://stackoverflow.com/questions/6088972/get-doctype-of-an-html-as-string-with-javascript/10162353#10162353
var doctypeStr = doc.doctype instanceof Object ?
xmlSerializer.serializeToString(doc.doctype) + '\n' :
'';
2018-01-03 05:06:16 +01:00
// https://github.com/gorhill/uBlock/issues/3391
var encodedStream = textEncoder.encode(
doctypeStr +
doc.documentElement.outerHTML
);
2018-02-18 13:16:10 +01:00
if ( charsetUsed !== 'utf-8' ) {
2018-01-03 05:06:16 +01:00
encodedStream = µb.textEncode.encode(
2018-02-18 13:16:10 +01:00
charsetUsed,
2018-01-03 05:06:16 +01:00
encodedStream
);
}
streamClose(filterer, encodedStream);
};
var onStreamError = function() {
filterers.delete(this);
};
2018-01-03 19:59:38 +01:00
return function(pageStore, details) {
// https://github.com/gorhill/uBlock/issues/3478
var statusCode = details.statusCode || 0;
if ( statusCode !== 0 && (statusCode < 200 || statusCode >= 300) ) {
return;
}
var hostname = µb.URI.hostnameFromURI(details.url);
if ( hostname === '' ) { return; }
var domain = µb.URI.domainFromHostname(hostname);
var request = {
stream: undefined,
tabId: details.tabId,
url: details.url,
hostname: hostname,
domain: domain,
entity: µb.URI.entityFromDomain(domain),
selectors: undefined,
scriptlets: undefined,
buffer: null,
2018-03-01 20:12:16 +01:00
mime: undefined,
charset: undefined
};
2018-02-23 15:45:51 +01:00
request.selectors = µb.htmlFilteringEngine.retrieve(request);
// https://github.com/gorhill/uBlock/issues/3526
// https://github.com/uBlockOrigin/uAssets/issues/1492
// Two distinct issues, but both are arising as a result of
// injecting scriptlets through stream filtering. So falling back
// to "slow" scriplet injection for the time being. Stream filtering
// (`##^`) should be used for when scriptlets are defeated by early
// script tags on a page.
//
if ( µb.hiddenSettings.streamScriptInjectFilters ) {
2018-02-23 15:45:51 +01:00
request.scriptlets = µb.scriptletFilteringEngine.retrieve(request);
}
if (
request.selectors === undefined &&
request.scriptlets === undefined
) {
return;
}
var headers = details.responseHeaders,
contentType = headerValueFromName('content-type', headers);
if ( contentType !== '' ) {
2018-03-01 20:12:16 +01:00
request.mime = mimeFromContentType(contentType);
if ( request.mime === undefined ) { return; }
2018-01-05 00:26:52 +01:00
var charset = charsetFromContentType(contentType);
if ( charset !== undefined ) {
charset = µb.textEncode.normalizeCharset(charset);
2018-01-03 19:59:38 +01:00
if ( charset === undefined ) { return; }
2018-01-05 00:26:52 +01:00
request.charset = charset;
}
}
// https://bugzilla.mozilla.org/show_bug.cgi?id=1426789
if ( headerValueFromName('content-disposition', headers) ) { return; }
var stream = request.stream =
vAPI.net.webRequest.filterResponseData(details.requestId);
stream.ondata = onStreamData;
stream.onstop = onStreamStop;
stream.onerror = onStreamError;
filterers.set(stream, request);
};
})();
/******************************************************************************/
var injectCSP = function(pageStore, details) {
var µb = µBlock,
tabId = details.tabId,
requestURL = details.url,
loggerEnabled = µb.logger.isEnabled(),
logger = µb.logger,
cspSubsets = [];
var context = pageStore.createContextFromPage();
2016-01-22 17:13:29 +01:00
context.requestHostname = µb.URI.hostnameFromURI(requestURL);
if ( details.type !== 'main_frame' ) {
context.pageHostname = context.pageDomain = context.requestHostname;
}
2017-09-11 15:53:42 +02:00
context.requestURL = requestURL;
2015-01-24 18:06:22 +01:00
// Start collecting policies >>>>>>>>
// ======== built-in policies
2017-09-11 15:53:42 +02:00
var builtinDirectives = [];
context.requestType = 'inline-script';
2017-08-03 16:18:05 +02:00
if ( pageStore.filterRequest(context) === 1 ) {
2017-09-11 15:53:42 +02:00
builtinDirectives.push("script-src 'unsafe-eval' * blob: data:");
}
if ( loggerEnabled === true ) {
logger.writeOne(
tabId,
'net',
pageStore.logData,
'inline-script',
requestURL,
context.rootHostname,
context.pageHostname
);
}
2017-09-11 15:53:42 +02:00
// https://github.com/gorhill/uBlock/issues/1539
// - Use a CSP to also forbid inline fonts if remote fonts are blocked.
context.requestType = 'inline-font';
if ( pageStore.filterRequest(context) === 1 ) {
builtinDirectives.push('font-src *');
if ( loggerEnabled === true ) {
logger.writeOne(
tabId,
'net',
pageStore.logData,
'inline-font',
requestURL,
context.rootHostname,
context.pageHostname
);
}
}
if ( builtinDirectives.length !== 0 ) {
cspSubsets[0] = builtinDirectives.join('; ');
}
// ======== filter-based policies
// Static filtering.
var logDataEntries = [];
µb.staticNetFilteringEngine.matchAndFetchData(
'csp',
requestURL,
cspSubsets,
loggerEnabled === true ? logDataEntries : undefined
);
// URL filtering `allow` rules override static filtering.
if (
cspSubsets.length !== 0 &&
µb.sessionURLFiltering.evaluateZ(context.rootHostname, requestURL, 'csp') === 2
) {
if ( loggerEnabled === true ) {
logger.writeOne(
tabId,
'net',
µb.sessionURLFiltering.toLogData(),
'csp',
requestURL,
context.rootHostname,
context.pageHostname
);
}
context.dispose();
return;
}
// Dynamic filtering `allow` rules override static filtering.
if (
cspSubsets.length !== 0 &&
µb.userSettings.advancedUserEnabled &&
µb.sessionFirewall.evaluateCellZY(context.rootHostname, context.rootHostname, '*') === 2
) {
if ( loggerEnabled === true ) {
logger.writeOne(
2017-02-06 21:34:31 +01:00
tabId,
'net',
µb.sessionFirewall.toLogData(),
'csp',
2017-02-06 21:34:31 +01:00
requestURL,
context.rootHostname,
context.pageHostname
);
}
context.dispose();
return;
}
// <<<<<<<< All policies have been collected
// Static CSP policies will be applied.
for ( var entry of logDataEntries ) {
logger.writeOne(
tabId,
'net',
entry,
'csp',
requestURL,
context.rootHostname,
context.pageHostname
);
}
2016-07-01 04:03:29 +02:00
context.dispose();
if ( cspSubsets.length === 0 ) {
return;
}
2014-09-24 23:38:22 +02:00
µb.updateBadgeAsync(tabId);
var csp,
headers = details.responseHeaders,
i = headerIndexFromName('content-security-policy', headers);
if ( i !== -1 ) {
csp = headers[i].value.trim();
headers.splice(i, 1);
}
cspSubsets = cspSubsets.join(', ');
// Use comma to add a new subset to potentially existing one(s). This new
// subset has its own reporting options and won't cause spurious CSP
// reports to outside world.
// Ref.: https://www.w3.org/TR/CSP2/#implementation-considerations
headers.push({
name: 'Content-Security-Policy',
value: csp === undefined ? cspSubsets : csp + ', ' + cspSubsets
});
return { 'responseHeaders': headers };
};
/******************************************************************************/
// https://github.com/gorhill/uBlock/issues/1163
2016-11-08 21:53:08 +01:00
// "Block elements by size"
var foilLargeMediaElement = function(pageStore, details) {
var µb = µBlock;
2016-11-08 21:53:08 +01:00
var i = headerIndexFromName('content-length', details.responseHeaders);
2016-11-08 21:53:08 +01:00
if ( i === -1 ) { return; }
var tabId = details.tabId,
size = parseInt(details.responseHeaders[i].value, 10) || 0,
2016-11-08 21:53:08 +01:00
result = pageStore.filterLargeMediaElement(size);
if ( result === 0 ) { return; }
if ( µb.logger.isEnabled() ) {
µb.logger.writeOne(
tabId,
'net',
pageStore.logData,
details.type,
details.url,
pageStore.tabHostname,
pageStore.tabHostname
);
}
return { cancel: true };
};
/******************************************************************************/
// Caller must ensure headerName is normalized to lower case.
var headerIndexFromName = function(headerName, headers) {
var i = headers.length;
while ( i-- ) {
if ( headers[i].name.toLowerCase() === headerName ) {
return i;
}
}
return -1;
2014-09-24 23:38:22 +02:00
};
2017-07-22 22:58:08 +02:00
var headerValueFromName = function(headerName, headers) {
var i = headerIndexFromName(headerName, headers);
return i !== -1 ? headers[i].value : '';
};
2014-09-24 23:38:22 +02:00
/******************************************************************************/
vAPI.net.onBeforeRequest = {
urls: [
'http://*/*',
'https://*/*'
],
extra: [ 'blocking' ],
callback: onBeforeRequest
};
2017-10-18 21:00:22 +02:00
vAPI.net.onBeforeMaybeSpuriousCSPReport = {
callback: onBeforeMaybeSpuriousCSPReport
};
vAPI.net.onHeadersReceived = {
urls: [
'http://*/*',
'https://*/*'
],
types: [
'main_frame',
'sub_frame',
'image',
'media'
],
extra: [ 'blocking', 'responseHeaders' ],
callback: onHeadersReceived
};
vAPI.net.registerListeners();
2014-09-24 23:38:22 +02:00
2014-06-24 00:42:43 +02:00
/******************************************************************************/
var isTemporarilyWhitelisted = function(result, hostname) {
var obsolete, pos;
for (;;) {
obsolete = documentWhitelists[hostname];
if ( obsolete !== undefined ) {
if ( obsolete > Date.now() ) {
if ( result === 0 ) {
return 2;
}
} else {
delete documentWhitelists[hostname];
}
}
pos = hostname.indexOf('.');
if ( pos === -1 ) { break; }
hostname = hostname.slice(pos + 1);
}
return result;
};
2015-04-09 00:46:08 +02:00
var documentWhitelists = Object.create(null);
/******************************************************************************/
exports.temporarilyWhitelistDocument = function(hostname) {
if ( typeof hostname !== 'string' || hostname === '' ) {
2015-03-26 00:28:22 +01:00
return;
}
documentWhitelists[hostname] = Date.now() + 60 * 1000;
};
/******************************************************************************/
return exports;
/******************************************************************************/
2014-06-24 00:42:43 +02:00
})();
/******************************************************************************/