Mirrors/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-06 19:02:30 +01:00
Code Issues Releases Wiki Activity

add basic mitigation to potential abuse of IDN

Browse Source
This commit is contained in:
gorhill 2017-04-22 12:57:56 -04:00
parent 774faa1c8c
commit 0b3d1477f2
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
3 changed files with 55 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
src/css/popup.css
View File

@ -33,7 +33,7 @@ h2 {
padding: 0.2em; padding: 0.2em;
text-align: center; text-align: center;
} }
h2:nth-of-type(1) { h2:first-of-type {
margin-top: 0; margin-top: 0;
} }
a { a {
@ -124,7 +124,7 @@ body.portrait[dir="ltr"] #panes > div:nth-of-type(2) {
#panes:not(.dfEnabled) > div:nth-of-type(2) { #panes:not(.dfEnabled) > div:nth-of-type(2) {
display: none; display: none;
} }
#panes > div:nth-of-type(1) { #panes > div:first-of-type {
min-width: 11em; min-width: 11em;
padding: 0; padding: 0;
} }
@ -304,24 +304,30 @@ body[dir="rtl"] #tooltip {
color: #000; color: #000;
display: inline-block; display: inline-block;
height: 1.9em; height: 1.9em;
line-height: 1.9em; line-height: 1.9;
overflow: hidden; overflow: hidden;
position: relative; position: relative;
vertical-align: top; vertical-align: top;
} }
#firewallContainer > div:nth-of-type(1) > span:nth-of-type(1) { #firewallContainer > div:first-of-type > span:first-of-type {
cursor: pointer; cursor: pointer;
} }
#firewallContainer > div > span:nth-of-type(1) { #firewallContainer > div > span:first-of-type {
padding-right: 2px; padding-right: 2px;
position: relative; position: relative;
text-overflow: ellipsis; text-overflow: ellipsis;
width: calc(100% - 4em); width: calc(100% - 4em);
} }
#firewallContainer > div.isDomain > span.isIDN:first-of-type > sup:before {
color: #666;
content: 'idn\2002';
font-size: 80%;
font-weight: normal;
}
#firewallContainer > div > span:nth-of-type(2) { #firewallContainer > div > span:nth-of-type(2) {
display: none; display: none;
} }
#firewallContainer > div > span:nth-of-type(1) ~ span { #firewallContainer > div > span:first-of-type ~ span {
border-left: 1px solid white; border-left: 1px solid white;
width: 4em; width: 4em;
} }
@ -333,15 +339,15 @@ body[dir="rtl"] #tooltip {
#firewallContainer > div > span:nth-of-type(4) { #firewallContainer > div > span:nth-of-type(4) {
display: none; display: none;
} }
#firewallContainer > div.isDomain > span:nth-of-type(1) { #firewallContainer > div.isDomain > span:first-of-type {
font-weight: bold; font-weight: bold;
} }
#firewallContainer > div:nth-of-type(1) > span:nth-of-type(1):before { #firewallContainer > div:first-of-type > span:first-of-type:before {
color: #aaa; color: #aaa;
content: '\2012'; content: '\2012';
padding-right: 0.25em; padding-right: 0.25em;
} }
#firewallContainer.minimized > div:nth-of-type(1) > span:nth-of-type(1):before { #firewallContainer.minimized > div:first-of-type > span:first-of-type:before {
content: '+'; content: '+';
} }
#firewallContainer.minimized > div.isDomain > span:nth-of-type(3) { #firewallContainer.minimized > div.isDomain > span:nth-of-type(3) {
@ -379,7 +385,7 @@ body[dir="rtl"] #tooltip {
content: '\2212\2212\2212'; content: '\2212\2212\2212';
} }
body.advancedUser #firewallContainer > div > span:nth-of-type(1) { body.advancedUser #firewallContainer > div > span:first-of-type {
width: calc(100% - 8em); width: calc(100% - 8em);
} }
body.advancedUser #firewallContainer > div > span:nth-of-type(2) { body.advancedUser #firewallContainer > div > span:nth-of-type(2) {
@ -388,17 +394,17 @@ body.advancedUser #firewallContainer > div > span:nth-of-type(2) {
body.advancedUser #firewallContainer > div:first-child ~ div:not([class]) { body.advancedUser #firewallContainer > div:first-child ~ div:not([class]) {
display: block; display: block;
} }
body.advancedUser #firewallContainer > div > span:nth-of-type(1) ~ span { body.advancedUser #firewallContainer > div > span:first-of-type ~ span {
cursor: pointer; cursor: pointer;
} }
/** /**
Small coloured label at the left of a row Small coloured label at the left of a row
*/ */
#firewallContainer > div.allowed > span:nth-of-type(1):before, #firewallContainer > div.allowed > span:first-of-type:before,
#firewallContainer > div.blocked > span:nth-of-type(1):before, #firewallContainer > div.blocked > span:first-of-type:before,
#firewallContainer.minimized > div.isDomain.totalAllowed > span:nth-of-type(1):before, #firewallContainer.minimized > div.isDomain.totalAllowed > span:first-of-type:before,
#firewallContainer.minimized > div.isDomain.totalBlocked > span:nth-of-type(1):before { #firewallContainer.minimized > div.isDomain.totalBlocked > span:first-of-type:before {
box-sizing: border-box; box-sizing: border-box;
content: ''; content: '';
display: inline-block; display: inline-block;
@ -412,24 +418,24 @@ body.advancedUser #firewallContainer > div > span:nth-of-type(1) ~ span {
Source for color-blind color scheme from https://github.com/WyohKnott: Source for color-blind color scheme from https://github.com/WyohKnott:
https://github.com/chrisaljoudi/uBlock/issues/467#issuecomment-95177219 https://github.com/chrisaljoudi/uBlock/issues/467#issuecomment-95177219
*/ */
#firewallContainer > div.allowed > span:nth-of-type(1):before, #firewallContainer > div.allowed > span:first-of-type:before,
#firewallContainer.minimized > div.isDomain.totalAllowed > span:nth-of-type(1):before { #firewallContainer.minimized > div.isDomain.totalAllowed > span:first-of-type:before {
background-color: rgb(0, 160, 0); background-color: rgb(0, 160, 0);
} }
#firewallContainer.colorBlind > div.allowed > span:nth-of-type(1):before, #firewallContainer.colorBlind > div.allowed > span:first-of-type:before,
#firewallContainer.colorBlind.minimized > div.isDomain.totalAllowed > span:nth-of-type(1):before { #firewallContainer.colorBlind.minimized > div.isDomain.totalAllowed > span:first-of-type:before {
background-color: rgb(255, 194, 57); background-color: rgb(255, 194, 57);
} }
#firewallContainer > div.blocked > span:nth-of-type(1):before, #firewallContainer > div.blocked > span:first-of-type:before,
#firewallContainer.minimized > div.isDomain.totalBlocked > span:nth-of-type(1):before { #firewallContainer.minimized > div.isDomain.totalBlocked > span:first-of-type:before {
background-color: rgb(192, 0, 0); background-color: rgb(192, 0, 0);
} }
#firewallContainer.colorBlind > div.blocked > span:nth-of-type(1):before, #firewallContainer.colorBlind > div.blocked > span:first-of-type:before,
#firewallContainer.colorBlind.minimized > div.isDomain.totalBlocked > span:nth-of-type(1):before { #firewallContainer.colorBlind.minimized > div.isDomain.totalBlocked > span:first-of-type:before {
background-color: rgb(0, 19, 110); background-color: rgb(0, 19, 110);
} }
#firewallContainer > div.allowed.blocked > span:nth-of-type(1):before, #firewallContainer > div.allowed.blocked > span:first-of-type:before,
#firewallContainer.minimized > div.isDomain.totalAllowed.totalBlocked > span:nth-of-type(1):before { #firewallContainer.minimized > div.isDomain.totalAllowed.totalBlocked > span:first-of-type:before {
background-color: rgb(192, 160, 0); background-color: rgb(192, 160, 0);
} }
/* Rule cells */ /* Rule cells */
@ -483,7 +489,7 @@ body.advancedUser #firewallContainer > div > span.nRule.ownRule {
height: 100%; height: 100%;
opacity: 0.2; opacity: 0.2;
} }
#actionSelector > span:nth-of-type(1) { #actionSelector > span:first-of-type {
width: 33%; width: 33%;
} }
#actionSelector > span:nth-of-type(2) { #actionSelector > span:nth-of-type(2) {
@ -495,10 +501,10 @@ body.advancedUser #firewallContainer > div > span.nRule.ownRule {
#actionSelector > span:hover { #actionSelector > span:hover {
opacity: 0.75; opacity: 0.75;
} }
#actionSelector > span:nth-of-type(1) { #actionSelector > span:first-of-type {
background-color: rgb(0, 160, 0); background-color: rgb(0, 160, 0);
} }
#actionSelector.colorBlind > span:nth-of-type(1) { #actionSelector.colorBlind > span:first-of-type {
background-color: rgb(255, 194, 57); background-color: rgb(255, 194, 57);
} }
#actionSelector > span:nth-of-type(2) { #actionSelector > span:nth-of-type(2) {

24
src/js/popup.js
View File

@ -1,7 +1,7 @@
/******************************************************************************* /*******************************************************************************
uBlock Origin - a browser extension to block requests. uBlock Origin - a browser extension to block requests.
Copyright (C) 2014-2016 Raymond Hill Copyright (C) 2014-2017 Raymond Hill
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -94,6 +94,7 @@ var rowsToRecycle = uDom();
var cachedPopupHash = ''; var cachedPopupHash = '';
var statsStr = vAPI.i18n('popupBlockedStats'); var statsStr = vAPI.i18n('popupBlockedStats');
var domainsHitStr = vAPI.i18n('popupHitDomainCount'); var domainsHitStr = vAPI.i18n('popupHitDomainCount');
var reHasAsciiAndUnicode = /[A-Za-z]+[^\x00-\x7F]|[^\x00-\x7F]+[A-Za-z]/;
/******************************************************************************/ /******************************************************************************/
@ -196,10 +197,25 @@ var addFirewallRow = function(des) {
} }
row.descendants('[data-des]').attr('data-des', des); row.descendants('[data-des]').attr('data-des', des);
row.descendants('span:nth-of-type(1)').text(punycode.toUnicode(des));
var hnDetails = popupData.hostnameDict[des] || {}; var hnDetails = popupData.hostnameDict[des] || {},
var isDomain = des === hnDetails.domain; isDomain = des === hnDetails.domain;
var prettyDomainName = punycode.toUnicode(des),
isPunycoded = prettyDomainName !== des,
mixedDomainName = false;
if ( isDomain && isPunycoded ) {
var pos = prettyDomainName.indexOf('.');
if ( pos !== -1 ) {
mixedDomainName = reHasAsciiAndUnicode.test(prettyDomainName.slice(0, pos));
}
}
var span = row.nodeAt(0).querySelector('span:first-of-type');
span.classList.toggle('isIDN', mixedDomainName);
span.querySelector('span').textContent = prettyDomainName;
span.title = isDomain && isPunycoded ? des : '';
row.toggleClass('isDomain', isDomain) row.toggleClass('isDomain', isDomain)
.toggleClass('isSubDomain', !isDomain) .toggleClass('isSubDomain', !isDomain)
.toggleClass('allowed', hnDetails.allowCount !== 0) .toggleClass('allowed', hnDetails.allowCount !== 0)

2
src/popup.html
View File

@ -48,7 +48,7 @@
</div> </div>
<div id="templates" style="display: none"> <div id="templates" style="display: none">
<div><span></span><span data-src="/" data-des="" data-type="*"></span><span data-src="." data-des="" data-type="*"></span><span data-src="." data-des="" data-type="*"></span></div> <div><span><sup></sup><span></span></span><span data-src="/" data-des="" data-type="*"></span><span data-src="." data-des="" data-type="*"></span><span data-src="." data-des="" data-type="*"></span></div>
<div id="actionSelector"><span id="dynaAllow"></span><span id="dynaNoop"></span><span id="dynaBlock"></span></div> <div id="actionSelector"><span id="dynaAllow"></span><span id="dynaNoop"></span><span id="dynaBlock"></span></div>
<div id="hotspotTip"></div> <div id="hotspotTip"></div>
<div id="tooltip"></div> <div id="tooltip"></div>