mirror of
https://github.com/gorhill/uBlock.git
synced 2024-10-06 09:37:12 +02:00
Shield some code paths against potentially tampered global properties
Related feedback: https://github.com/uBlockOrigin/uAssets/issues/21895#issuecomment-1887472623
This commit is contained in:
parent
f6b726136c
commit
534d877e95
@ -55,7 +55,10 @@ function safeSelf() {
|
|||||||
'Math_max': Math.max,
|
'Math_max': Math.max,
|
||||||
'Math_min': Math.min,
|
'Math_min': Math.min,
|
||||||
'Math_random': Math.random,
|
'Math_random': Math.random,
|
||||||
|
'Object': Object,
|
||||||
'Object_defineProperty': Object.defineProperty.bind(Object),
|
'Object_defineProperty': Object.defineProperty.bind(Object),
|
||||||
|
'Object_fromEntries': Object.fromEntries.bind(Object),
|
||||||
|
'Object_getOwnPropertyDescriptor': Object.getOwnPropertyDescriptor.bind(Object),
|
||||||
'RegExp': self.RegExp,
|
'RegExp': self.RegExp,
|
||||||
'RegExp_test': self.RegExp.prototype.test,
|
'RegExp_test': self.RegExp.prototype.test,
|
||||||
'RegExp_exec': self.RegExp.prototype.exec,
|
'RegExp_exec': self.RegExp.prototype.exec,
|
||||||
@ -137,7 +140,7 @@ function safeSelf() {
|
|||||||
}
|
}
|
||||||
return out;
|
return out;
|
||||||
}, []);
|
}, []);
|
||||||
return Object.fromEntries(entries);
|
return this.Object_fromEntries(entries);
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
scriptletGlobals.set('safeSelf', safe);
|
scriptletGlobals.set('safeSelf', safe);
|
||||||
@ -534,9 +537,9 @@ function setConstantCore(
|
|||||||
// Support multiple trappers for the same property.
|
// Support multiple trappers for the same property.
|
||||||
const trapProp = function(owner, prop, configurable, handler) {
|
const trapProp = function(owner, prop, configurable, handler) {
|
||||||
if ( handler.init(configurable ? owner[prop] : cValue) === false ) { return; }
|
if ( handler.init(configurable ? owner[prop] : cValue) === false ) { return; }
|
||||||
const odesc = Object.getOwnPropertyDescriptor(owner, prop);
|
const odesc = safe.Object_getOwnPropertyDescriptor(owner, prop);
|
||||||
let prevGetter, prevSetter;
|
let prevGetter, prevSetter;
|
||||||
if ( odesc instanceof Object ) {
|
if ( odesc instanceof safe.Object ) {
|
||||||
owner[prop] = cValue;
|
owner[prop] = cValue;
|
||||||
if ( odesc.get instanceof Function ) {
|
if ( odesc.get instanceof Function ) {
|
||||||
prevGetter = odesc.get;
|
prevGetter = odesc.get;
|
||||||
@ -589,7 +592,7 @@ function setConstantCore(
|
|||||||
const prop = chain.slice(0, pos);
|
const prop = chain.slice(0, pos);
|
||||||
const v = owner[prop];
|
const v = owner[prop];
|
||||||
chain = chain.slice(pos + 1);
|
chain = chain.slice(pos + 1);
|
||||||
if ( v instanceof Object || typeof v === 'object' && v !== null ) {
|
if ( v instanceof safe.Object || typeof v === 'object' && v !== null ) {
|
||||||
trapChain(v, chain);
|
trapChain(v, chain);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@ -604,7 +607,7 @@ function setConstantCore(
|
|||||||
},
|
},
|
||||||
setter: function(a) {
|
setter: function(a) {
|
||||||
this.v = a;
|
this.v = a;
|
||||||
if ( a instanceof Object ) {
|
if ( a instanceof safe.Object ) {
|
||||||
trapChain(a, chain);
|
trapChain(a, chain);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1476,11 +1479,12 @@ function addEventListenerDefuser(
|
|||||||
const rePattern = safe.patternToRegex(pattern);
|
const rePattern = safe.patternToRegex(pattern);
|
||||||
const log = shouldLog(extraArgs);
|
const log = shouldLog(extraArgs);
|
||||||
const debug = shouldDebug(extraArgs);
|
const debug = shouldDebug(extraArgs);
|
||||||
const targetElements = extraArgs.elements || undefined;
|
const targetSelector = extraArgs.elements || undefined;
|
||||||
const shouldPrevent = (thisArg, type, handler) => {
|
const shouldPrevent = (thisArg, type, handler) => {
|
||||||
const matchesInstance = targetElements === undefined ||
|
if ( targetSelector !== undefined ) {
|
||||||
Array.from(document.querySelectorAll(targetElements)).includes(thisArg);
|
const elems = Array.from(document.querySelectorAll(targetSelector));
|
||||||
if ( matchesInstance === false ) { return false; }
|
if ( elems.includes(thisArg) === false ) { return false; }
|
||||||
|
}
|
||||||
const matchesType = safe.RegExp_test.call(reType, type);
|
const matchesType = safe.RegExp_test.call(reType, type);
|
||||||
const matchesHandler = safe.RegExp_test.call(rePattern, handler);
|
const matchesHandler = safe.RegExp_test.call(rePattern, handler);
|
||||||
const matchesEither = matchesType || matchesHandler;
|
const matchesEither = matchesType || matchesHandler;
|
||||||
@ -1919,11 +1923,11 @@ function noFetchIf(
|
|||||||
'Content-Length': text.length,
|
'Content-Length': text.length,
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
Object.defineProperty(response, 'url', {
|
safe.Object_defineProperty(response, 'url', {
|
||||||
value: details.url
|
value: details.url
|
||||||
});
|
});
|
||||||
if ( responseType !== '' ) {
|
if ( responseType !== '' ) {
|
||||||
Object.defineProperty(response, 'type', {
|
safe.Object_defineProperty(response, 'type', {
|
||||||
value: responseType
|
value: responseType
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user