mirror of
https://github.com/gorhill/uBlock.git
synced 2024-10-06 09:37:12 +02:00
Harden scriptlets which need to serialize function code into string
Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/2907
This commit is contained in:
parent
5d1618e1be
commit
7823d98070
@ -49,6 +49,8 @@ function safeSelf() {
|
|||||||
const safe = {
|
const safe = {
|
||||||
'Array_from': Array.from,
|
'Array_from': Array.from,
|
||||||
'Error': self.Error,
|
'Error': self.Error,
|
||||||
|
'Function_toStringFn': self.Function.prototype.toString,
|
||||||
|
'Function_toString': thisArg => safe.Function_toStringFn.call(thisArg),
|
||||||
'Math_floor': Math.floor,
|
'Math_floor': Math.floor,
|
||||||
'Math_random': Math.random,
|
'Math_random': Math.random,
|
||||||
'Object_defineProperty': Object.defineProperty.bind(Object),
|
'Object_defineProperty': Object.defineProperty.bind(Object),
|
||||||
@ -1394,7 +1396,9 @@ function addEventListenerDefuser(
|
|||||||
let type, handler;
|
let type, handler;
|
||||||
try {
|
try {
|
||||||
type = String(args[0]);
|
type = String(args[0]);
|
||||||
handler = String(args[1]);
|
handler = args[1] instanceof Function
|
||||||
|
? String(safe.Function_toString(args[1]))
|
||||||
|
: String(args[1]);
|
||||||
} catch(ex) {
|
} catch(ex) {
|
||||||
}
|
}
|
||||||
const matchesType = safe.RegExp_test.call(reType, type);
|
const matchesType = safe.RegExp_test.call(reType, type);
|
||||||
@ -2004,7 +2008,9 @@ function noRequestAnimationFrameIf(
|
|||||||
const reNeedle = safe.patternToRegex(needle);
|
const reNeedle = safe.patternToRegex(needle);
|
||||||
window.requestAnimationFrame = new Proxy(window.requestAnimationFrame, {
|
window.requestAnimationFrame = new Proxy(window.requestAnimationFrame, {
|
||||||
apply: function(target, thisArg, args) {
|
apply: function(target, thisArg, args) {
|
||||||
const a = String(args[0]);
|
const a = args[0] instanceof Function
|
||||||
|
? String(safe.Function_toString(args[0]))
|
||||||
|
: String(args[0]);
|
||||||
let defuse = false;
|
let defuse = false;
|
||||||
if ( log !== undefined ) {
|
if ( log !== undefined ) {
|
||||||
log('uBO: requestAnimationFrame("%s")', a);
|
log('uBO: requestAnimationFrame("%s")', a);
|
||||||
@ -2072,7 +2078,9 @@ function noSetIntervalIf(
|
|||||||
const reNeedle = safe.patternToRegex(needle);
|
const reNeedle = safe.patternToRegex(needle);
|
||||||
self.setInterval = new Proxy(self.setInterval, {
|
self.setInterval = new Proxy(self.setInterval, {
|
||||||
apply: function(target, thisArg, args) {
|
apply: function(target, thisArg, args) {
|
||||||
const a = String(args[0]);
|
const a = args[0] instanceof Function
|
||||||
|
? String(safe.Function_toString(args[0]))
|
||||||
|
: String(args[0]);
|
||||||
const b = args[1];
|
const b = args[1];
|
||||||
if ( log !== undefined ) {
|
if ( log !== undefined ) {
|
||||||
log('uBO: setInterval("%s", %s)', a, b);
|
log('uBO: setInterval("%s", %s)', a, b);
|
||||||
@ -2134,7 +2142,9 @@ function noSetTimeoutIf(
|
|||||||
const reNeedle = safe.patternToRegex(needle);
|
const reNeedle = safe.patternToRegex(needle);
|
||||||
self.setTimeout = new Proxy(self.setTimeout, {
|
self.setTimeout = new Proxy(self.setTimeout, {
|
||||||
apply: function(target, thisArg, args) {
|
apply: function(target, thisArg, args) {
|
||||||
const a = String(args[0]);
|
const a = args[0] instanceof Function
|
||||||
|
? String(safe.Function_toString(args[0]))
|
||||||
|
: String(args[0]);
|
||||||
const b = args[1];
|
const b = args[1];
|
||||||
if ( log !== undefined ) {
|
if ( log !== undefined ) {
|
||||||
log('uBO: setTimeout("%s", %s)', a, b);
|
log('uBO: setTimeout("%s", %s)', a, b);
|
||||||
|
Loading…
Reference in New Issue
Block a user