1
0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-09 20:32:39 +01:00
Commit Graph

137 Commits

Author SHA1 Message Date
Raymond Hill
f8c4b8e52d
Add support to remove attributes in xml-prune scriptlet
Related issue:
- https://github.com/uBlockOrigin/uAssets/issues/18244
2023-06-05 08:51:20 -04:00
Raymond Hill
f3b720d532
Improve href-sanitizer scriptlet 2023-05-30 09:13:46 -04:00
Raymond Hill
56e1d92dbd
Fix/improve scriptlets
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2678
- https://github.com/uBlockOrigin/uAssets/issues/18278
2023-05-30 08:38:35 -04:00
Raymond Hill
2a3a796d33
Minor fix 2023-05-29 15:05:50 -04:00
Raymond Hill
a1a3477b07
Fix oversight in last commit 2023-05-29 14:54:13 -04:00
Raymond Hill
c8de904191
Add evaldata-prune scriptlet
Related issue:
- https://github.com/uBlockOrigin/uAssets/issues/18278
2023-05-29 14:37:02 -04:00
Raymond Hill
3ee3275dc1
Harden addEventListener scriptlet 2023-05-28 14:56:31 -04:00
Raymond Hill
82eee10c3a
Logging-related changes 2023-05-28 10:37:23 -04:00
Raymond Hill
3c9e946107
Log error in dev console is logging is enabled 2023-05-27 19:05:02 -04:00
Raymond Hill
8ed78cfb23
Support pruning by xpath in xml-prune scriptlet
Related issue:
- https://github.com/uBlockOrigin/uAssets/issues/18244
2023-05-27 17:26:19 -04:00
Raymond Hill
d3fae27017
Add support for xhr in xml-prune
Related issue:
- https://github.com/uBlockOrigin/uAssets/issues/18244
2023-05-27 09:14:19 -04:00
Raymond Hill
2bb446797a
Add remove-node-text.js scriptlet
The scriptlet remove the *whole* text of a DOM node. Usage:

    example.com##+js(remote-node-text, nodeName, condition, ...)

Where `condition` is a pattern to find in the target node for the
removal to occur. Since the text of the node is wholly removed,
this is not a scriplet which requires a trusted-source, as it is
virtually a similar capability as removing DOM nodes through
procedural cosmetic operator `:remove()` (which can't target
`#text` nodes), which does not require trusted-source.

Alias: `rmnt`

The extra parameters are the same as those documented for
`replace-node-text`.

For consistency, the alias for `replace-node-text` has been renamed
`rpnt`.
2023-05-25 08:51:26 -04:00
Raymond Hill
796ebc2444
Fix spoof-css for Firefox 2023-05-24 16:50:34 -04:00
Raymond Hill
005a0fe95d
Comment 2023-05-24 15:56:42 -04:00
Raymond Hill
e33d948fdc
Minor code review 2023-05-24 15:33:46 -04:00
Raymond Hill
db7cadae49
Remove pointless code in spoof-css scriptlet 2023-05-24 15:26:57 -04:00
Raymond Hill
d4fb87b6ba
Properly return inherited methods in property getter in spoof-css scriptlet
Related feedback:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2618#issuecomment-1561451479
2023-05-24 14:58:12 -04:00
Raymond Hill
1d9ee00498
Simplify passing extra parameters in scriptlets
When scriptlets can receive extra optional paramaters, these will
now be passed as pair of extra paramaters in the filter declaration,
whereas each pair is a `name, value` instance.

As a result, the optional paramaters that can be passed to the
`aeld` scriptlet can be passed this way, i.e. no longer need
a JSON approach, example:

    github.com##+js(aeld, click, , log, 1)
    github.com##+js(aeld, , , runAt, idle, log, 1)

The non-optional paramaters are always positional, after which
the optional paramaters are non-positional pairs of values.
2023-05-24 11:59:17 -04:00
Raymond Hill
8d1669f9b5
Ensure document.documentElement is present when executing acs scriptlet
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2670
2023-05-24 10:32:03 -04:00
Raymond Hill
879b837669
Fix scriptlet alias 2023-05-23 17:58:20 -04:00
Raymond Hill
842e356610
Put back missing scriptlet dependency
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2668

This broke `set-constant` filters.
2023-05-23 17:03:30 -04:00
Raymond Hill
19cdd50a1c
Add trusted-set-constant scriptlet
Alias: `trusted-set`

Behaves exactly like set-constant, except that any arbitrary JSON-
compatible value can be set.

By default the value is treated as a string, which can be anything.

If the value starts with `{` and ends with `}`, the value will be
JSON-parsed, and the `value` property of the resulting object will
be used.

As with any scriptlet requiring trust, filters using
`trusted-set-constant` can only come from trusted filter lists,
otherwise they are discarded.

Related discussion:
- https://github.com/uBlockOrigin/uAssets/discussions/18185#discussioncomment-5977456
2023-05-23 10:59:27 -04:00
Raymond Hill
824f8b7ceb
Add comments for reviewers 2023-05-23 09:03:19 -04:00
Raymond Hill
1a863a877d
Support injecting scriptlet in MAIN or ISOLATED world
This reflects the _world_ of the MV3 scripting API:
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/scripting/ExecutionWorld

MAIN: page's world
ISOLATED: extension's content script world

Some scriptlets are best executed in either world, so this
commit allows to pick in which world a scriptlet should execute
(default to MAIN).

For instance, the new sed.js scriptlet will now execute in
the ISOLATED world.
2023-05-22 20:19:00 -04:00
Raymond Hill
659f35837a
Imrpove sed scriptlet reliability
Related feedback:
- https://github.com/uBlockOrigin/uAssets/discussions/18185
2023-05-22 15:33:47 -04:00
Raymond Hill
99ce027fd7
Review default behavior of new sed.js scriptlet
Related commit:
- 41876336db

The `tryCount` parameter has been removed.

The new default behavior of the sed.js scriptlet is to bail out
when the document itself has been fully loaded, i.e. when
DOMContentLoaded event is fired.

Two new parameters have been added to override the default quit out
behavior:

`stay, 1`

Use to force the scriptlet to stay at work forever.

`quitAfter, ms`

This tells the scriptlet to quit `ms` milliseconds after the
page has been loaded, i.e. after the DOMContentLoaded event has
been fired.

The mutation observer of the sed.js scriptlet can be a significant
overhead for pages with dynamically updated DOM, and in most cases
the scriptlet is useful only for DOM changes occurring before the
DOMContentLoaded event, so the default is to quit out when that
event is received ("quit out" means discarding the mutation observer
and having the scriptlet garbage-collected by the JS engine).
2023-05-22 10:26:09 -04:00
Raymond Hill
41876336db
Add trusted-source support for privileged scriptlets
At the moment, the only filter lists deemed from a "trusted source"
are uBO-specific filter lists (i.e. "uBlock filters -- ..."), and
the user's own filters from "My filters".

A new scriptlet which can only be used by filter lists from trusted
sources has been introduced: `sed.js`.

The new `sed.js` scriptlet provides the ability to perform
text-level substitutions. Usage:

    example.org##+js(sed, nodeName, pattern, replacement, ...)

`nodeName`

The name of the node for which the text content must be substituted.
Valid node names can be found at:
https://developer.mozilla.org/en-US/docs/Web/API/Node/nodeName

`pattern`

A string or regex to find in the text content of the node as the target of
substitution.

`replacement`

The replacement text. Can be omitted if the goal is to delete the text which
matches the pattern. Cannot be omitted if extra pairs of parameters have to be
used (see below).

Optionally, extra pairs of parameters to modify the behavior of the scriptlet:

`condition, pattern`

A string or regex which must be found in the text content of the node
in order for the substitution to occur.

`sedCount, n`

This will cause the scriptlet to stop after n instances of substitution. Since
a mutation oberver is used by the scriptlet, it's advised to stop it whenever
it becomes pointless. Default to zero, which means the scriptlet never stops.

`tryCount, n`

This will cause the scriptlet to stop after n instances of mutation observer
run (regardless of whether a substitution occurred). Default to zero, which
means the scriptlet never stops.

`log, 1`

This will cause the scriptlet to output information at the console, useful as
a debugging tool for filter authors. The logging ability is supported only
in the dev build of uBO.

Examples of usage:

    example.com##+js(sed, script, /devtoolsDetector\.launch\(\)\;/, , sedCount, 1)

    example.com##+js(sed, #text, /^Advertisement$/)
2023-05-21 14:16:56 -04:00
Raymond Hill
d405460584
Add spoof-css scriptlet
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2618

Usage:

    example.com##+js(spoof-css, selector, property-name, property-value, ...)

- selector: a valid CSS selector which matches the elements for which
  the spoofing must apply.
- property-name: a CSS property name (can be dashed- or camel-cased)
- property-value: the value to return regardless of the currently
  computed value.

There can be any number of property-name/property-value pairs, all
separated by commas.

A special property-name/property-value pair `debug/1` can be used
to force the browser to break when `getComputedStyle()` or
`getBoundingClientrect()` is called, useful to help pinpoint usage
of those calls in the page's source code:

    example.com##+js(spoof-css, .ad, debug, 1)
2023-05-20 17:18:44 -04:00
Raymond Hill
2ef2888805
Expand/harden some scriptlets
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2615

Expand `set-constant`: 3rd parameter and beyond are tokens which
modify the behavior of `set-contant`. Valid tokens:

- `interactive`, `end`, `2`: set the constant when the event
  `DOMContentInteractive` is fired.
- `complete`, `idle`, `3`: set the constant when the event
  `load` is fired.
- `asFunction`: the constant will be a function returning the
  specified value.
- `asCallback`: the constant will be a function returning a
  function returning the specified value.
- `asResolved`: the constant will be a promise resolving to
  the specified value.
- `asRejected`: the constant will be a promise failing with
  the specified value.

Harden `no-setimeout-if` and `no-setinterval-if` as per feedback
from filter list maintainers.
2023-05-19 12:55:01 -04:00
Raymond Hill
df5437a54f
Revert "Render List stats below on mobile"
This reverts commit 9ea39886b6.
2023-05-17 15:44:11 -04:00
Raymond Hill
9ea39886b6
Render List stats below on mobile 2023-05-16 12:10:40 -04:00
Raymond Hill
6c29ae82f2
Protect against possible page modification to addEventListener 2023-04-28 07:58:23 -04:00
Raymond Hill
3c12173dfe
Add ability to execute aeld scriptlet at a later time
As per discussion with filter list maintainers.

THis requires to use JSON notation for parameter passing:

- "runAt":  "end" = execute scriptlet at `DOMContentLoaded` event
- "runAt": "idle" = execute scriptlet at `load` event
2023-04-27 12:52:17 -04:00
Raymond Hill
349c8ca619
Fix overzealous logging in acs scriptlet 2023-04-23 09:28:59 -04:00
Raymond Hill
cc062d3a8a
No need for redundant "safe" 2023-04-15 11:14:14 -04:00
Raymond Hill
e1500ee88d
Add ability to defer set-constant execution
A new optional parameter has been added to `set-constant`
scriptlet: `runAt`, default to `0`.

 ..##+js(set, document.body.oncontextmenu, null, 2)

When the `runAt` parameter is present, uBO will take it into
account to possibly defer execution of `set-constant`:

- `runAt` not present: execute immediately
- `runAt` = 1: execute immediately
- `runAt` = 2: execute when document state is "interactive"
- `runAt` = 3: execute when document state is `"complete"
2023-04-11 21:45:40 -04:00
Raymond Hill
edbe96a401
Add logging ability to acs scriptlet, for the benefit of filter list
maintainers.

To enable logging, use the JSON approach to pass parameters to
`acs` scriptlet. Example:

    ..##+js(acs, { "target": "document.oncontextmenu", "log": true })

Whereas "target", "needle", and "context" correspond to their
respective positional argument. Using JSON form to pass parameters
allows to specify extra paramters to facilitate debugging of that
scriptlet:

- `"log": true` => output useful information at the dev console.
- `"debug": true` => break at key locations in the scriptlet.

The added logging/debugging capabilities work only in the dev build
of uBO or if the advanced setting `filterAuthorMode` is set to
`true`.
2023-04-02 12:01:58 -04:00
Raymond Hill
b5d78a07bf
Fix type in variable name
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2570
2023-03-30 20:46:44 -04:00
Raymond Hill
c8af55e27a
Harden aeld scriptlet against page's tampering
Related feedback:
- https://github.com/uBlockOrigin/uBlock-discussions/discussions/1#discussioncomment-5433222
2023-03-26 14:02:21 -04:00
Raymond Hill
5c9c87e485
Add ability for scriptlets to share local data
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/1741

As a result of the new capability, usage of RegExp API in `aost`
scriptlet has been shielded from the webpage tampering with the
API.
2023-03-26 12:31:36 -04:00
Raymond Hill
236fb3ad59
Add scriptlet dependencies to reduce code duplication 2023-03-26 09:13:17 -04:00
Raymond Hill
439951824a
Remove addEventListenerLogger, expand addEventListenerDefuser
The scriptlet addEventListenerLogger has been removed.

The logging of addEventListener() calls can now be done with the
addEventListenerDefuser scriptlet, which now supports the
following named arguments:

"type": the event type to match. Default to '', i.e. match-all.

"pattern": the pattern to match against the handler argument
Default to '', i.e. match-all.

"log": an integer value telling when to log:

- 1: log only when both type and pattern matches, i.e. when a
     call to addEventListener() is defused
- 2: log when either the type or pattern matches
- 3: log all calls to addEventListener()

"debug": an integer value telling when to break into the
 debugger, useful to inspect the debugger's call stack.

- 1: break into the debugger when both type and pattern match,
     so effectively when defusing is taking place.
- 2: break into the debugger when either type or pattern matches.

The usage of named arguments is optional, positional arguments
are still supported as documented. Named arguments is required
to use "log" and/or "debug" arguments.

Obviously, do not use "log" or "debug" in any filter list, these
are investigative tools for filter list authors.

Examples of usage using named arguments:

  wikipedia.org##+js(aeld, { "type": "/mouse/", "pattern": "/.^/", "log": 2 })

Above filter will log calls to addEventListener() which have the
pattern "mouse" in the event type (so "mouseover", "mouseout",
etc.) without defusing any of them (because pattern can't match
anything).

  wikipedia.org##+js(aeld, { "type": "/.^/", "log": 2 })

Above filter will log all calls without defusing any of them
(because type can't match anything)

  wikipedia.org##+js(aeld, { "log": 1 })

Above filter will log and defuse all calls to addEventListener().
2023-03-25 12:35:56 -04:00
Raymond Hill
a51130baed
Remove unused scriptlets 2023-03-24 18:46:39 -04:00
Raymond Hill
18a84d2819
Refactor scriptlets injection code
Builtin scriptlets are no longer parsed as text-based resources,
they are imported as JS functions, and `toString()` is used to
obtain text-based representation of a scriptlet.

Scriptlet parameters are now passed as function call arguments
rather than by replacing text-based occurrences of `{{i}}`. The
arguments are always string values (see below for exception).

Support for argument as Object has been added. This opens the
door to have scriptlets using named arguments rather than
positional arguments, and hence easier to extend functionality
of existing scriptlets. Example:

    example.com##+js(scriplet, { "prop": "adblock", "value": false, "log": true })

Compatibility with user-provided scriptlets has been preserved.

User-provided scriptlets can benefit some of the changes:

Use the form `function(..){..}` instead of `(function(..){..})();`
in order to received scriptlet arguments as part of function call
-- instead of using `{{i}}`.

If using the form `function(..){..}`, you can choose to receive
an Object as argument -- just be sure that your scriptlet's
parameter is valid JSON notation.
2023-03-24 14:05:18 -04:00
Raymond Hill
e93117cbb6
Add call-nothrow scriptlet
The purpose is to prevent a call to an existing function from
throwing an exception. The exception will be caught by the
scriptlet and neutralized.

The first argument must be a reference to a function call. At
the moment, the function call must exist at the time the
scriptlet is called.
2023-03-14 18:50:01 -04:00
Raymond Hill
fc84fdee52
Fine tune scriptlet 2023-03-14 08:21:22 -04:00
Raymond Hill
b3821e6869
Support removing whole lines of text with regex in m3u-prune scriptlet
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2508

If the first argument is a regex with multine flag set, the
scriptlet will execute the regex against the whole text, and
remove matching text from the whole text.

If the matching text does not contains whole lines, the text
won't be removed, i.e. it is not allowed to remove only part
of a line.
2023-03-12 17:45:02 -04:00
Raymond Hill
4b4ef6a60c
Rename href-from-text to href-sanitizer, add argument
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2531#issuecomment-1462389539

Usage:
- example.com##+js(href-sanitizer, a[href^="/go?to="]:not([title]))
- example.com##+js(href-sanitizer, a[href^="/go?to="][title], [title])

The second argument is the attribute from which to extract the text
to be used for the `href` attribute of the link. If the second
attribute is absent, the text content of the element will be used.
2023-03-09 13:37:06 -05:00
Raymond Hill
e123256eaf
Add experimental href-from-text scriptlet
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/2531

Usage:

    example.com##+js(href-from-text, a[href^="/tracker-link?to="]

The above scriptlet will find all elements matching the selector
passed as 1st argument, and replace the `href` attribute with the
text content of the element, if all the following conditions are
met:

- The element is a link (`a`) element
- The link element has an existing `href` attribute
- The text content of the element is a valid `https`-based URL
2023-03-09 08:49:26 -05:00
Raymond Hill
2f646dbdb0
Pull reference Easylist assests from own repo 2022-10-24 12:37:04 -04:00