mirror of
https://github.com/gorhill/uBlock.git
synced 2024-11-17 07:52:42 +01:00
3c85c03194
<https://github.com/gorhill/uBlock/issues/3436>: a new per-site switch has been added, no-scripting, which purpose is to wholly disable/enable javascript for a given site. This new switch has precedence over all other ways javascript can be disabled, including precedence over dynamic filtering rules. The popup panel will report the number of script resources which have been seen by uBO for the current page. There is a minor inaccuracy to be fixed regarding the count, and which fix requires to extend request journaling. <https://github.com/gorhill/uBlock/issues/308>: the `noscript` tags will now be respected when the new no-scripting switch is in effect on a given site. A default setting has been added to the _Settings_ pane to disable/enable globally the new no-script switch, such that one can work in default-deny mode regarding javascript execution. <https://github.com/uBlockOrigin/uBlock-issues/issues/155>: a new hidden setting, `requestJournalProcessPeriod`, has been added to allow controlling the delay before uBO internally process it's network request journal queue. Default to 1000 (milliseconds).
1198 lines
38 KiB
JavaScript
1198 lines
38 KiB
JavaScript
/*******************************************************************************
|
|
|
|
uBlock Origin - a browser extension to block requests.
|
|
Copyright (C) 2014-present Raymond Hill
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program. If not, see {http://www.gnu.org/licenses/}.
|
|
|
|
Home: https://github.com/gorhill/uBlock
|
|
*/
|
|
|
|
'use strict';
|
|
|
|
/******************************************************************************/
|
|
|
|
// Start isolation from global scope
|
|
|
|
µBlock.webRequest = (function() {
|
|
|
|
/******************************************************************************/
|
|
|
|
var exports = {};
|
|
|
|
/******************************************************************************/
|
|
|
|
// Platform-specific behavior.
|
|
|
|
// https://github.com/uBlockOrigin/uBlock-issues/issues/42
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1376932
|
|
// Add proper version number detection once issue is fixed in Firefox.
|
|
let dontCacheResponseHeaders =
|
|
vAPI.webextFlavor.soup.has('firefox');
|
|
|
|
// https://github.com/gorhill/uMatrix/issues/967#issuecomment-373002011
|
|
// This can be removed once Firefox 60 ESR is released.
|
|
let cantMergeCSPHeaders =
|
|
vAPI.webextFlavor.soup.has('firefox') && vAPI.webextFlavor.major < 59;
|
|
|
|
|
|
// The real actual webextFlavor value may not be set in stone, so listen
|
|
// for possible future changes.
|
|
window.addEventListener('webextFlavor', function() {
|
|
dontCacheResponseHeaders =
|
|
vAPI.webextFlavor.soup.has('firefox');
|
|
cantMergeCSPHeaders =
|
|
vAPI.webextFlavor.soup.has('firefox') && vAPI.webextFlavor.major < 59;
|
|
}, { once: true });
|
|
|
|
/******************************************************************************/
|
|
|
|
// https://github.com/gorhill/uBlock/issues/2067
|
|
// Experimental: Block everything until uBO is fully ready.
|
|
// TODO: re-work vAPI code to match more closely how listeners are
|
|
// registered with the webRequest API. This will simplify implementing
|
|
// the feature here: we could have a temporary onBeforeRequest listener
|
|
// which blocks everything until all is ready.
|
|
// This would allow to avoid the permanent special test at the top of
|
|
// the main onBeforeRequest just to implement this.
|
|
// https://github.com/gorhill/uBlock/issues/3130
|
|
// Don't block root frame.
|
|
|
|
var onBeforeReady = null;
|
|
|
|
µBlock.onStartCompletedQueue.push(function(callback) {
|
|
vAPI.onLoadAllCompleted();
|
|
callback();
|
|
});
|
|
|
|
if ( µBlock.hiddenSettings.suspendTabsUntilReady ) {
|
|
onBeforeReady = (function() {
|
|
var suspendedTabs = new Set();
|
|
µBlock.onStartCompletedQueue.push(function(callback) {
|
|
onBeforeReady = null;
|
|
for ( var tabId of suspendedTabs ) {
|
|
vAPI.tabs.reload(tabId);
|
|
}
|
|
callback();
|
|
});
|
|
return function(details) {
|
|
if (
|
|
details.type !== 'main_frame' &&
|
|
vAPI.isBehindTheSceneTabId(details.tabId) === false
|
|
) {
|
|
suspendedTabs.add(details.tabId);
|
|
return true;
|
|
}
|
|
};
|
|
})();
|
|
}
|
|
|
|
/******************************************************************************/
|
|
|
|
// Intercept and filter web requests.
|
|
|
|
var onBeforeRequest = function(details) {
|
|
if ( onBeforeReady !== null && onBeforeReady(details) ) {
|
|
return { cancel: true };
|
|
}
|
|
|
|
// Special handling for root document.
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1001
|
|
// This must be executed regardless of whether the request is
|
|
// behind-the-scene
|
|
var requestType = details.type;
|
|
if ( requestType === 'main_frame' ) {
|
|
return onBeforeRootFrameRequest(details);
|
|
}
|
|
|
|
// Special treatment: behind-the-scene requests
|
|
var tabId = details.tabId;
|
|
if ( vAPI.isBehindTheSceneTabId(tabId) ) {
|
|
return onBeforeBehindTheSceneRequest(details);
|
|
}
|
|
|
|
// Lookup the page store associated with this tab id.
|
|
var µb = µBlock,
|
|
pageStore = µb.pageStoreFromTabId(tabId);
|
|
if ( !pageStore ) {
|
|
var tabContext = µb.tabContextManager.mustLookup(tabId);
|
|
if ( vAPI.isBehindTheSceneTabId(tabContext.tabId) ) {
|
|
return onBeforeBehindTheSceneRequest(details);
|
|
}
|
|
vAPI.tabs.onNavigation({ tabId: tabId, frameId: 0, url: tabContext.rawURL });
|
|
pageStore = µb.pageStoreFromTabId(tabId);
|
|
}
|
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/886
|
|
// For requests of type `sub_frame`, the parent frame id must be used
|
|
// to lookup the proper context:
|
|
// > If the document of a (sub-)frame is loaded (type is main_frame or
|
|
// > sub_frame), frameId indicates the ID of this frame, not the ID of
|
|
// > the outer frame.
|
|
// > (ref: https://developer.chrome.com/extensions/webRequest)
|
|
var isFrame = requestType === 'sub_frame';
|
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/114
|
|
var requestContext = pageStore.createContextFromFrameId(
|
|
isFrame ? details.parentFrameId : details.frameId
|
|
);
|
|
|
|
// Setup context and evaluate
|
|
var requestURL = details.url;
|
|
requestContext.requestURL = requestURL;
|
|
requestContext.requestHostname = µb.URI.hostnameFromURI(requestURL);
|
|
requestContext.requestType = requestType;
|
|
|
|
var result = pageStore.filterRequest(requestContext);
|
|
|
|
pageStore.journalAddRequest(requestContext.requestHostname, result);
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
µb.logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
pageStore.logData,
|
|
requestType,
|
|
requestURL,
|
|
requestContext.rootHostname,
|
|
requestContext.pageHostname
|
|
);
|
|
}
|
|
|
|
// Not blocked
|
|
if ( result !== 1 ) {
|
|
// https://github.com/chrisaljoudi/uBlock/issues/114
|
|
if ( details.parentFrameId !== -1 && isFrame ) {
|
|
pageStore.setFrame(details.frameId, requestURL);
|
|
}
|
|
requestContext.dispose();
|
|
return;
|
|
}
|
|
|
|
// Blocked
|
|
|
|
// https://github.com/gorhill/uBlock/issues/949
|
|
// Redirect blocked request?
|
|
if ( µb.hiddenSettings.ignoreRedirectFilters !== true ) {
|
|
var url = µb.redirectEngine.toURL(requestContext);
|
|
if ( url !== undefined ) {
|
|
pageStore.internalRedirectionCount += 1;
|
|
if ( µb.logger.isEnabled() ) {
|
|
µb.logger.writeOne(
|
|
tabId,
|
|
'redirect',
|
|
{ source: 'redirect', raw: µb.redirectEngine.resourceNameRegister },
|
|
requestType,
|
|
requestURL,
|
|
requestContext.rootHostname,
|
|
requestContext.pageHostname
|
|
);
|
|
}
|
|
requestContext.dispose();
|
|
return { redirectUrl: url };
|
|
}
|
|
}
|
|
|
|
requestContext.dispose();
|
|
return { cancel: true };
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
var onBeforeRootFrameRequest = function(details) {
|
|
var tabId = details.tabId,
|
|
requestURL = details.url,
|
|
µb = µBlock;
|
|
|
|
µb.tabContextManager.push(tabId, requestURL);
|
|
|
|
// Special handling for root document.
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1001
|
|
// This must be executed regardless of whether the request is
|
|
// behind-the-scene
|
|
var µburi = µb.URI,
|
|
requestHostname = µburi.hostnameFromURI(requestURL),
|
|
requestDomain = µburi.domainFromHostname(requestHostname) || requestHostname;
|
|
var context = {
|
|
rootHostname: requestHostname,
|
|
rootDomain: requestDomain,
|
|
pageHostname: requestHostname,
|
|
pageDomain: requestDomain,
|
|
requestURL: requestURL,
|
|
requestHostname: requestHostname,
|
|
requestType: 'main_frame'
|
|
};
|
|
var result = 0,
|
|
logData,
|
|
logEnabled = µb.logger.isEnabled();
|
|
|
|
// If the site is whitelisted, disregard strict blocking
|
|
if ( µb.getNetFilteringSwitch(requestURL) === false ) {
|
|
result = 2;
|
|
if ( logEnabled === true ) {
|
|
logData = { engine: 'u', result: 2, raw: 'whitelisted' };
|
|
}
|
|
}
|
|
|
|
// Permanently unrestricted?
|
|
if ( result === 0 && µb.hnSwitches.evaluateZ('no-strict-blocking', requestHostname) ) {
|
|
result = 2;
|
|
if ( logEnabled === true ) {
|
|
logData = { engine: 'u', result: 2, raw: 'no-strict-blocking: ' + µb.hnSwitches.z + ' true' };
|
|
}
|
|
}
|
|
|
|
// Temporarily whitelisted?
|
|
if ( result === 0 ) {
|
|
result = isTemporarilyWhitelisted(result, requestHostname);
|
|
if ( result === 2 && logEnabled === true ) {
|
|
logData = { engine: 'u', result: 2, raw: 'no-strict-blocking true (temporary)' };
|
|
}
|
|
}
|
|
|
|
// Static filtering: We always need the long-form result here.
|
|
var snfe = µb.staticNetFilteringEngine;
|
|
|
|
// Check for specific block
|
|
if ( result === 0 ) {
|
|
result = snfe.matchStringExactType(context, requestURL, 'main_frame');
|
|
if ( result !== 0 || logEnabled === true ) {
|
|
logData = snfe.toLogData();
|
|
}
|
|
}
|
|
|
|
// Check for generic block
|
|
if ( result === 0 ) {
|
|
result = snfe.matchStringExactType(context, requestURL, 'no_type');
|
|
if ( result !== 0 || logEnabled === true ) {
|
|
logData = snfe.toLogData();
|
|
}
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1128
|
|
// Do not block if the match begins after the hostname, except when
|
|
// the filter is specifically of type `other`.
|
|
// https://github.com/gorhill/uBlock/issues/490
|
|
// Removing this for the time being, will need a new, dedicated type.
|
|
if (
|
|
result === 1 &&
|
|
toBlockDocResult(requestURL, requestHostname, logData) === false
|
|
) {
|
|
result = 0;
|
|
logData = undefined;
|
|
}
|
|
}
|
|
|
|
// Log
|
|
var pageStore = µb.bindTabToPageStats(tabId, 'beforeRequest');
|
|
if ( pageStore ) {
|
|
pageStore.journalAddRootFrame('uncommitted', requestURL);
|
|
pageStore.journalAddRequest(requestHostname, result);
|
|
}
|
|
|
|
if ( logEnabled ) {
|
|
µb.logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
logData,
|
|
'main_frame',
|
|
requestURL,
|
|
requestHostname,
|
|
requestHostname
|
|
);
|
|
}
|
|
|
|
// Not blocked
|
|
if ( result !== 1 ) { return; }
|
|
|
|
// No log data means no strict blocking (because we need to report why
|
|
// the blocking occurs.
|
|
if ( logData === undefined ) { return; }
|
|
|
|
// Blocked
|
|
var query = btoa(JSON.stringify({
|
|
url: requestURL,
|
|
hn: requestHostname,
|
|
dn: requestDomain,
|
|
fc: logData.compiled,
|
|
fs: logData.raw
|
|
}));
|
|
|
|
vAPI.tabs.replace(tabId, vAPI.getURL('document-blocked.html?details=') + query);
|
|
|
|
return { cancel: true };
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
// https://github.com/gorhill/uBlock/issues/3208
|
|
// Mind case insensitivity.
|
|
|
|
var toBlockDocResult = function(url, hostname, logData) {
|
|
if ( typeof logData.regex !== 'string' ) { return false; }
|
|
var re = new RegExp(logData.regex, 'i'),
|
|
match = re.exec(url.toLowerCase());
|
|
if ( match === null ) { return false; }
|
|
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1128
|
|
// https://github.com/chrisaljoudi/uBlock/issues/1212
|
|
// Relax the rule: verify that the match is completely before the path part
|
|
return (match.index + match[0].length) <=
|
|
(url.indexOf(hostname) + hostname.length + 1);
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
// Intercept and filter behind-the-scene requests.
|
|
|
|
// https://github.com/gorhill/uBlock/issues/870
|
|
// Finally, Chromium 49+ gained the ability to report network request of type
|
|
// `beacon`, so now we can block them according to the state of the
|
|
// "Disable hyperlink auditing/beacon" setting.
|
|
|
|
var onBeforeBehindTheSceneRequest = function(details) {
|
|
var µb = µBlock,
|
|
pageStore = µb.pageStoreFromTabId(details.tabId);
|
|
if ( pageStore === null ) { return; }
|
|
|
|
var µburi = µb.URI,
|
|
context = pageStore.createContextFromPage(),
|
|
requestType = details.type,
|
|
requestURL = details.url;
|
|
|
|
context.requestURL = requestURL;
|
|
context.requestHostname = µburi.hostnameFromURI(requestURL);
|
|
context.requestType = requestType;
|
|
|
|
var normalURL;
|
|
if ( details.tabId === vAPI.anyTabId && context.pageHostname === '' ) {
|
|
normalURL = µb.normalizePageURL(0, details.documentUrl);
|
|
context.pageHostname = µburi.hostnameFromURI(normalURL);
|
|
context.pageDomain = µburi.domainFromHostname(context.pageHostname);
|
|
context.rootHostname = context.pageHostname;
|
|
context.rootDomain = context.pageDomain;
|
|
}
|
|
|
|
pageStore.logData = undefined;
|
|
|
|
// https://bugs.chromium.org/p/chromium/issues/detail?id=637577#c15
|
|
// Do not filter behind-the-scene network request of type `beacon`: there
|
|
// is no point. In any case, this will become a non-issue once
|
|
// <https://bugs.chromium.org/p/chromium/issues/detail?id=522129> is
|
|
// fixed.
|
|
|
|
// Blocking behind-the-scene requests can break a lot of stuff: prevent
|
|
// browser updates, prevent extension updates, prevent extensions from
|
|
// working properly, etc.
|
|
// So we filter if and only if the "advanced user" mode is selected.
|
|
// https://github.com/gorhill/uBlock/issues/3150
|
|
// Ability to globally block CSP reports MUST also apply to
|
|
// behind-the-scene network requests.
|
|
|
|
// 2018-03-30:
|
|
// Filter all behind-the-scene network requests like any other network
|
|
// requests. Hopefully this will not break stuff as it used to be the
|
|
// case.
|
|
|
|
var result = 0;
|
|
|
|
if (
|
|
µburi.isNetworkURI(details.documentUrl) ||
|
|
µb.userSettings.advancedUserEnabled ||
|
|
requestType === 'csp_report'
|
|
) {
|
|
result = pageStore.filterRequest(context);
|
|
|
|
// The "any-tab" scope is not whitelist-able, and in such case we must
|
|
// use the origin URL as the scope. Most such requests aren't going to
|
|
// be blocked, so we further test for whitelisting and modify the
|
|
// result only when the request is being blocked.
|
|
if (
|
|
result === 1 &&
|
|
normalURL !== undefined &&
|
|
µb.getNetFilteringSwitch(normalURL) === false
|
|
) {
|
|
result = 2;
|
|
pageStore.logData = { engine: 'u', result: 2, raw: 'whitelisted' };
|
|
}
|
|
}
|
|
|
|
pageStore.journalAddRequest(context.requestHostname, result);
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
µb.logger.writeOne(
|
|
details.tabId,
|
|
'net',
|
|
pageStore.logData,
|
|
requestType,
|
|
requestURL,
|
|
context.rootHostname,
|
|
context.rootHostname
|
|
);
|
|
}
|
|
|
|
context.dispose();
|
|
|
|
// Blocked?
|
|
if ( result === 1 ) {
|
|
return { 'cancel': true };
|
|
}
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
// https://github.com/gorhill/uBlock/issues/3140
|
|
|
|
var onBeforeMaybeSpuriousCSPReport = function(details) {
|
|
var tabId = details.tabId;
|
|
|
|
// Ignore behind-the-scene requests.
|
|
if ( vAPI.isBehindTheSceneTabId(tabId) ) { return; }
|
|
|
|
// Lookup the page store associated with this tab id.
|
|
var µb = µBlock,
|
|
pageStore = µb.pageStoreFromTabId(tabId);
|
|
if ( pageStore === null ) { return; }
|
|
|
|
// If uBO is disabled for the page, it can't possibly causes CSP reports
|
|
// to be triggered.
|
|
if ( pageStore.getNetFilteringSwitch() === false ) { return; }
|
|
|
|
// A resource was redirected to a neutered one?
|
|
// TODO: mind injected scripts/styles as well.
|
|
if ( pageStore.internalRedirectionCount === 0 ) { return; }
|
|
|
|
var textDecoder = onBeforeMaybeSpuriousCSPReport.textDecoder;
|
|
if (
|
|
textDecoder === undefined &&
|
|
typeof self.TextDecoder === 'function'
|
|
) {
|
|
textDecoder =
|
|
onBeforeMaybeSpuriousCSPReport.textDecoder = new TextDecoder();
|
|
}
|
|
|
|
// Find out whether the CSP report is a potentially spurious CSP report.
|
|
// If from this point on we are unable to parse the CSP report data, the
|
|
// safest assumption to protect users is to assume the CSP report is
|
|
// spurious.
|
|
if (
|
|
textDecoder !== undefined &&
|
|
details.method === 'POST'
|
|
) {
|
|
var raw = details.requestBody && details.requestBody.raw;
|
|
if (
|
|
Array.isArray(raw) &&
|
|
raw.length !== 0 &&
|
|
raw[0] instanceof Object &&
|
|
raw[0].bytes instanceof ArrayBuffer
|
|
) {
|
|
var data;
|
|
try {
|
|
data = JSON.parse(textDecoder.decode(raw[0].bytes));
|
|
} catch (ex) {
|
|
}
|
|
if ( data instanceof Object ) {
|
|
var report = data['csp-report'];
|
|
if ( report instanceof Object ) {
|
|
var blocked = report['blocked-uri'] || report['blockedURI'],
|
|
validBlocked = typeof blocked === 'string',
|
|
source = report['source-file'] || report['sourceFile'],
|
|
validSource = typeof source === 'string';
|
|
if (
|
|
(validBlocked || validSource) &&
|
|
(!validBlocked || !blocked.startsWith('data')) &&
|
|
(!validSource || !source.startsWith('data'))
|
|
) {
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Potentially spurious CSP report.
|
|
if ( µb.logger.isEnabled() ) {
|
|
var hostname = µb.URI.hostnameFromURI(details.url);
|
|
µb.logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
{ result: 1, source: 'global', raw: 'no-spurious-csp-report' },
|
|
'csp_report',
|
|
details.url,
|
|
hostname,
|
|
hostname
|
|
);
|
|
}
|
|
|
|
return { cancel: true };
|
|
};
|
|
|
|
onBeforeMaybeSpuriousCSPReport.textDecoder = undefined;
|
|
|
|
/******************************************************************************/
|
|
|
|
// To handle:
|
|
// - Media elements larger than n kB
|
|
// - Scriptlet injection (requires ability to modify response body)
|
|
// - HTML filtering (requires ability to modify response body)
|
|
// - CSP injection
|
|
|
|
var onHeadersReceived = function(details) {
|
|
// Do not interfere with behind-the-scene requests.
|
|
let tabId = details.tabId;
|
|
if ( vAPI.isBehindTheSceneTabId(tabId) ) { return; }
|
|
|
|
let µb = µBlock,
|
|
requestType = details.type,
|
|
isRootDoc = requestType === 'main_frame',
|
|
isDoc = isRootDoc || requestType === 'sub_frame';
|
|
|
|
if ( isRootDoc ) {
|
|
µb.tabContextManager.push(tabId, details.url);
|
|
}
|
|
|
|
let pageStore = µb.pageStoreFromTabId(tabId);
|
|
if ( pageStore === null ) {
|
|
if ( isRootDoc === false ) { return; }
|
|
pageStore = µb.bindTabToPageStats(tabId, 'beforeRequest');
|
|
}
|
|
if ( pageStore.getNetFilteringSwitch() === false ) { return; }
|
|
|
|
if ( requestType === 'image' || requestType === 'media' ) {
|
|
return foilLargeMediaElement(pageStore, details);
|
|
}
|
|
|
|
if ( isDoc === false ) { return; }
|
|
|
|
// Keep in mind response headers will be modified in-place if needed, so
|
|
// `details.responseHeaders` will always point to the modified response
|
|
// headers.
|
|
let responseHeaders = details.responseHeaders;
|
|
|
|
// https://github.com/gorhill/uBlock/issues/2813
|
|
// Disable the blocking of large media elements if the document is itself
|
|
// a media element: the resource was not prevented from loading so no
|
|
// point to further block large media elements for the current document.
|
|
if ( isRootDoc ) {
|
|
let contentType = headerValueFromName('content-type', responseHeaders);
|
|
if ( reMediaContentTypes.test(contentType) ) {
|
|
pageStore.allowLargeMediaElementsUntil = Date.now() + 86400000;
|
|
return;
|
|
}
|
|
}
|
|
|
|
// At this point we have a HTML document.
|
|
|
|
let filteredHTML = µb.canFilterResponseBody &&
|
|
filterDocument(pageStore, details) === true;
|
|
|
|
let modifiedHeaders = injectCSP(pageStore, details) === true;
|
|
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1376932
|
|
// Prevent document from being cached by the browser if we modified it,
|
|
// either through HTML filtering and/or modified response headers.
|
|
if ( (filteredHTML || modifiedHeaders) && dontCacheResponseHeaders ) {
|
|
let i = headerIndexFromName('cache-control', responseHeaders);
|
|
if ( i !== -1 ) {
|
|
responseHeaders[i].value = 'no-cache, no-store, must-revalidate';
|
|
} else {
|
|
responseHeaders[responseHeaders.length] = {
|
|
name: 'Cache-Control',
|
|
value: 'no-cache, no-store, must-revalidate'
|
|
};
|
|
}
|
|
modifiedHeaders = true;
|
|
}
|
|
|
|
if ( modifiedHeaders ) {
|
|
return { responseHeaders: responseHeaders };
|
|
}
|
|
};
|
|
|
|
var reMediaContentTypes = /^(?:audio|image|video)\//;
|
|
|
|
/*******************************************************************************
|
|
|
|
The response body filterer is responsible for:
|
|
|
|
- HTML filtering
|
|
|
|
In the spirit of efficiency, the response body filterer works this way:
|
|
|
|
If:
|
|
- HTML filtering: no.
|
|
Then:
|
|
No response body filtering is initiated.
|
|
|
|
If:
|
|
- HTML filtering: yes.
|
|
Then:
|
|
Assemble all response body data into a single buffer. Once all the
|
|
response data has been received, create a document from it. Then:
|
|
- Remove all DOM elements matching HTML filters.
|
|
Then serialize the resulting modified document as the new response
|
|
body.
|
|
|
|
**/
|
|
|
|
var filterDocument = (function() {
|
|
var µb = µBlock,
|
|
filterers = new Map(),
|
|
domParser, xmlSerializer,
|
|
utf8TextDecoder, textDecoder, textEncoder;
|
|
|
|
var textDecode = function(encoding, buffer) {
|
|
if (
|
|
textDecoder !== undefined &&
|
|
textDecoder.encoding !== encoding
|
|
) {
|
|
textDecoder = undefined;
|
|
}
|
|
if ( textDecoder === undefined ) {
|
|
textDecoder = new TextDecoder(encoding);
|
|
}
|
|
return textDecoder.decode(buffer);
|
|
};
|
|
|
|
var reContentTypeDocument = /^(?:text\/html|application\/xhtml\+xml)/i,
|
|
reContentTypeCharset = /charset=['"]?([^'" ]+)/i;
|
|
|
|
var mimeFromContentType = function(contentType) {
|
|
var match = reContentTypeDocument.exec(contentType);
|
|
if ( match !== null ) {
|
|
return match[0].toLowerCase();
|
|
}
|
|
};
|
|
|
|
var charsetFromContentType = function(contentType) {
|
|
var match = reContentTypeCharset.exec(contentType);
|
|
if ( match !== null ) {
|
|
return match[1].toLowerCase();
|
|
}
|
|
};
|
|
|
|
var charsetFromDoc = function(doc) {
|
|
var meta = doc.querySelector('meta[charset]');
|
|
if ( meta !== null ) {
|
|
return meta.getAttribute('charset').toLowerCase();
|
|
}
|
|
meta = doc.querySelector(
|
|
'meta[http-equiv="content-type" i][content]'
|
|
);
|
|
if ( meta !== null ) {
|
|
return charsetFromContentType(meta.getAttribute('content'));
|
|
}
|
|
};
|
|
|
|
var streamClose = function(filterer, buffer) {
|
|
if ( buffer !== undefined ) {
|
|
filterer.stream.write(buffer);
|
|
} else if ( filterer.buffer !== undefined ) {
|
|
filterer.stream.write(filterer.buffer);
|
|
}
|
|
filterer.stream.close();
|
|
};
|
|
|
|
var onStreamData = function(ev) {
|
|
var filterer = filterers.get(this);
|
|
if ( filterer === undefined ) {
|
|
this.write(ev.data);
|
|
this.disconnect();
|
|
return;
|
|
}
|
|
if (
|
|
this.status !== 'transferringdata' &&
|
|
this.status !== 'finishedtransferringdata'
|
|
) {
|
|
filterers.delete(this);
|
|
this.disconnect();
|
|
return;
|
|
}
|
|
// TODO:
|
|
// - Possibly improve buffer growth, if benchmarking shows it's worth
|
|
// it.
|
|
// - Also evaluate whether keeping a list of buffers and then decoding
|
|
// them in sequence using TextDecoder's "stream" option is more
|
|
// efficient. Can the data buffers be safely kept around for later
|
|
// use?
|
|
// - Informal, quick benchmarks seem to show most of the overhead is
|
|
// from calling TextDecoder.decode() and TextEncoder.encode(), and if
|
|
// confirmed, there is nothing which can be done uBO-side to reduce
|
|
// overhead.
|
|
if ( filterer.buffer === null ) {
|
|
filterer.buffer = new Uint8Array(ev.data);
|
|
return;
|
|
}
|
|
var buffer = new Uint8Array(
|
|
filterer.buffer.byteLength +
|
|
ev.data.byteLength
|
|
);
|
|
buffer.set(filterer.buffer);
|
|
buffer.set(new Uint8Array(ev.data), filterer.buffer.byteLength);
|
|
filterer.buffer = buffer;
|
|
};
|
|
|
|
var onStreamStop = function() {
|
|
var filterer = filterers.get(this);
|
|
filterers.delete(this);
|
|
if ( filterer === undefined || filterer.buffer === null ) {
|
|
this.close();
|
|
return;
|
|
}
|
|
if ( this.status !== 'finishedtransferringdata' ) { return; }
|
|
|
|
if ( domParser === undefined ) {
|
|
domParser = new DOMParser();
|
|
xmlSerializer = new XMLSerializer();
|
|
}
|
|
if ( textEncoder === undefined ) {
|
|
textEncoder = new TextEncoder();
|
|
}
|
|
|
|
var doc;
|
|
|
|
// If stream encoding is still unknnown, try to extract from document.
|
|
var charsetFound = filterer.charset,
|
|
charsetUsed = charsetFound;
|
|
if ( charsetFound === undefined ) {
|
|
if ( utf8TextDecoder === undefined ) {
|
|
utf8TextDecoder = new TextDecoder();
|
|
}
|
|
doc = domParser.parseFromString(
|
|
utf8TextDecoder.decode(filterer.buffer.slice(0, 1024)),
|
|
filterer.mime
|
|
);
|
|
charsetFound = charsetFromDoc(doc);
|
|
charsetUsed = µb.textEncode.normalizeCharset(charsetFound);
|
|
if ( charsetUsed === undefined ) {
|
|
return streamClose(filterer);
|
|
}
|
|
}
|
|
|
|
doc = domParser.parseFromString(
|
|
textDecode(charsetUsed, filterer.buffer),
|
|
filterer.mime
|
|
);
|
|
|
|
// https://github.com/gorhill/uBlock/issues/3507
|
|
// In case of no explicit charset found, try to find one again, but
|
|
// this time with the whole document parsed.
|
|
if ( charsetFound === undefined ) {
|
|
charsetFound = µb.textEncode.normalizeCharset(charsetFromDoc(doc));
|
|
if ( charsetFound !== charsetUsed ) {
|
|
if ( charsetFound === undefined ) {
|
|
return streamClose(filterer);
|
|
}
|
|
charsetUsed = charsetFound;
|
|
doc = domParser.parseFromString(
|
|
textDecode(charsetFound, filterer.buffer),
|
|
filterer.mime
|
|
);
|
|
}
|
|
}
|
|
|
|
var modified = false;
|
|
if ( filterer.selectors !== undefined ) {
|
|
if ( µb.htmlFilteringEngine.apply(doc, filterer) ) {
|
|
modified = true;
|
|
}
|
|
}
|
|
|
|
if ( modified === false ) {
|
|
return streamClose(filterer);
|
|
}
|
|
|
|
// https://stackoverflow.com/questions/6088972/get-doctype-of-an-html-as-string-with-javascript/10162353#10162353
|
|
var doctypeStr = doc.doctype instanceof Object ?
|
|
xmlSerializer.serializeToString(doc.doctype) + '\n' :
|
|
'';
|
|
|
|
// https://github.com/gorhill/uBlock/issues/3391
|
|
var encodedStream = textEncoder.encode(
|
|
doctypeStr +
|
|
doc.documentElement.outerHTML
|
|
);
|
|
if ( charsetUsed !== 'utf-8' ) {
|
|
encodedStream = µb.textEncode.encode(
|
|
charsetUsed,
|
|
encodedStream
|
|
);
|
|
}
|
|
|
|
streamClose(filterer, encodedStream);
|
|
};
|
|
|
|
var onStreamError = function() {
|
|
filterers.delete(this);
|
|
};
|
|
|
|
return function(pageStore, details) {
|
|
// https://github.com/gorhill/uBlock/issues/3478
|
|
var statusCode = details.statusCode || 0;
|
|
if ( statusCode !== 0 && (statusCode < 200 || statusCode >= 300) ) {
|
|
return;
|
|
}
|
|
|
|
var hostname = µb.URI.hostnameFromURI(details.url);
|
|
if ( hostname === '' ) { return; }
|
|
|
|
var domain = µb.URI.domainFromHostname(hostname);
|
|
|
|
var request = {
|
|
stream: undefined,
|
|
tabId: details.tabId,
|
|
url: details.url,
|
|
hostname: hostname,
|
|
domain: domain,
|
|
entity: µb.URI.entityFromDomain(domain),
|
|
selectors: undefined,
|
|
buffer: null,
|
|
mime: 'text/html',
|
|
charset: undefined
|
|
};
|
|
|
|
request.selectors = µb.htmlFilteringEngine.retrieve(request);
|
|
if ( request.selectors === undefined ) { return; }
|
|
|
|
var headers = details.responseHeaders,
|
|
contentType = headerValueFromName('content-type', headers);
|
|
if ( contentType !== '' ) {
|
|
request.mime = mimeFromContentType(contentType);
|
|
if ( request.mime === undefined ) { return; }
|
|
var charset = charsetFromContentType(contentType);
|
|
if ( charset !== undefined ) {
|
|
charset = µb.textEncode.normalizeCharset(charset);
|
|
if ( charset === undefined ) { return; }
|
|
request.charset = charset;
|
|
}
|
|
}
|
|
// https://bugzilla.mozilla.org/show_bug.cgi?id=1426789
|
|
if ( headerValueFromName('content-disposition', headers) ) { return; }
|
|
|
|
var stream = request.stream =
|
|
vAPI.net.webRequest.filterResponseData(details.requestId);
|
|
stream.ondata = onStreamData;
|
|
stream.onstop = onStreamStop;
|
|
stream.onerror = onStreamError;
|
|
filterers.set(stream, request);
|
|
|
|
return true;
|
|
};
|
|
})();
|
|
|
|
/******************************************************************************/
|
|
|
|
var injectCSP = function(pageStore, details) {
|
|
let µb = µBlock,
|
|
tabId = details.tabId,
|
|
requestURL = details.url,
|
|
loggerEnabled = µb.logger.isEnabled(),
|
|
logger = µb.logger,
|
|
cspSubsets = [];
|
|
|
|
let context = pageStore.createContextFromPage();
|
|
context.requestHostname = µb.URI.hostnameFromURI(requestURL);
|
|
if ( details.type !== 'main_frame' ) {
|
|
context.pageHostname = context.pageDomain = context.requestHostname;
|
|
}
|
|
context.requestURL = requestURL;
|
|
|
|
// Start collecting policies >>>>>>>>
|
|
|
|
// ======== built-in policies
|
|
|
|
let builtinDirectives = [];
|
|
|
|
context.requestType = 'script';
|
|
if ( pageStore.filterScripting(context.rootHostname) === 1 ) {
|
|
builtinDirectives.push("script-src *");
|
|
if ( loggerEnabled === true ) {
|
|
logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
pageStore.logData,
|
|
'no-scripting',
|
|
requestURL,
|
|
context.rootHostname,
|
|
context.pageHostname
|
|
);
|
|
}
|
|
} else {
|
|
context.requestType = 'inline-script';
|
|
if ( pageStore.filterRequest(context) === 1 ) {
|
|
builtinDirectives.push("script-src 'unsafe-eval' * blob: data:");
|
|
}
|
|
if ( loggerEnabled === true ) {
|
|
logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
pageStore.logData,
|
|
'inline-script',
|
|
requestURL,
|
|
context.rootHostname,
|
|
context.pageHostname
|
|
);
|
|
}
|
|
}
|
|
|
|
// https://github.com/gorhill/uBlock/issues/1539
|
|
// - Use a CSP to also forbid inline fonts if remote fonts are blocked.
|
|
context.requestType = 'inline-font';
|
|
if ( pageStore.filterRequest(context) === 1 ) {
|
|
builtinDirectives.push('font-src *');
|
|
if ( loggerEnabled === true ) {
|
|
logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
pageStore.logData,
|
|
'inline-font',
|
|
requestURL,
|
|
context.rootHostname,
|
|
context.pageHostname
|
|
);
|
|
}
|
|
}
|
|
|
|
if ( builtinDirectives.length !== 0 ) {
|
|
cspSubsets[0] = builtinDirectives.join('; ');
|
|
}
|
|
|
|
// ======== filter-based policies
|
|
|
|
// Static filtering.
|
|
|
|
let logDataEntries = [];
|
|
|
|
µb.staticNetFilteringEngine.matchAndFetchData(
|
|
'csp',
|
|
requestURL,
|
|
cspSubsets,
|
|
loggerEnabled === true ? logDataEntries : undefined
|
|
);
|
|
|
|
// URL filtering `allow` rules override static filtering.
|
|
if (
|
|
cspSubsets.length !== 0 &&
|
|
µb.sessionURLFiltering.evaluateZ(context.rootHostname, requestURL, 'csp') === 2
|
|
) {
|
|
if ( loggerEnabled === true ) {
|
|
logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
µb.sessionURLFiltering.toLogData(),
|
|
'csp',
|
|
requestURL,
|
|
context.rootHostname,
|
|
context.pageHostname
|
|
);
|
|
}
|
|
context.dispose();
|
|
return;
|
|
}
|
|
|
|
// Dynamic filtering `allow` rules override static filtering.
|
|
if (
|
|
cspSubsets.length !== 0 &&
|
|
µb.userSettings.advancedUserEnabled &&
|
|
µb.sessionFirewall.evaluateCellZY(context.rootHostname, context.rootHostname, '*') === 2
|
|
) {
|
|
if ( loggerEnabled === true ) {
|
|
logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
µb.sessionFirewall.toLogData(),
|
|
'csp',
|
|
requestURL,
|
|
context.rootHostname,
|
|
context.pageHostname
|
|
);
|
|
}
|
|
context.dispose();
|
|
return;
|
|
}
|
|
|
|
// <<<<<<<< All policies have been collected
|
|
|
|
// Static CSP policies will be applied.
|
|
for ( let entry of logDataEntries ) {
|
|
logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
entry,
|
|
'csp',
|
|
requestURL,
|
|
context.rootHostname,
|
|
context.pageHostname
|
|
);
|
|
}
|
|
|
|
context.dispose();
|
|
|
|
if ( cspSubsets.length === 0 ) {
|
|
return;
|
|
}
|
|
|
|
µb.updateToolbarIcon(tabId, 0x02);
|
|
|
|
// Use comma to merge CSP directives.
|
|
// Ref.: https://www.w3.org/TR/CSP2/#implementation-considerations
|
|
//
|
|
// https://github.com/gorhill/uMatrix/issues/967
|
|
// Inject a new CSP header rather than modify an existing one, except
|
|
// if the current environment does not support merging headers:
|
|
// Firefox 58/webext and less can't merge CSP headers, so we will merge
|
|
// them here.
|
|
let headers = details.responseHeaders;
|
|
|
|
if ( cantMergeCSPHeaders ) {
|
|
let i = headerIndexFromName('content-security-policy', headers);
|
|
if ( i !== -1 ) {
|
|
cspSubsets.unshift(headers[i].value.trim());
|
|
headers.splice(i, 1);
|
|
}
|
|
}
|
|
|
|
headers.push({
|
|
name: 'Content-Security-Policy',
|
|
value: cspSubsets.join(', ')
|
|
});
|
|
|
|
return true;
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
// https://github.com/gorhill/uBlock/issues/1163
|
|
// "Block elements by size"
|
|
|
|
var foilLargeMediaElement = function(pageStore, details) {
|
|
var µb = µBlock;
|
|
|
|
var i = headerIndexFromName('content-length', details.responseHeaders);
|
|
if ( i === -1 ) { return; }
|
|
|
|
var tabId = details.tabId,
|
|
size = parseInt(details.responseHeaders[i].value, 10) || 0,
|
|
result = pageStore.filterLargeMediaElement(size);
|
|
if ( result === 0 ) { return; }
|
|
|
|
if ( µb.logger.isEnabled() ) {
|
|
µb.logger.writeOne(
|
|
tabId,
|
|
'net',
|
|
pageStore.logData,
|
|
details.type,
|
|
details.url,
|
|
pageStore.tabHostname,
|
|
pageStore.tabHostname
|
|
);
|
|
}
|
|
|
|
return { cancel: true };
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
// Caller must ensure headerName is normalized to lower case.
|
|
|
|
var headerIndexFromName = function(headerName, headers) {
|
|
var i = headers.length;
|
|
while ( i-- ) {
|
|
if ( headers[i].name.toLowerCase() === headerName ) {
|
|
return i;
|
|
}
|
|
}
|
|
return -1;
|
|
};
|
|
|
|
var headerValueFromName = function(headerName, headers) {
|
|
var i = headerIndexFromName(headerName, headers);
|
|
return i !== -1 ? headers[i].value : '';
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
vAPI.net.onBeforeRequest = {
|
|
urls: [
|
|
'http://*/*',
|
|
'https://*/*'
|
|
],
|
|
extra: [ 'blocking' ],
|
|
callback: onBeforeRequest
|
|
};
|
|
|
|
vAPI.net.onBeforeMaybeSpuriousCSPReport = {
|
|
callback: onBeforeMaybeSpuriousCSPReport
|
|
};
|
|
|
|
vAPI.net.onHeadersReceived = {
|
|
urls: [
|
|
'http://*/*',
|
|
'https://*/*'
|
|
],
|
|
types: [
|
|
'main_frame',
|
|
'sub_frame',
|
|
'image',
|
|
'media'
|
|
],
|
|
extra: [ 'blocking', 'responseHeaders' ],
|
|
callback: onHeadersReceived
|
|
};
|
|
|
|
vAPI.net.registerListeners();
|
|
|
|
/******************************************************************************/
|
|
|
|
var isTemporarilyWhitelisted = function(result, hostname) {
|
|
var obsolete, pos;
|
|
|
|
for (;;) {
|
|
obsolete = documentWhitelists[hostname];
|
|
if ( obsolete !== undefined ) {
|
|
if ( obsolete > Date.now() ) {
|
|
if ( result === 0 ) {
|
|
return 2;
|
|
}
|
|
} else {
|
|
delete documentWhitelists[hostname];
|
|
}
|
|
}
|
|
pos = hostname.indexOf('.');
|
|
if ( pos === -1 ) { break; }
|
|
hostname = hostname.slice(pos + 1);
|
|
}
|
|
return result;
|
|
};
|
|
|
|
var documentWhitelists = Object.create(null);
|
|
|
|
/******************************************************************************/
|
|
|
|
exports.temporarilyWhitelistDocument = function(hostname) {
|
|
if ( typeof hostname !== 'string' || hostname === '' ) {
|
|
return;
|
|
}
|
|
|
|
documentWhitelists[hostname] = Date.now() + 60 * 1000;
|
|
};
|
|
|
|
/******************************************************************************/
|
|
|
|
return exports;
|
|
|
|
/******************************************************************************/
|
|
|
|
})();
|
|
|
|
/******************************************************************************/
|