security-and-privacy/CanvasBlocker
security-and-privacy
/
CanvasBlocker
mirror of https://github.com/kkapsner/CanvasBlocker
1
0
Fork 0
Code Releases Activity

Fix fields hosted on braintree when window API is protected 

Fixes #417
This commit is contained in:
kkapsner 2020-01-02 11:41:13 +01:00
parent b361733c73
commit d09340e84f
10 changed files with 89 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
_locales/de/messages.json
View File

@ -1068,7 +1068,19 @@
"description": ""
},
"protectWindow_askReCaptchaException": {
"message": "Wenn die Window-API beschützt wird, funktioniert reCAPTCHA nicht mehr. Wollen Sie dafür eine Ausnahme hinzufügen?",
"message": "Wenn die Window-API beschützt wird, funktioniert reCAPTCHA nicht mehr. Wollen Sie die window.name-API in eingebetteten Seiten erlauben, damit es wieder funktioniert?",
"description": ""
},
"allowWindowNameInFrames_title": {
"message": "Erlaube window.name in Frames",
"description": ""
},
"allowWindowNameInFrames_description": {
"message": "Die window.name-API ist im Kontext eingebetteter Seiten nicht besonders gefährlich und wird dort für legitime Anwendungen (z.B. reCAPTCHA) verwendet. Diese Einstellung erlaubt die Benutzung dort.",
"description": ""
},
"allowWindowNameInFrames_urlSpecific": {
"message": "Um die für bestimmte Seiten zu erlauben, klicken Sie auf den schwarzen Pfeil um das Menü zu öffnen, fügen Sie die gewünschte Domain oder URL mit einem Klick auf \\\"+\\\" hinzu und setzen Sie das zugehörige Häkchen.",
"description": ""
},
"protectDOMRect_title": {
@ -1528,7 +1540,7 @@
"description": ""
},
"preset_recaptcha_description": {
"message": "Der window-API-Schutz macht reCAPTCHA unbenutzbar. Diese Voreinstellung fügt eine Ausnahme dafür hinzu.",
"message": "Der window-API-Schutz macht reCAPTCHA unbenutzbar. Diese Voreinstellung erlaubt die Benutzung der window.name-API in eingebetteten Seite. Dadurch funktioniert es wieder.",
"description": ""
}
}

17
_locales/en/messages.json
View File

@ -1111,7 +1111,20 @@
"description": ""
},
"protectWindow_askReCaptchaException": {
"message": "Protecting the window API breaks reCAPTCHA. Do you want to add an exception for it?",
"message": "Protecting the window API breaks reCAPTCHA. Do you want to allow the window.name API in embedded pages which will make if work again?",
"description": ""
},
"allowWindowNameInFrames_title": {
"message": "Allow window.name in frames",
"description": ""
},
"allowWindowNameInFrames_description": {
"message": "The window.name API is not that dangerous in the context of embedded pages and it is used there for legitimate reasons (e.g. reCAPTCHA). This setting will allow these usages.",
"description": ""
},
"allowWindowNameInFrames_urlSpecific": {
"message": "To allow this for specific websites, click on the black arrow to open the menu, add the domain or URL by clicking on \"+\" and set its checkmark.",
"description": ""
},
@ -1591,7 +1604,7 @@
"description": ""
},
"preset_recaptcha_description": {
"message": "Protecting the window API breaks reCAPTCHA. This preset adds an exception for it to work.",
"message": "Protecting the window API breaks reCAPTCHA. This preset allows the usage of the window.name API in embedded pages which will make it work again.",
"description": ""
}
}

8
lib/modifiedWindowAPI.js
View File

@ -48,8 +48,14 @@
const temp = {
get name(){
return checkerWrapper(checker, this, arguments, function(args, check){
const {notify, original} = check;
const {notify, original, prefs} = check;
const originalName = original.call(this, ...args);
if (
this !== this.top &&
prefs("allowWindowNameInFrames", this.location)
){
return originalName;
}
const returnedName = windowNames.get(this) || "";
if (originalName !== returnedName){
notify("fakedWindowReadout");

7
lib/settingDefinitions.js
View File

@ -321,6 +321,11 @@
defaultValue: false,
urlSpecific: true
},
{
name: "allowWindowNameInFrames",
defaultValue: false,
urlSpecific: true
},
{
name: "protectDOMRect",
defaultValue: true,
@ -383,7 +388,7 @@
},
{
name: "storageVersion",
defaultValue: 0.6,
defaultValue: 1.0,
fixed: true
}
];

23
lib/settingsMigration.js
View File

@ -15,11 +15,11 @@
const settingDefinitions = require("./settingDefinitions");
scope.validVersions = [undefined, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6];
scope.validVersions = [undefined, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 1.0];
scope.transitions = {
"": function(){
return {
storageVersion: 0.6
storageVersion: 1.0
};
},
0.1: function(oldStorage){
@ -157,6 +157,25 @@
}
return newStorage;
},
0.6: function (oldStorage){
const newStorage = {
storageVersion: 1.0
};
if (
oldStorage.hasOwnProperty("protectWindow") &&
oldStorage.protectWindow &&
oldStorage.hasOwnProperty("urlSettings") &&
Array.isArray(oldStorage.urlSettings) &&
oldStorage.urlSettings.filter(function(entry){
return entry.url === "^https://www\\.google\\.com/recaptcha/api2/(?:b?frame|anchor).*$";
}).some(function(entry){
return entry.protectWindow === false;
})
){
newStorage.allowWindowNameInFrames = true;
}
return newStorage;
}
};
scope.check = function(storage, {settings, logging}){

37
options/options.js
View File

@ -121,6 +121,7 @@
break;
}
}
delete json.storageVersion;
const keys = Object.keys(json);
keys.forEach(function(key){
const setting = settings.getDefinition(key);
@ -132,9 +133,7 @@
}
});
keys.forEach(function(key){
if (key !== "storageVersion"){
settings[key] = json[key];
}
settings[key] = json[key];
});
},
resetSettings: async function(){
@ -560,31 +559,17 @@
document.body.appendChild(version);
settings.onloaded(function(){
const reCaptchaEntry = "^https://www\\.google\\.com/recaptcha/api2/(?:b?frame|anchor).*$";
const {url: urlContainer} = settings.getContainers();
settings.on("protectWindow", async function({newValue}){
if (newValue){
const urlValue = urlContainer.get();
const matching = urlValue.filter(function(entry){
return entry.url === reCaptchaEntry;
});
if (
newValue &&
(
matching.length === 0 ||
matching[0].protectWindow
)
){
const addException = await modal.confirm(
extension.getTranslation("protectWindow_askReCaptchaException"),
{
node: document.querySelector("[data-storage-name=protectWindow]"),
selector: ".settingRow .content"
}
);
if (addException){
settings.set("protectWindow", false, reCaptchaEntry);
if (newValue && !settings.allowWindowNameInFrames){
const addException = await modal.confirm(
extension.getTranslation("protectWindow_askReCaptchaException"),
{
node: document.querySelector("[data-storage-name=protectWindow]"),
selector: ".settingRow .content"
}
);
if (addException){
settings.set("allowWindowNameInFrames", true);
}
}
});

4
options/presets.json
View File

@ -23,8 +23,6 @@
"protectWindow": true
},
"recaptcha": {
"protectWindow": {
"^https://www\\.google\\.com/recaptcha/api2/(?:b?frame|anchor).*$": false
}
"allowWindowNameInFrames": true
}
}

8
options/settingsDisplay.js
View File

@ -583,6 +583,14 @@
}
]
},
{
"name": "allowWindowNameInFrames",
"displayDependencies": [
{
"protectWindow": [true]
}
]
},
]
},
{

2
releaseNotes.txt
View File

@ -4,6 +4,7 @@ Version 1.0:
- code cleanup
- added mail.google.com to the convenience preset
- added reCAPTCHA preset
- the reCAPTCHA whitelisting entry is changed to "allow window.name in frames"
new features:
- added screen protection
@ -18,6 +19,7 @@ Version 1.0:
- cross origin DOM manipulations
- window.name protection was detectable
- importing settings file with an older storage version did not work properly
- fields hosted on braintree not working when window API was protected
known issues:
- if a data URL is blocked the page action button does not appear

4
versions/updates.json
View File

@ -93,6 +93,10 @@
{
"version": "1.0RC3",
"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-1.0RC3-an+fx.xpi"
},
{
"version": "1.0RC4",
"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-1.0RC4-an+fx.xpi"
}
]
}