security-and-privacy/CanvasBlocker
security-and-privacy/CanvasBlocker
1
0
Fork 0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2024-12-22 12:50:36 +01:00
Code Releases Activity

Adjusted protection for document.write and document.writeln

Browse Source 
Fixes #356
This commit is contained in:
kkapsner 2019-05-29 14:22:52 +02:00
parent 1e8553dd01
commit 34f8050fb7
4 changed files with 23 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.vscode/settings.json vendored
View File

@ -27,6 +27,7 @@
"fakeable", "fakeable",
"fragmenter", "fragmenter",
"graytext", "graytext",
"iframe",
"ignorelist", "ignorelist",
"micrococo", "micrococo",
"monero", "monero",
@ -39,6 +40,8 @@
"unticking", "unticking",
"webgl", "webgl",
"whitelisted", "whitelisted",
"writeln",
"wyciwyg",
"yfdyh" "yfdyh"
], ],
"cSpell.language": "en,de,en-GB" "cSpell.language": "en,de,en-GB"

8
lib/iframeProtection.js
View File

@ -148,7 +148,12 @@
); );
const documentWrite = documentWriteDescriptor.value; const documentWrite = documentWriteDescriptor.value;
documentWriteDescriptor.value = exportFunction(function write(str){ documentWriteDescriptor.value = exportFunction(function write(str){
const parts = str.split(/(?=<)/); str = "" + str;
// weird problem with waterfox and google docs
const parts = (
str.match(/^\s*<!doctype/i) &&
!str.match(/frame/i)
)? [str]: str.split(/(?=<)/);
const length = parts.length; const length = parts.length;
const scripts = window.document.getElementsByTagName("script"); const scripts = window.document.getElementsByTagName("script");
for (let i = 0; i < length; i += 1){ for (let i = 0; i < length; i += 1){
@ -170,6 +175,7 @@
); );
const documentWriteln = documentWritelnDescriptor.value; const documentWriteln = documentWritelnDescriptor.value;
documentWritelnDescriptor.value = exportFunction(function writeln(str){ documentWritelnDescriptor.value = exportFunction(function writeln(str){
str = "" + str;
const parts = str.split(/(?=<)/); const parts = str.split(/(?=<)/);
const length = parts.length - 1; const length = parts.length - 1;
const scripts = window.document.getElementsByTagName("script"); const scripts = window.document.getElementsByTagName("script");

4
releaseNotes.txt
View File

@ -8,8 +8,10 @@ Version 0.5.10:
fixes: fixes:
- setter for innerHTML broke pages - setter for innerHTML broke pages
- protection for document.write and document.wirteln broke in Firefox 69 - protection for document.write and document.writeln broke in Firefox 69
- not connected iFrame threw error with persistent rng - not connected iFrame threw error with persistent rng
- detection over document.write and document.writeln was possible
- google docs were broken in Waterfox
known issues: known issues:
- if a data URL is blocked the page action button does not appear - if a data URL is blocked the page action button does not appear

11
test/iframeTest.html
View File

@ -24,9 +24,18 @@
}); });
document.writeln("<iframe></iframe><script>log(\"TEST:\", \"iframe and script in document.writeln:\", compare(test(window[4]), reference));<\/script>"); document.writeln("<iframe></iframe><script>log(\"TEST:\", \"iframe and script in document.writeln:\", compare(test(window[4]), reference));<\/script>");
document.write("<script src=\"iframeTest.js\"><\/script><iframe></iframe><script>log(\"TEST:\", \"script with src, iframe and script in document.write:\", compare(test(window[5]), reference));<\/script>"); document.write("<script src=\"iframeTest.js\"><\/script><iframe></iframe><script>log(\"TEST:\", \"script with src, iframe and script in document.write:\", compare(test(window[5]), reference));<\/script>");
"<ifr|ame></ifr|ame>".split("|").forEach(function(part){
document.write(part);
});
document.write("<script>log(\"TEST:\", \"ifr|ame split:\", compare(test(window[6]), reference));<\/script>");
window.addEventListener("load", function(){ window.addEventListener("load", function(){
// document.open(); // document.open();
document.write("<script src=\"iframeTest.js\"><\/script><iframe></iframe><script>log(\"TEST:\", \"reopened document: script with src, iframe and script in document.write:\", compare(test(window[0]), reference, true));<\/script>"); "<ifr|ame></ifr|ame>".split("|").forEach(function(part){
document.write(part);
});
document.write("<script>log(\"TEST:\", \"reopened document: ifr|ame split:\", compare(test(window[0]), reference));<\/script>");
document.write("<script src=\"iframeTest.js\"><\/script><iframe></iframe><script>log(\"TEST:\", \"reopened document: script with src, iframe and script in document.write:\", compare(test(window[1]), reference, true));<\/script>");
// document.close(); // document.close();
}); });
window.setTimeout(function(){ window.setTimeout(function(){