mirror of
https://github.com/kkapsner/CanvasBlocker
synced 2025-01-08 20:54:49 +01:00
Added protection for window.name and window.opener
As requested by #231. But this protection is disabled by default.
This commit is contained in:
parent
fd7c4fabbd
commit
83efac5e49
@ -19,6 +19,7 @@ Geschützte "Fingerprinting"-APIs:
|
|||||||
<li>webGL</li>
|
<li>webGL</li>
|
||||||
<li>audio</li>
|
<li>audio</li>
|
||||||
<li>history</li>
|
<li>history</li>
|
||||||
|
<li>window (standardmäßig deaktiviert)</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
Falls Sie Fehler finden oder Verbesserungsvorschläge haben, teilen Sie mir das bitte auf https://github.com/kkapsner/CanvasBlocker/issues mit.
|
Falls Sie Fehler finden oder Verbesserungsvorschläge haben, teilen Sie mir das bitte auf https://github.com/kkapsner/CanvasBlocker/issues mit.
|
@ -19,6 +19,7 @@ Protected "fingerprinting" APIs:
|
|||||||
<li>webGL</li>
|
<li>webGL</li>
|
||||||
<li>audio</li>
|
<li>audio</li>
|
||||||
<li>history</li>
|
<li>history</li>
|
||||||
|
<li>window (disabled by default)</li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|
||||||
Please report issues and feature requests at https://github.com/kkapsner/CanvasBlocker/issues
|
Please report issues and feature requests at https://github.com/kkapsner/CanvasBlocker/issues
|
||||||
|
@ -97,6 +97,10 @@
|
|||||||
"message": "History API",
|
"message": "History API",
|
||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
"section_window-api":{
|
||||||
|
"message": "Window API",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
|
||||||
"displayAdvancedSettings_title": {
|
"displayAdvancedSettings_title": {
|
||||||
"message": "Expertenmodus",
|
"message": "Expertenmodus",
|
||||||
@ -193,6 +197,18 @@
|
|||||||
"message": "Wollen Sie das Auslesen über die History-API erlauben?",
|
"message": "Wollen Sie das Auslesen über die History-API erlauben?",
|
||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
"askForWindowPermission": {
|
||||||
|
"message": "Wollen Sie die Window-API erlauben?",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
"askForWindowInputPermission": {
|
||||||
|
"message": "Wollen Sie das Schreiben in über die Window-API erlauben?",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
"askForWindowReadoutPermission": {
|
||||||
|
"message": "Wollen Sie das Auslesen über die Window-API erlauben?",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
"askOnlyOnce_title": {
|
"askOnlyOnce_title": {
|
||||||
"message": "Nur einmal nachfragen",
|
"message": "Nur einmal nachfragen",
|
||||||
"description": ""
|
"description": ""
|
||||||
@ -520,6 +536,10 @@
|
|||||||
"message": "History-Auslese vorgetäuscht auf {url}",
|
"message": "History-Auslese vorgetäuscht auf {url}",
|
||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
"fakedWindowReadout": {
|
||||||
|
"message": "Window-Auslese vorgetäuscht auf {url}",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
"fakedInput": {
|
"fakedInput": {
|
||||||
"message": "Bei Ausgabe vorgetäuscht auf {url}",
|
"message": "Bei Ausgabe vorgetäuscht auf {url}",
|
||||||
"description": ""
|
"description": ""
|
||||||
@ -833,6 +853,15 @@
|
|||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"protectWindow_title": {
|
||||||
|
"message": "Window-API beschützen",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
"protectWindow_description": {
|
||||||
|
"message": "Es werden window.opener und window.name beschützt. Dies kann manche Webseiten unbrauchbar machen.",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
|
||||||
"theme_title": {
|
"theme_title": {
|
||||||
"message": "Theme",
|
"message": "Theme",
|
||||||
"description": ""
|
"description": ""
|
||||||
|
@ -97,6 +97,10 @@
|
|||||||
"message": "History API",
|
"message": "History API",
|
||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
"section_window-api":{
|
||||||
|
"message": "Window API",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
|
||||||
"displayAdvancedSettings_title": {
|
"displayAdvancedSettings_title": {
|
||||||
"message": "Expert mode",
|
"message": "Expert mode",
|
||||||
@ -193,6 +197,18 @@
|
|||||||
"message": "Do you want to allow history readout?",
|
"message": "Do you want to allow history readout?",
|
||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
"askForWindowPermission": {
|
||||||
|
"message": "Do you want to allow the window API?",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
"askForWindowInputPermission": {
|
||||||
|
"message": "Do you want to allow window-API input?",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
"askForWindowReadoutPermission": {
|
||||||
|
"message": "Do you want to allow window readout?",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
"askOnlyOnce_title": {
|
"askOnlyOnce_title": {
|
||||||
"message": "Ask only once",
|
"message": "Ask only once",
|
||||||
"description": ""
|
"description": ""
|
||||||
@ -520,6 +536,10 @@
|
|||||||
"message": "Faked history readout on {url}",
|
"message": "Faked history readout on {url}",
|
||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
"fakedWindowReadout": {
|
||||||
|
"message": "Faked window readout on {url}",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
"fakedInput": {
|
"fakedInput": {
|
||||||
"message": "Faked at input on {url}",
|
"message": "Faked at input on {url}",
|
||||||
"description": ""
|
"description": ""
|
||||||
@ -832,6 +852,15 @@
|
|||||||
"description": ""
|
"description": ""
|
||||||
},
|
},
|
||||||
|
|
||||||
|
"protectWindow_title": {
|
||||||
|
"message": "Protect Window API",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
"protectWindow_description": {
|
||||||
|
"message": "window.opener and window.name will be protected. This can render some web pages unusable.",
|
||||||
|
"description": ""
|
||||||
|
},
|
||||||
|
|
||||||
"theme_title": {
|
"theme_title": {
|
||||||
"message": "Theme",
|
"message": "Theme",
|
||||||
"description": ""
|
"description": ""
|
||||||
|
@ -88,6 +88,7 @@
|
|||||||
nocanvas: _("askForPermission"),
|
nocanvas: _("askForPermission"),
|
||||||
audio: _("askForAudioPermission"),
|
audio: _("askForAudioPermission"),
|
||||||
history: _("askForHistoryPermission"),
|
history: _("askForHistoryPermission"),
|
||||||
|
window: _("askForWindowPermission")
|
||||||
},
|
},
|
||||||
askStatus: {
|
askStatus: {
|
||||||
alreadyAsked: {},
|
alreadyAsked: {},
|
||||||
@ -101,6 +102,7 @@
|
|||||||
nocanvas: _("askForInputPermission"),
|
nocanvas: _("askForInputPermission"),
|
||||||
audio: _("askForAudioInputPermission"),
|
audio: _("askForAudioInputPermission"),
|
||||||
history: _("askForHistoryInputPermission"),
|
history: _("askForHistoryInputPermission"),
|
||||||
|
window: _("askForWindowInputPermission")
|
||||||
},
|
},
|
||||||
askStatus: {
|
askStatus: {
|
||||||
alreadyAsked: {},
|
alreadyAsked: {},
|
||||||
@ -114,6 +116,7 @@
|
|||||||
nocanvas: _("askForReadoutPermission"),
|
nocanvas: _("askForReadoutPermission"),
|
||||||
audio: _("askForAudioReadoutPermission"),
|
audio: _("askForAudioReadoutPermission"),
|
||||||
history: _("askForHistoryReadoutPermission"),
|
history: _("askForHistoryReadoutPermission"),
|
||||||
|
window: _("askForWindowReadoutPermission")
|
||||||
},
|
},
|
||||||
askStatus: {
|
askStatus: {
|
||||||
alreadyAsked: {},
|
alreadyAsked: {},
|
||||||
|
@ -487,4 +487,5 @@
|
|||||||
}
|
}
|
||||||
appendModified(modifiedAudioAPI);
|
appendModified(modifiedAudioAPI);
|
||||||
appendModified(require("./modifiedHistoryAPI"));
|
appendModified(require("./modifiedHistoryAPI"));
|
||||||
|
appendModified(require("./modifiedWindowAPI"));
|
||||||
}());
|
}());
|
87
lib/modifiedWindowAPI.js
Normal file
87
lib/modifiedWindowAPI.js
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||||
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||||
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||||
|
(function(){
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
var scope;
|
||||||
|
if ((typeof exports) !== "undefined"){
|
||||||
|
scope = exports;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
window.scope.modifiedWindowAPI = {};
|
||||||
|
scope = window.scope.modifiedWindowAPI;
|
||||||
|
}
|
||||||
|
|
||||||
|
const {hasType, checkerWrapper} = require("./modifiedAPIFunctions");
|
||||||
|
|
||||||
|
const windowNames = new WeakMap();
|
||||||
|
scope.changedGetters = [
|
||||||
|
{
|
||||||
|
objectGetters: [function(window){return window;}],
|
||||||
|
name: "opener",
|
||||||
|
getterGenerator: function(checker){
|
||||||
|
const temp = {
|
||||||
|
get opener(){
|
||||||
|
return checkerWrapper(checker, this, arguments, function(args, check){
|
||||||
|
const {prefs, notify, window, original} = check;
|
||||||
|
if (!prefs("protectWindow", window.location)){
|
||||||
|
return original.apply(this, window.Array.from(args));
|
||||||
|
}
|
||||||
|
const originalOpener = original.apply(this, window.Array.from(args));
|
||||||
|
if (originalOpener !== null){
|
||||||
|
notify("fakedWindowReadout");
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
return Object.getOwnPropertyDescriptor(temp, "opener").get;
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
objectGetters: [function(window){return window;}],
|
||||||
|
name: "name",
|
||||||
|
getterGenerator: function(checker){
|
||||||
|
const temp = {
|
||||||
|
get name(){
|
||||||
|
return checkerWrapper(checker, this, arguments, function(args, check){
|
||||||
|
const {prefs, notify, window, original} = check;
|
||||||
|
if (!prefs("protectWindow", window.location)){
|
||||||
|
return original.apply(this, window.Array.from(args));
|
||||||
|
}
|
||||||
|
const originalName = original.apply(this, window.Array.from(args));
|
||||||
|
const returnedName = windowNames.get(window) || "";
|
||||||
|
if (originalName !== returnedName){
|
||||||
|
notify("fakedWindowReadout");
|
||||||
|
}
|
||||||
|
return returnedName;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
};
|
||||||
|
return Object.getOwnPropertyDescriptor(temp, "name").get;
|
||||||
|
},
|
||||||
|
setterGenerator: function(window, original){
|
||||||
|
const temp = {
|
||||||
|
set name(name){
|
||||||
|
original.apply(this, window.Array.from(arguments));
|
||||||
|
windowNames.set(window, name);
|
||||||
|
}
|
||||||
|
};
|
||||||
|
return Object.getOwnPropertyDescriptor(temp, "name").set;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
function getStatus(obj, status){
|
||||||
|
status = Object.create(status);
|
||||||
|
status.active = hasType(status, "readout");
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
scope.changedGetters.forEach(function(changedGetter){
|
||||||
|
changedGetter.type = "readout";
|
||||||
|
changedGetter.getStatus = getStatus;
|
||||||
|
changedGetter.api = "window";
|
||||||
|
});
|
||||||
|
}());
|
@ -92,6 +92,9 @@
|
|||||||
"getFrequencyResponse",
|
"getFrequencyResponse",
|
||||||
{name: "History-API", level: 1},
|
{name: "History-API", level: 1},
|
||||||
"length",
|
"length",
|
||||||
|
{name: "Window-API", level: 1},
|
||||||
|
"opener",
|
||||||
|
"name",
|
||||||
],
|
],
|
||||||
defaultKeyValue: false
|
defaultKeyValue: false
|
||||||
},
|
},
|
||||||
@ -191,6 +194,7 @@
|
|||||||
"canvas",
|
"canvas",
|
||||||
"audio",
|
"audio",
|
||||||
"history",
|
"history",
|
||||||
|
"window",
|
||||||
],
|
],
|
||||||
defaultKeyValue: false
|
defaultKeyValue: false
|
||||||
},
|
},
|
||||||
@ -243,6 +247,11 @@
|
|||||||
name: "historyLengthThreshold",
|
name: "historyLengthThreshold",
|
||||||
defaultValue: 2
|
defaultValue: 2
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "protectWindow",
|
||||||
|
defaultValue: false,
|
||||||
|
urlSpecific: true
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "blockDataURLs",
|
name: "blockDataURLs",
|
||||||
defaultValue: true
|
defaultValue: true
|
||||||
|
@ -38,6 +38,7 @@
|
|||||||
"lib/modifiedAPIFunctions.js",
|
"lib/modifiedAPIFunctions.js",
|
||||||
"lib/modifiedAudioAPI.js",
|
"lib/modifiedAudioAPI.js",
|
||||||
"lib/modifiedHistoryAPI.js",
|
"lib/modifiedHistoryAPI.js",
|
||||||
|
"lib/modifiedWindowAPI.js",
|
||||||
"lib/modifiedAPI.js",
|
"lib/modifiedAPI.js",
|
||||||
"lib/randomSupplies.js",
|
"lib/randomSupplies.js",
|
||||||
"lib/intercept.js",
|
"lib/intercept.js",
|
||||||
|
@ -397,6 +397,13 @@
|
|||||||
"displayAdvancedSettings": [true]
|
"displayAdvancedSettings": [true]
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"Window-API",
|
||||||
|
{
|
||||||
|
"name": "protectWindow",
|
||||||
|
"displayDependencies": {
|
||||||
|
"displayAdvancedSettings": [true]
|
||||||
|
}
|
||||||
|
},
|
||||||
"misc",
|
"misc",
|
||||||
{
|
{
|
||||||
"name": "theme"
|
"name": "theme"
|
||||||
|
@ -12,6 +12,7 @@ Version 0.5.3:
|
|||||||
- added badge
|
- added badge
|
||||||
- added option to ignore APIs
|
- added option to ignore APIs
|
||||||
- added protection for history length
|
- added protection for history length
|
||||||
|
- added protection for window name and opener
|
||||||
|
|
||||||
fixes:
|
fixes:
|
||||||
- CSP did not work properly for worker-src
|
- CSP did not work properly for worker-src
|
||||||
|
@ -118,6 +118,14 @@ addTest("function code", function(log){
|
|||||||
history.__lookupGetter__("length"),
|
history.__lookupGetter__("length"),
|
||||||
"get length"
|
"get length"
|
||||||
) || codeDetected;
|
) || codeDetected;
|
||||||
|
codeDetected = checkFunctionCode(
|
||||||
|
window.__lookupGetter__("name"),
|
||||||
|
"get name"
|
||||||
|
) || codeDetected;
|
||||||
|
codeDetected = checkFunctionCode(
|
||||||
|
window.__lookupSetter__("name"),
|
||||||
|
"set name"
|
||||||
|
) || codeDetected;
|
||||||
return codeDetected;
|
return codeDetected;
|
||||||
});
|
});
|
||||||
addTest("toString modified", function(log){
|
addTest("toString modified", function(log){
|
||||||
@ -396,3 +404,19 @@ addTest("readout - in - out test", function(log){
|
|||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
});
|
});
|
||||||
|
|
||||||
|
addTest("window name change", function(log){
|
||||||
|
"use strict";
|
||||||
|
|
||||||
|
var oldName = window.name;
|
||||||
|
log("old name:", oldName);
|
||||||
|
var newName = oldName + " added";
|
||||||
|
log("new name:", newName);
|
||||||
|
window.name = newName;
|
||||||
|
|
||||||
|
if (window.name !== newName){
|
||||||
|
log("window name not set:", window.name);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
});
|
@ -3,7 +3,7 @@
|
|||||||
<head>
|
<head>
|
||||||
<title>Test</title>
|
<title>Test</title>
|
||||||
<script>
|
<script>
|
||||||
console.log(new Date(), "starting first fingerprint");
|
console.log(new Date(), "starting first fingerprint", window.name);
|
||||||
function fingerPrint(){
|
function fingerPrint(){
|
||||||
"use strict";var canvas = document.createElement("canvas");
|
"use strict";var canvas = document.createElement("canvas");
|
||||||
canvas.setAttribute("width", 220);
|
canvas.setAttribute("width", 220);
|
||||||
@ -50,7 +50,7 @@
|
|||||||
if (firstFingerprint){
|
if (firstFingerprint){
|
||||||
document.body.textContent = "context API not blocked";
|
document.body.textContent = "context API not blocked";
|
||||||
window.setTimeout(function(){
|
window.setTimeout(function(){
|
||||||
console.log(new Date(), "starting second fingerprint");
|
console.log(new Date(), "starting second fingerprint", window.name);
|
||||||
document.body.appendChild(document.createElement("br"));
|
document.body.appendChild(document.createElement("br"));
|
||||||
var secondFingerprint = fingerPrint();
|
var secondFingerprint = fingerPrint();
|
||||||
if (firstFingerprint === secondFingerprint){
|
if (firstFingerprint === secondFingerprint){
|
||||||
|
Loading…
x
Reference in New Issue
Block a user