security-and-privacy/CanvasBlocker
security-and-privacy
/
CanvasBlocker
mirror of https://github.com/kkapsner/CanvasBlocker
1
0
Fork 0
Code Releases Activity

window.name protection was detectable

This commit is contained in:
kkapsner 2020-01-01 00:30:16 +01:00
parent ccabfc2a6f
commit 85c88ad3d8
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/modifiedWindowAPI.js
View File

@ -48,9 +48,9 @@
const temp = {
get name(){
return checkerWrapper(checker, this, arguments, function(args, check){
const {notify, window, original} = check;
const {notify, original} = check;
const originalName = original.call(this, ...args);
const returnedName = windowNames.get(window) || "";
const returnedName = windowNames.get(this) || "";
if (originalName !== returnedName){
notify("fakedWindowReadout");
}
@ -64,7 +64,7 @@
const temp = {
set name(name){
original.call(this, ...arguments);
windowNames.set(window, name);
windowNames.set(this, name);
}
};
return Object.getOwnPropertyDescriptor(temp, "name").set;

1
releaseNotes.txt
View File

@ -16,6 +16,7 @@ Version 1.0:
- resetting the settings had undesired side effects
- added window.open protection
- cross origin DOM manipulations
- window.name protection was detectable
known issues:
- if a data URL is blocked the page action button does not appear