Race condition causes persistent rnd separation between containers to lea
Fixes #369
This commit is contained in:
kkapsner
parent
03524fd789
commit
ea15fabad9
|
|
@ -63,6 +63,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
const settings = require("./settings");
|
const settings = require("./settings");
|
||||||
|
const logging = require("./logging");
|
||||||
const extension = require("./extension");
|
const extension = require("./extension");
|
||||||
|
|
||||||
function getDomain(window){
|
function getDomain(window){
|
||||||
|
|
@ -81,7 +82,7 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
var persistentRnd = Object.create(null);
|
var persistentRnd = Object.create(null);
|
||||||
let cookieStoreId = "";
|
let cookieStoreId = false;
|
||||||
settings.onloaded(function(){
|
settings.onloaded(function(){
|
||||||
try {
|
try {
|
||||||
let storedData = JSON.parse(
|
let storedData = JSON.parse(
|
||||||
|
|
@ -121,6 +122,18 @@
|
||||||
});
|
});
|
||||||
|
|
||||||
return function getPersistentRnd(window){
|
return function getPersistentRnd(window){
|
||||||
|
while (cookieStoreId === false){
|
||||||
|
logging.message("Starting synchronous request to wait for cookie store id.");
|
||||||
|
try {
|
||||||
|
let xhr = new XMLHttpRequest();
|
||||||
|
xhr.open("GET", "https://[::]", false);
|
||||||
|
xhr.send();
|
||||||
|
xhr = null;
|
||||||
|
}
|
||||||
|
catch (e){
|
||||||
|
logging.verbose("Error in XHR:", e);
|
||||||
|
}
|
||||||
|
}
|
||||||
var domain = cookieStoreId + getDomain(window);
|
var domain = cookieStoreId + getDomain(window);
|
||||||
if (!persistentRnd[domain]){
|
if (!persistentRnd[domain]){
|
||||||
// create the (sub-)domains random numbers if not existing
|
// create the (sub-)domains random numbers if not existing
|
||||||
|
|
@ -144,10 +157,7 @@
|
||||||
persistentRnd[domain] = new Uint8Array(rnd);
|
persistentRnd[domain] = new Uint8Array(rnd);
|
||||||
};
|
};
|
||||||
scope.persistent.setCookieStoreId = function(newCookieStoreId){
|
scope.persistent.setCookieStoreId = function(newCookieStoreId){
|
||||||
if (
|
if (typeof newCookieStoreId === "string"){
|
||||||
typeof newCookieStoreId === "string" &&
|
|
||||||
newCookieStoreId !== "firefox-default"
|
|
||||||
){
|
|
||||||
cookieStoreId = (
|
cookieStoreId = (
|
||||||
newCookieStoreId !== "" &&
|
newCookieStoreId !== "" &&
|
||||||
newCookieStoreId !== "firefox-default"
|
newCookieStoreId !== "firefox-default"
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,7 @@ Version 0.5.11:
|
||||||
fixes:
|
fixes:
|
||||||
- improved protection of (i)frame properties
|
- improved protection of (i)frame properties
|
||||||
- document.write and document.writeln protection broke pages
|
- document.write and document.writeln protection broke pages
|
||||||
|
- race condition causes persistent rnd separation between containers to leak
|
||||||
|
|
||||||
known issues:
|
known issues:
|
||||||
- if a data URL is blocked the page action button does not appear
|
- if a data URL is blocked the page action button does not appear
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,10 @@
|
||||||
{
|
{
|
||||||
"version": "0.5.11Alpha20190612",
|
"version": "0.5.11Alpha20190612",
|
||||||
"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190612-an+fx.xpi"
|
"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190612-an+fx.xpi"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"version": "0.5.11Alpha20190614",
|
||||||
|
"update_link": "https://canvasblocker.kkapsner.de/versions/canvasblocker_beta-0.5.11Alpha20190614-an+fx.xpi"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue