Issue 6791 - Implement abort-current-inline-script snippet

lib/content/snippets.js

 /*
  * This file is part of Adblock Plus <https://adblockplus.org/>,
  * Copyright (C) 2006-present eyeo GmbH
  *
  * Adblock Plus is free software: you can redistribute it and/or modify
  * it under the terms of the GNU General Public License version 3 as
  * published by the Free Software Foundation.
  *
  * Adblock Plus is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
  *
  * You should have received a copy of the GNU General Public License
  * along with Adblock Plus.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+/* eslint-env webextensions */
 /* eslint no-console: "off" */
 
 "use strict";
+
+function regexEscape(s)
+{
+  return s.replace(/[-/\\^$*+?.()|[\]{}]/g, "\\$&");
+}
+
+function findProperty(path, root = window)
+{
+  let owner = root;
+
+  let chain = path.split(".");
+  let property = chain.pop();
+
+  for (let name of chain)
+  {
+    if (!owner)
+      break;
+
+    owner = owner[name];
+  }
+
+  if (!owner)
+    return null;
+
+  return {owner, property};
+}
+
+function injectPropertyAccessValidator(object, property, validate)
+{
+  let value = object[property];
+
+  Object.defineProperty(object, property, {
+    get()
+    {
+      validate();
+      return value;
+    },
+    set(newValue)
+    {
+      validate();
+      value = newValue;
+    }
+  });
+}
 
 function injectCode(code)
 {
   let script = document.createElement("script");
 
   script.type = "application/javascript";
   script.async = false;
 
   // Firefox 58 only bypasses site CSPs when assigning to 'src',
   // while Chrome 67 only bypasses site CSPs when using 'textContent'.
   if (browser.runtime.getURL("").startsWith("chrome-extension://"))
   {
     script.textContent = code;
     document.documentElement.appendChild(script);
   }
   else
   {
     let url = URL.createObjectURL(new Blob([code]));
     script.src = url;
     document.documentElement.appendChild(script);
     URL.revokeObjectURL(url);
   }
 
   document.documentElement.removeChild(script);
 }
 
 function stringifyFunctionCall(func, ...params)
 {
-  return `(${func})(${params.map(JSON.stringify).join(",")});`;
+  return `"use strict";(${func})(${params.map(JSON.stringify).join(",")});`;
 }
 
 function makeInjector(injectable)
 {
   return (...args) => injectCode(stringifyFunctionCall(injectable, ...args));
+}
+
+function getMagic()
+{
+  return String.fromCharCode(Date.now() % 26 + 97) +
+         Math.floor(Math.random() * 982451653 + 982451653).toString(36);
+}
+
+function suppressMagicError(magic)
+{
+  let {onerror} = window;
+  window.onerror = function(message, ...rest)

[kzar, 2018/07/16 16:33:15]

The content script part of our snippet already runs after the page script, so
the injected part definitely does. I wonder what the point of trying to wrap
`onerror` is therefore.

Furthermore this wrapper seems pretty easy to workaround, for example the
website could mess with `String.prototype.includes` so that
`message.includes(magic)` returns `false`.

+  {
+    if (typeof message == "string" && message.includes(magic))
+      return true;
+
+    if (typeof onerror instanceof Function)
+      return onerror.call(this, message, ...rest);
+  };
 }
 
 function log(...args)
 {
   console.log(...args);
 }
 
 exports.log = log;
 
+// This is an implementation of the uabinject-defuser technique used by uBlock
+// Origin
+// https://github.com/uBlockOrigin/uAssets/blob/c091f861b63cd2254b8e9e4628f6bdcd89d43caa/filters/resources.txt#L640
 function uabinjectDefuser()
 {
-  window.trckd = window.uabpdl = window.uabInject = window.uabDetect = true;
+  window.trckd = true;
+  window.uabpdl = true;
+  window.uabInject = true;
+  window.uabDetect = true;
 }
 
 exports["uabinject-defuser"] = makeInjector(uabinjectDefuser);
 
+// This is an implementation of the abort-current-inline-script technique used
+// by uBlock Origin
+// https://github.com/uBlockOrigin/uAssets/blob/68cf8a364fb55deb96264c4e546b58f4c851d782/filters/resources.txt#L1943
 function abortCurrentInlineScript(target, needle)

[kzar, 2018/07/16 16:33:15]

Could you give me an example of `target` and `needle` with some context? It
would help me grok this logic.

 {
-  "use strict";
-
   if (!target)
     return;
 
-  let reText = ".?";
+  let re = null;
 
   if (needle)
   {
-    reText = /^\/.+\/$/.test(needle) ?
-               needle.slice(1, -1) :
-               needle.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    re = new RegExp(/^\/.+\/$/.test(needle) ?
+                      needle.slice(1, -1) :
+                      regexEscape(needle));
   }
 
-  let re = new RegExp(reText);
-  let chain = target.split(".");
+  let {owner, property} = findProperty(target) || {};
 
-  let owner = window;
-  let property = null;
-
-  while (true)
-  {
-    property = chain.shift();
-    if (chain.length == 0)
-      break;
-
-    owner = owner[property];
-    if (!(owner instanceof Object))
-      return;
-  }
+  if (!owner)
+    return;
 
   let descriptor = Object.getOwnPropertyDescriptor(owner, property);
   if (descriptor && descriptor.get)

[kzar, 2018/07/16 16:33:15]

What's the idea with this check?

     return;
 
-  let magic = String.fromCharCode(Date.now() % 26 + 97) +
-              Math.floor(Math.random() * 982451653 + 982451653).toString(36);
-  let value = owner[property];
+  let magic = getMagic();
 
-  let validate = () =>
+  injectPropertyAccessValidator(owner, property, () =>
   {
     let element = document.currentScript;
     if (element instanceof HTMLScriptElement &&
-        element.src == "" && re.test(element.textContent))
+        element.src == "" && (!re || re.test(element.textContent)))
     {
       throw new ReferenceError(magic);

[kzar, 2018/07/16 16:33:15]

How come you've used `ReferenceError` out of interest?

     }
-  };
-
-  Object.defineProperty(owner, property, {
-    get()
-    {
-      validate();
-      return value;
-    },
-    set(newValue)
-    {
-      validate();
-      value = newValue;
-    }
   });
 
-  let {onerror} = window;
-  window.onerror = function(message, ...rest)
-  {
-    if (typeof message == "string" && message.indexOf(magic) != -1)
-      return true;
-
-    if (onerror instanceof Function)
-      return onerror.call(this, message, ...rest);
-  };
+  suppressMagicError(magic);
 }
 
 exports["abort-current-inline-script"] = makeInjector(abortCurrentInlineScript);