Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code

Side by Side Diff: lib/content/snippets.js

Issue 29829569: Issue 6538, 6781 - Add code injection wrapper to snippets library (Closed) Base URL: https://hg.adblockplus.org/adblockpluscore/
Patch Set: Use Function.prototype.toString for safety Created July 17, 2018, 4:28 p.m.
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * This file is part of Adblock Plus <https://adblockplus.org/>, 2 * This file is part of Adblock Plus <https://adblockplus.org/>,
3 * Copyright (C) 2006-present eyeo GmbH 3 * Copyright (C) 2006-present eyeo GmbH
4 * 4 *
5 * Adblock Plus is free software: you can redistribute it and/or modify 5 * Adblock Plus is free software: you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 3 as 6 * it under the terms of the GNU General Public License version 3 as
7 * published by the Free Software Foundation. 7 * published by the Free Software Foundation.
8 * 8 *
9 * Adblock Plus is distributed in the hope that it will be useful, 9 * Adblock Plus is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details. 12 * GNU General Public License for more details.
13 * 13 *
14 * You should have received a copy of the GNU General Public License 14 * You should have received a copy of the GNU General Public License
15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>. 15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>.
16 */ 16 */
17 17
18 /* eslint-env webextensions */
18 /* eslint no-console: "off" */ 19 /* eslint no-console: "off" */
19 20
20 "use strict"; 21 "use strict";
21 22
23 /**
24 * Injects JavaScript code into the document using a temporary
25 * <code>script</code> element.
26 *
27 * @param {string} code The code to inject.
28 * @param {Array.<function|string>} [dependencies] A list of dependencies
29 * to inject along with the code. A dependency may be either a function or a
30 * string containing some executable code.
31 */
32 function injectCode(code, dependencies = [])
33 {
34 for (let dependency of dependencies)
35 code += dependency;
36
37 let script = document.createElement("script");
38
39 script.type = "application/javascript";
40 script.async = false;
41
42 // Firefox 58 only bypasses site CSPs when assigning to 'src',
43 // while Chrome 67 only bypasses site CSPs when using 'textContent'.
44 if (browser.runtime.getURL("").startsWith("chrome-extension://"))
45 {
46 script.textContent = code;
47 document.documentElement.appendChild(script);
48 }
49 else
50 {
51 let url = URL.createObjectURL(new Blob([code]));
52 script.src = url;
53 document.documentElement.appendChild(script);
54 URL.revokeObjectURL(url);
55 }
56
57 document.documentElement.removeChild(script);
58 }
59
60 /**
61 * Safely converts a function and an optional list of arguments into a string
62 * of code containing a function call. The function is converted to its string
63 * representation using the <code>Function.prototype.toString</code> method.
64 * Each argument is stringified using <code>JSON.stringify</code>. The
65 * generated code begins with the <code>"use strict"</code> directive.
66 *
67 * @param {function} func The function to convert.
68 * @param {...*} [params] The arguments to convert.
69 *
70 * @returns {string} The generated code containing the function call.
71 */
72 function stringifyFunctionCall(func, ...params)
73 {
74 // Call the original Function.prototype.toString to avoid any arbitrary code
75 // execution.
76 func = Function.prototype.toString.call(func);
77
78 // Call JSON.stringify on the arguments to avoid any arbitrary code
79 // execution.
80 params = params.map(JSON.stringify);
81
82 return `"use strict";(${func})(${params.join(",")});`;
83 }
84
85 /**
86 * Wraps a function and its dependencies into an injector. The injector, when
87 * called with zero or more arguments, generates code that calls the function,
88 * with the given arguments, if any, and injects the code, along with any
89 * dependencies, into the document using a temporary <code>script</code>
90 * element.
91 *
92 * @param {function} injectable The function to wrap into an injector.
93 * @param {...(function|string)} [dependencies] Any dependencies of the
94 * function. A dependency may be either a function or a string containing
95 * some executable code.
96 *
97 * @returns {function} The generated injector.
98 */
99 function makeInjector(injectable, ...dependencies)
100 {
101 return (...args) => injectCode(stringifyFunctionCall(injectable, ...args),
102 dependencies);
103 }
104
105 /**
106 * Logs its arguments to the console. This may be used for testing and
107 * debugging.
108 *
109 * @param {...*} [args] The arguments to log.
110 */
22 function log(...args) 111 function log(...args)
23 { 112 {
24 console.log(...args); 113 console.log(...args);
25 } 114 }
26 115
27 exports.log = log; 116 exports.log = log;
117
118 /**
119 * Similar to {@link log}, but does the logging in the context of the document
120 * rather than the content script. This may be used for testing and debugging,
121 * especially to verify that the injection of snippets into the document is
122 * working without any errors.
123 *
124 * @param {...*} [args] The arguments to log.
125 */
126 function trace(...args)
127 {
128 // We could simply use console.log here, but the goal is to demonstrate the
129 // usage of snippet dependencies.
130 log(...args);
131 }
132
133 exports.trace = makeInjector(trace, log);
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld