OLD | NEW |
1 /* | 1 /* |
2 * This file is part of Adblock Plus <https://adblockplus.org/>, | 2 * This file is part of Adblock Plus <https://adblockplus.org/>, |
3 * Copyright (C) 2006-present eyeo GmbH | 3 * Copyright (C) 2006-present eyeo GmbH |
4 * | 4 * |
5 * Adblock Plus is free software: you can redistribute it and/or modify | 5 * Adblock Plus is free software: you can redistribute it and/or modify |
6 * it under the terms of the GNU General Public License version 3 as | 6 * it under the terms of the GNU General Public License version 3 as |
7 * published by the Free Software Foundation. | 7 * published by the Free Software Foundation. |
8 * | 8 * |
9 * Adblock Plus is distributed in the hope that it will be useful, | 9 * Adblock Plus is distributed in the hope that it will be useful, |
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
12 * GNU General Public License for more details. | 12 * GNU General Public License for more details. |
13 * | 13 * |
14 * You should have received a copy of the GNU General Public License | 14 * You should have received a copy of the GNU General Public License |
15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>. | 15 * along with Adblock Plus. If not, see <http://www.gnu.org/licenses/>. |
16 */ | 16 */ |
17 | 17 |
| 18 /* eslint-env webextensions */ |
18 /* eslint no-console: "off" */ | 19 /* eslint no-console: "off" */ |
19 | 20 |
20 "use strict"; | 21 "use strict"; |
21 | 22 |
| 23 /** |
| 24 * Injects JavaScript code into the document using a temporary |
| 25 * <code>script</code> element. |
| 26 * |
| 27 * @param {string} code The code to inject. |
| 28 * @param {Array.<function|string>} [dependencies] A list of dependencies |
| 29 * to inject along with the code. A dependency may be either a function or a |
| 30 * string containing some executable code. |
| 31 */ |
| 32 function injectCode(code, dependencies = []) |
| 33 { |
| 34 for (let dependency of dependencies) |
| 35 code += dependency; |
| 36 |
| 37 let script = document.createElement("script"); |
| 38 |
| 39 script.type = "application/javascript"; |
| 40 script.async = false; |
| 41 |
| 42 // Firefox 58 only bypasses site CSPs when assigning to 'src', |
| 43 // while Chrome 67 only bypasses site CSPs when using 'textContent'. |
| 44 if (browser.runtime.getURL("").startsWith("chrome-extension://")) |
| 45 { |
| 46 script.textContent = code; |
| 47 document.documentElement.appendChild(script); |
| 48 } |
| 49 else |
| 50 { |
| 51 let url = URL.createObjectURL(new Blob([code])); |
| 52 script.src = url; |
| 53 document.documentElement.appendChild(script); |
| 54 URL.revokeObjectURL(url); |
| 55 } |
| 56 |
| 57 document.documentElement.removeChild(script); |
| 58 } |
| 59 |
| 60 /** |
| 61 * Safely converts a function and an optional list of arguments into a string |
| 62 * of code containing a function call. The function is converted to its string |
| 63 * representation using the <code>Function.prototype.toString</code> method. |
| 64 * Each argument is stringified using <code>JSON.stringify</code>. The |
| 65 * generated code begins with the <code>"use strict"</code> directive. |
| 66 * |
| 67 * @param {function} func The function to convert. |
| 68 * @param {...*} [params] The arguments to convert. |
| 69 * |
| 70 * @returns {string} The generated code containing the function call. |
| 71 */ |
| 72 function stringifyFunctionCall(func, ...params) |
| 73 { |
| 74 // Call the original Function.prototype.toString to avoid any arbitrary code |
| 75 // execution. |
| 76 func = Function.prototype.toString.call(func); |
| 77 |
| 78 // Call JSON.stringify on the arguments to avoid any arbitrary code |
| 79 // execution. |
| 80 params = params.map(JSON.stringify); |
| 81 |
| 82 return `"use strict";(${func})(${params.join(",")});`; |
| 83 } |
| 84 |
| 85 /** |
| 86 * Wraps a function and its dependencies into an injector. The injector, when |
| 87 * called with zero or more arguments, generates code that calls the function, |
| 88 * with the given arguments, if any, and injects the code, along with any |
| 89 * dependencies, into the document using a temporary <code>script</code> |
| 90 * element. |
| 91 * |
| 92 * @param {function} injectable The function to wrap into an injector. |
| 93 * @param {...(function|string)} [dependencies] Any dependencies of the |
| 94 * function. A dependency may be either a function or a string containing |
| 95 * some executable code. |
| 96 * |
| 97 * @returns {function} The generated injector. |
| 98 */ |
| 99 function makeInjector(injectable, ...dependencies) |
| 100 { |
| 101 return (...args) => injectCode(stringifyFunctionCall(injectable, ...args), |
| 102 dependencies); |
| 103 } |
| 104 |
| 105 /** |
| 106 * Logs its arguments to the console. This may be used for testing and |
| 107 * debugging. |
| 108 * |
| 109 * @param {...*} [args] The arguments to log. |
| 110 */ |
22 function log(...args) | 111 function log(...args) |
23 { | 112 { |
24 console.log(...args); | 113 console.log(...args); |
25 } | 114 } |
26 | 115 |
27 exports.log = log; | 116 exports.log = log; |
| 117 |
| 118 /** |
| 119 * Similar to {@link log}, but does the logging in the context of the document |
| 120 * rather than the content script. This may be used for testing and debugging, |
| 121 * especially to verify that the injection of snippets into the document is |
| 122 * working without any errors. |
| 123 * |
| 124 * @param {...*} [args] The arguments to log. |
| 125 */ |
| 126 function trace(...args) |
| 127 { |
| 128 // We could simply use console.log here, but the goal is to demonstrate the |
| 129 // usage of snippet dependencies. |
| 130 log(...args); |
| 131 } |
| 132 |
| 133 exports.trace = makeInjector(trace, log); |
OLD | NEW |