Maintenance contentScript (sanitize html-input)

This commit is contained in:
magnolia1234 2021-06-29 19:59:15 +02:00
parent 62221c780a
commit 6727774c82
6 changed files with 77 additions and 48 deletions

View file

@ -1231,19 +1231,27 @@ if (matchUrlDomain(change_headers, details.url) && (['main_frame', 'sub_frame',
if (tabId !== -1) { if (tabId !== -1) {
ext_api.tabs.get(tabId, function (currentTab) { ext_api.tabs.get(tabId, function (currentTab) {
if ((currentTab && isSiteEnabled(currentTab) && !(matchUrlDomain('nationalgeographic.com', currentTabUrl) && !header_referer)) || medium_custom_domain || au_apn_site || au_swm_site) { if ((currentTab && isSiteEnabled(currentTab) && !(matchUrlDomain('nationalgeographic.com', currentTab.url) && !header_referer)) || medium_custom_domain || au_apn_site || au_swm_site) {
if (currentTab.url !== currentTabUrl) { if (currentTab.url !== currentTabUrl) {
csDone = false; csDone = false;
currentTabUrl = currentTab.url; currentTabUrl = currentTab.url;
} }
if ((!['font', 'stylesheet'].includes(details.type) || matchUrlDomain(cs_limit_except, currentTabUrl)) && !csDone) { if ((!['font', 'stylesheet'].includes(details.type) || matchUrlDomain(cs_limit_except, currentTabUrl)) && !csDone) {
let lib_file = 'lib/empty.js';
if (matchUrlDomain(['business-standard.com', 'cicero.de', 'economictimes.com', 'faz.net', 'gva.be', 'lesechos.fr', 'newleftreview.org', 'newyorker.com', 'nzherald.co.nz', 'prospectmagazine.co.uk', 'sudouest.fr', 'techinasia.com', 'valor.globo.com'].concat(nl_mediahuis_region_domains), currentTabUrl))
lib_file = 'lib/purify.min.js';
ext_api.tabs.executeScript(tabId, { ext_api.tabs.executeScript(tabId, {
file: 'contentScript.js', file: lib_file,
runAt: 'document_start' runAt: 'document_start'
}, function (res) { }, function () {
if (ext_api.runtime.lastError || res[0]) { ext_api.tabs.executeScript(tabId, {
return; file: 'contentScript.js',
} runAt: 'document_start'
}, function (res) {
if (ext_api.runtime.lastError || res[0]) {
return;
}
})
}); });
} }
} }

View file

@ -3,6 +3,7 @@ Changelog Bypass Paywalls Clean - Firefox
Post-release Post-release
Fix Augsburger Allgemeine Fix Augsburger Allgemeine
Maintenance contentScript (sanitize html-input)
* v2.2.7.0 (2021-06-27) * v2.2.7.0 (2021-06-27)
Fix National Geographic USA Fix National Geographic USA

View file

@ -180,50 +180,68 @@ else {
let url = window.location.href; let url = window.location.href;
if (!url_loaded || !url.includes(url_loaded.slice(-10))) if (!url_loaded || !url.includes(url_loaded.slice(-10)))
window.location.reload(true); window.location.reload(true);
let article = ''; let par_elem, par_sub1, par_sub2;
let div_content = document.createElement('div'); let par_dom = document.createElement('div');
let tweet_id = 1;
for (let par of json_content) { for (let par of json_content) {
par_elem = '';
if (par.kind === 'text') { if (par.kind === 'text') {
article = article + '<p>' + par.text + '</p>'; par_elem = document.createElement('p');
par_elem.innerText = par.text;
} else if (par.kind === 'subhead') { } else if (par.kind === 'subhead') {
article = article + '<h2>' + par.text + '</h2>'; par_elem = document.createElement('h2');
par_elem.innerText = par.text;
} else if (par.kind === 'pull-quote') { } else if (par.kind === 'pull-quote') {
article = article + '<i>' + (par.attribution ? par.attribution + ': ' : '') + par.text + '</i>'; par_elem = document.createElement('i');
par_elem.innerText = (par.attribution ? par.attribution + ': ' : '') + par.text;
} else if (par.kind === 'embed') { } else if (par.kind === 'embed') {
if (par.reference.includes('https://omny.fm/') || par.reference.includes('https://docdro.id/')) { if (par.reference.includes('https://omny.fm/') || par.reference.includes('https://docdro.id/')) {
article = article + '<embed src="' + par.reference + '" style="height:500px; width:100%" frameborder="0"></embed>'; par_elem = document.createElement('embed');
par_elem.src = par.reference;
par_elem.style = 'height:500px; width:100%';
par_elem.frameborder = '0';
} else { } else {
article = article + 'Embed: ' + '<a href="' + par.reference + '" target="_blank">' + par.reference.split('?')[0] + '</a>'; par_elem = document.createElement('a');
par_elem.href = par.reference;
par_elem.innerText = par.reference.split('?')[0];
console.log('embed: ' + par.reference); console.log('embed: ' + par.reference);
} }
} else if (par.kind === 'unordered-list') { } else if (par.kind === 'unordered-list') {
if (par.items) { if (par.items) {
article = article + '<ul>'; par_elem = document.createElement('ul');
for (let item of par.items) for (let item of par.items)
if (item.text && item.intentions[0].href) { if (item.text && item.intentions[0].href) {
article = article + '<li><a href="' + item.intentions[0].href + '">' + item.text + '</a></li>'; par_sub1 = document.createElement('li');
par_sub2 = document.createElement('a');
par_sub2.href = item.intentions[0].href;
par_sub2.innerText = item.text;
par_sub1.appendChild(par_sub2);
par_elem.appendChild(par_sub1);
} }
article = article + '</ul>';
} }
} else if (par.kind === 'inline') { } else if (par.kind === 'inline') {
if (par.asset.kind === 'image') { if (par.asset.kind === 'image') {
article = article + '<figure><img src="' + par.asset.original.reference + '" style="width:100%">'; par_elem = document.createElement('figure');
if (par.asset.captionText) par_sub1 = document.createElement('img');
article = article + '<figcaption>' + par_sub1.src = par.asset.original.reference;
par.asset.captionText + ' ' + par.asset.copyrightByline + par_sub1.style = 'width:100%';
((par.asset.copyrightCredit && par.asset.captionText !== par.asset.copyrightByline) ? '/' + par.asset.copyrightCredit : '') + par_elem.appendChild(par_sub1);
'<figcaption>'; if (par.asset.captionText) {
article = article + '</figure>'; par_sub2 = document.createElement('figcaption');
par_sub2.innerText = par.asset.captionText + ' ' + par.asset.copyrightByline +
((par.asset.copyrightCredit && par.asset.captionText !== par.asset.copyrightByline) ? '/' + par.asset.copyrightCredit : '');
par_elem.appendChild(par_sub2);
}
} }
} else { } else {
article = article + '<p>' + par.text + '</p>'; par_elem = document.createElement('p');
par_elem.innerText = par.text;
console.log(par.kind); console.log(par.kind);
} }
if (par_elem)
par_dom.appendChild(par_elem);
} }
let content = document.querySelector('div[class*="StyledArticleContent"]'); let content = document.querySelector('div[class*="StyledArticleContent"]');
let parser = new DOMParser();
let par_html = parser.parseFromString('<div>' + article + '</div>', 'text/html');
let par_dom = par_html.querySelector('div');
if (content) { if (content) {
content.appendChild(par_dom); content.appendChild(par_dom);
} else { } else {
@ -356,7 +374,7 @@ else if (matchDomain('faz.net')) {
if (response.ok) { if (response.ok) {
response.text().then(html => { response.text().then(html => {
var parser = new DOMParser(); var parser = new DOMParser();
var doc = parser.parseFromString(html, 'text/html'); var doc = parser.parseFromString(DOMPurify.sanitize(html), 'text/html');
let json = doc.querySelector('script[id="schemaOrgJson"]'); let json = doc.querySelector('script[id="schemaOrgJson"]');
if (json) { if (json) {
var json_text = json.text.replace(/(\r|\n)/g, ''); var json_text = json.text.replace(/(\r|\n)/g, '');
@ -898,7 +916,7 @@ else if (matchDomain('lesechos.fr') && window.location.href.match(/-\d{6,}/)) {
if (paywallNode) { if (paywallNode) {
let contentNode = document.createElement('div'); let contentNode = document.createElement('div');
let parser = new DOMParser(); let parser = new DOMParser();
let article_html = parser.parseFromString('<div>' + article + '</div>', 'text/html'); let article_html = parser.parseFromString('<div>' + DOMPurify.sanitize(article) + '</div>', 'text/html');
let article_par = article_html.querySelector('div'); let article_par = article_html.querySelector('div');
if (article_par) { if (article_par) {
contentNode.appendChild(article_par); contentNode.appendChild(article_par);
@ -1130,10 +1148,7 @@ else if (matchDomain('gva.be')) {
let parser = new DOMParser(); let parser = new DOMParser();
let div_content = main_content.querySelector('div'); let div_content = main_content.querySelector('div');
div_content.setAttribute('class', 'gva-6c6ea21_marginbottom5 gva-28c280e9_contentwrapper'); div_content.setAttribute('class', 'gva-6c6ea21_marginbottom5 gva-28c280e9_contentwrapper');
let par_elem, let par_elem, par_key, par_li, par_html;
par_key,
par_li,
par_html;
let head = document.querySelector('head'); let head = document.querySelector('head');
let streamone = false; let streamone = false;
let flourish = false; let flourish = false;
@ -1143,7 +1158,7 @@ else if (matchDomain('gva.be')) {
par_key = par[key]; par_key = par[key];
if (['p', 'subhead'].includes(key)) { if (['p', 'subhead'].includes(key)) {
if (par_key.includes('<')) { if (par_key.includes('<')) {
par_html = parser.parseFromString('<p>' + par_key + '</p>', 'text/html'); par_html = parser.parseFromString('<p>' + DOMPurify.sanitize(par_key) + '</p>', 'text/html');
par_elem = par_html.querySelector('p'); par_elem = par_html.querySelector('p');
} else } else
par_elem.innerText = par_key; par_elem.innerText = par_key;
@ -1155,7 +1170,7 @@ else if (matchDomain('gva.be')) {
} else if (key === 'bullet_list') { } else if (key === 'bullet_list') {
par_elem = document.createElement('ul'); par_elem = document.createElement('ul');
for (let bullet of par_key) { for (let bullet of par_key) {
par_html = parser.parseFromString('<li>' + bullet + '</li>', 'text/html'); par_html = parser.parseFromString('<li>' + DOMPurify.sanitize(bullet) + '</li>', 'text/html');
par_li = par_html.querySelector('li'); par_li = par_html.querySelector('li');
let bullet_link = par_li.querySelector('a'); let bullet_link = par_li.querySelector('a');
if (bullet_link && bullet_link.href && !bullet_link.innerText) if (bullet_link && bullet_link.href && !bullet_link.innerText)
@ -1165,17 +1180,18 @@ else if (matchDomain('gva.be')) {
} else if (key === 'streamone') { } else if (key === 'streamone') {
if (!streamone) { if (!streamone) {
let streamone_script = document.createElement('script'); let streamone_script = document.createElement('script');
streamone_script.setAttribute('src', 'https://shared.mediahuis.be/videoplayers/mediahuis/video-theoplayer.js?v=20201111T131002'); streamone_script.setAttribute('src', 'https://shared.mediahuis.be/videoplayers/mediahuis/video-theoplayer.js?v=20210629T080526');
streamone_script.setAttribute('defer', true); streamone_script.setAttribute('defer', true);
streamone_script.setAttribute('crossorigin', 'anonymous'); streamone_script.setAttribute('crossorigin', 'anonymous');
if (head) if (head)
head.appendChild(streamone_script); head.appendChild(streamone_script);
streamone = true; streamone = true;
} }
par_html = parser.parseFromString('<div id="json_id"><div class="gva-6c6ea21_marginbottom5 gva-28c280e9_contentwrapper"><div class="gva-6c6ea21_marginbottom4"><div class="gva-6c6ea21_marginbottom0"><div class="gva-e5b9f66a_root" data-testid="embed-video"><svg class="gva-e5b9f66a_placeholder" viewBox="0 0 16 9" aria-hidden="true"></svg><div><div id="video-player-' + par_key.id + '" style="width:100%;" data-video-embed-id="' + par_key.id + '" data-video-target-id="video-player-' + par_key.id + '" data-video-brand="gva" class="js-theoplayer-placeholder"></div></div></div></div></div>', 'text/html'); let par_key_id = DOMPurify.sanitize(par_key.id);
par_html = parser.parseFromString('<div id="json_id"><div class="gva-6c6ea21_marginbottom5 gva-28c280e9_contentwrapper"><div class="gva-6c6ea21_marginbottom4"><div class="gva-6c6ea21_marginbottom0"><div class="gva-e5b9f66a_root" data-testid="embed-video"><svg class="gva-e5b9f66a_placeholder" viewBox="0 0 16 9" aria-hidden="true"></svg><div><div id="video-player-' + par_key_id + '" style="width:100%;" data-video-embed-id="' + par_key_id + '" data-video-target-id="video-player-' + par_key_id + '" data-video-brand="gva" class="js-theoplayer-placeholder"></div></div></div></div></div>', 'text/html');
par_elem = par_html.querySelector('div'); par_elem = par_html.querySelector('div');
} else if (key === 'legacy-ml') { } else if (key === 'legacy-ml') {
par_html = parser.parseFromString(par_key, 'text/html'); par_html = parser.parseFromString(DOMPurify.sanitize(par_key), 'text/html');
par_elem = par_html.querySelector('div'); par_elem = par_html.querySelector('div');
if (!flourish && par_key.includes('flourish.studio')) { if (!flourish && par_key.includes('flourish.studio')) {
let flourish_script = document.createElement('script'); let flourish_script = document.createElement('script');
@ -1186,7 +1202,7 @@ else if (matchDomain('gva.be')) {
} }
} else { } else {
console.log(key + ': ' + par_key); console.log(key + ': ' + par_key);
par_html = parser.parseFromString('<p>' + par_key + '</p>', 'text/html'); par_html = parser.parseFromString('<p>' + DOMPurify.sanitize(par_key) + '</p>', 'text/html');
par_elem = par_html.querySelector('p'); par_elem = par_html.querySelector('p');
} }
if (!['streamone', 'legacy-ml'].includes(key)) if (!['streamone', 'legacy-ml'].includes(key))
@ -1266,7 +1282,7 @@ else if (matchDomain(nl_mediahuis_region_domains)) {
par_elem = ''; par_elem = '';
par_key = par[key]; par_key = par[key];
if (key === 'subhead') { if (key === 'subhead') {
par_html = parser.parseFromString('<div><strong>' + par_key + '</strong></div>', 'text/html'); par_html = parser.parseFromString('<div><strong>' + DOMPurify.sanitize(par_key) + '</strong></div>', 'text/html');
par_elem = par_html.querySelector('div'); par_elem = par_html.querySelector('div');
} else if (key === 'twitter' || key === 'instagram') { } else if (key === 'twitter' || key === 'instagram') {
par_elem = document.createElement('a'); par_elem = document.createElement('a');
@ -1304,7 +1320,7 @@ else if (matchDomain(nl_mediahuis_region_domains)) {
par_div.innerText += par[key].credit ? '\n' + par[key].credit : ''; par_div.innerText += par[key].credit ? '\n' + par[key].credit : '';
par_elem.appendChild(par_div); par_elem.appendChild(par_div);
} else { } else {
par_html = parser.parseFromString('<div>' + par_key + '</div>', 'text/html'); par_html = parser.parseFromString('<div>' + DOMPurify.sanitize(par_key) + '</div>', 'text/html');
par_elem = par_html.querySelector('div'); par_elem = par_html.querySelector('div');
} }
if (par_elem) if (par_elem)
@ -1691,7 +1707,7 @@ else if (matchDomain('business-standard.com')) {
json_text = parseHtmlEntities(json_text); json_text = parseHtmlEntities(json_text);
json_text = json_text.replace(/(?:^|[\w\"\'\])(\.|\?|!)(?=[A-Z\"\”\“\\\'][A-Za-zÀ-ÿ\"\”\“\\\']{1,})/gm, "$&</br></br>") + '</br></br>'; json_text = json_text.replace(/(?:^|[\w\"\'\])(\.|\?|!)(?=[A-Z\"\”\“\\\'][A-Za-zÀ-ÿ\"\”\“\\\']{1,})/gm, "$&</br></br>") + '</br></br>';
let parser = new DOMParser(); let parser = new DOMParser();
let html = parser.parseFromString('<div>' + json_text + '</div>', 'text/html'); let html = parser.parseFromString('<div>' + DOMPurify.sanitize(json_text) + '</div>', 'text/html');
let article = html.querySelector('div'); let article = html.querySelector('div');
if (article) { if (article) {
let p_content = document.querySelector('span.p-content.paywall'); let p_content = document.querySelector('span.p-content.paywall');
@ -1773,7 +1789,7 @@ else if (matchDomain('economictimes.com')) {
if (content && full_text) { if (content && full_text) {
content.innerText = ''; content.innerText = '';
let parser = new DOMParser(); let parser = new DOMParser();
html = parser.parseFromString('<div>' + full_text.innerHTML + '</div>', 'text/html'); html = parser.parseFromString('<div>' + DOMPurify.sanitize(full_text.innerHTML) + '</div>', 'text/html');
let article = html.querySelector('div'); let article = html.querySelector('div');
content.appendChild(article); content.appendChild(article);
removeDOMElement(full_text); removeDOMElement(full_text);
@ -2090,7 +2106,7 @@ else if (matchDomain('newyorker.com')) {
for (let overlay of overlays) { for (let overlay of overlays) {
let noscript = overlay.querySelector('noscript'); let noscript = overlay.querySelector('noscript');
if (noscript && noscript.innerHTML) { if (noscript && noscript.innerHTML) {
let html = parser.parseFromString(noscript.innerHTML, 'text/html'); let html = parser.parseFromString(DOMPurify.sanitize(noscript.innerHTML), 'text/html');
overlay.appendChild(html.querySelector('img')); overlay.appendChild(html.querySelector('img'));
removeDOMElement(noscript); removeDOMElement(noscript);
} }
@ -2114,7 +2130,7 @@ else if (matchDomain('nzherald.co.nz')) {
par_dom; par_dom;
let parser = new DOMParser(); let parser = new DOMParser();
for (let hidden_par of hidden_pars) { for (let hidden_par of hidden_pars) {
let par_html = parser.parseFromString('<div style="margin: 10px 0px; font-size: 17px">' + hidden_par.innerHTML + '</div>', 'text/html'); let par_html = parser.parseFromString('<div style="margin: 10px 0px; font-size: 17px">' + DOMPurify.sanitize(hidden_par.innerHTML) + '</div>', 'text/html');
let par_dom = par_html.querySelector('div'); let par_dom = par_html.querySelector('div');
article_content.insertBefore(par_dom, hidden_par); article_content.insertBefore(par_dom, hidden_par);
} }
@ -2307,7 +2323,7 @@ else if (matchDomain('techinasia.com')) {
let content = document.querySelector('div.content'); let content = document.querySelector('div.content');
if (json_text && content) { if (json_text && content) {
let parser = new DOMParser(); let parser = new DOMParser();
let doc = parser.parseFromString('<div class="jsx-1794864983 content">' + json_text + '</div>', 'text/html'); let doc = parser.parseFromString('<div class="jsx-1794864983 content">' + DOMPurify.sanitize(json_text) + '</div>', 'text/html');
let content_new = doc.querySelector('div.content'); let content_new = doc.querySelector('div.content');
content.parentNode.replaceChild(content_new, content); content.parentNode.replaceChild(content_new, content);
} }
@ -2593,6 +2609,7 @@ function matchDomain(domains, hostname) {
return matched_domain; return matched_domain;
} }
// add domains to manifest (content_scripts - matches)
function replaceDomElementExt(url, proxy, base64, selector, text_fail = '') { function replaceDomElementExt(url, proxy, base64, selector, text_fail = '') {
let proxyurl = proxy ? 'https://bpc2-cors-anywhere.herokuapp.com/' : ''; let proxyurl = proxy ? 'https://bpc2-cors-anywhere.herokuapp.com/' : '';
fetch(proxyurl + url, {headers: {"Content-Type": "text/plain", "X-Requested-With": "XMLHttpRequest"} }) fetch(proxyurl + url, {headers: {"Content-Type": "text/plain", "X-Requested-With": "XMLHttpRequest"} })
@ -2605,7 +2622,7 @@ function replaceDomElementExt(url, proxy, base64, selector, text_fail = '') {
selector = 'body'; selector = 'body';
} }
let parser = new DOMParser(); let parser = new DOMParser();
let doc = parser.parseFromString(html, 'text/html'); let doc = parser.parseFromString(DOMPurify.sanitize(html), 'text/html');
let article_new = doc.querySelector(selector); let article_new = doc.querySelector(selector);
if (article_new) { if (article_new) {
if (article) if (article)

0
lib/empty.js Normal file
View file

3
lib/purify.min.js vendored Normal file

File diff suppressed because one or more lines are too long

View file

@ -528,5 +528,5 @@
"*://*.wallkit.net/*", "*://*.wallkit.net/*",
"*://*.wsj.net/*" "*://*.wsj.net/*"
], ],
"version": "2.2.7.1" "version": "2.2.7.2"
} }