external/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-10 01:02:08 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix potential exfiltration of browsing history by a rogue list author through permissions=

Browse source 
As with `csp=` option, reporting capabilities need to be taken
into account with `permissions=` option.

Reference:
https://github.com/w3c/webappsec-permissions-policy/blob/main/reporting.md

This commit ensures that `permissions=` option using `report-to` are
marked as invalid.
This commit is contained in:
Raymond Hill 2024-02-13 15:09:38 -05:00
parent 3037ae5f04
commit 7b138b58c6
No known key found for this signature in database
GPG key ID: 25E1490B761470C2
1 changed files with 6 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/js/static-filtering-parser.js
View file

@ -897,6 +897,7 @@ export class AstFilterParser {
this.rePatternScriptletJsonArgs = /^\{.*\}$/;
this.reGoodRegexToken = /[^\x01%0-9A-Za-z][%0-9A-Za-z]{7,}|[^\x01%0-9A-Za-z][%0-9A-Za-z]{1,6}[^\x01%0-9A-Za-z]/;
this.reBadCSP = /(?:^|;)\s*report-(?:to|uri)\b/i;
this.reBadPP = /(?:^|;)\s*report-to\b/i;
this.reNoopOption = /^_+$/;
this.scriptletArgListParser = new ArgListParser(',');
}
@ -1400,7 +1401,11 @@ export class AstFilterParser {
realBad = this.isRegexPattern() === false;
break;
case NODE_TYPE_NET_OPTION_NAME_PERMISSIONS:
realBad = modifierType !== 0 || (hasValue || isException) === false;
realBad = modifierType !== 0 ||
(hasValue || isException) === false ||
this.reBadPP.test(
this.getNetOptionValue(NODE_TYPE_NET_OPTION_NAME_PERMISSIONS)
);
if ( realBad ) { break; }
modifierType = type;
break;