From 5af5911cf19df9ae7b19ef94376d1d6954524cf3 Mon Sep 17 00:00:00 2001 From: Peter Snyder Date: Fri, 13 Oct 2017 17:30:57 -0500 Subject: [PATCH] it actually works! --- background_scripts/bootstrap.js | 84 ++++++++++++-- config/index.html | 4 +- config/js/config.js | 7 +- content_scripts/src/instrument.js | 20 +++- gulpfile.js | 31 ++--- lib/URI.js | 117 +++++++++++++++++++ {content_scripts/src => lib}/init.js | 0 lib/js.cookie.js | 165 +++++++++++++++++++++++++++ lib/pack.js | 84 ++++++++++++++ {config/js => lib}/storage.js | 0 manifest.json | 29 ++++- 11 files changed, 500 insertions(+), 41 deletions(-) create mode 100644 lib/URI.js rename {content_scripts/src => lib}/init.js (100%) create mode 100644 lib/js.cookie.js create mode 100644 lib/pack.js rename {config/js => lib}/storage.js (100%) diff --git a/background_scripts/bootstrap.js b/background_scripts/bootstrap.js index 5b9364d..4cd2277 100644 --- a/background_scripts/bootstrap.js +++ b/background_scripts/bootstrap.js @@ -1,22 +1,82 @@ /*jslint es6: true*/ -/*global chrome*/ +/*global chrome, browser, window, URI*/ (function () { - "use strict"; - const onMsgHandler = function (request, ignore, sendResponse) { + const {packingLib, standards, storageLib} = window.WEB_API_MANAGER; + const rootObject = window.browser || window.chrome; - let requestingDoman = request.domain; + // Once loaded from storage, will be a mapping from regular expressions + // (or the default option, "(default)"), to an array of standards + // that should be blocked on matching domains. + let domainRules; - if (request.request !== "rules") { - sendResponse(null); - return false; + storageLib.get(function (loadedDomainRules) { + domainRules = loadedDomainRules; + }); + + rootObject.runtime.onMessage.addListener(function (request, sender, tab) { + const [label, data] = request; + // Listen for updates to the domain rules from the config page. + if (label === "rulesUpdate") { + domainRules = data; } + }); - sendResponse({ - rules: ["fetch"] - }); - return false; + const extractHostFromUrl = function (url) { + const uri = URI(url); + return uri.hostname(); }; - chrome.runtime.onMessage.addListener(onMsgHandler); + const matchingUrlReduceFunction = function (domain, prev, next) { + if (prev) { + return prev; + } + + const domainRegex = new RegExp(next); + if (domainRegex.test(domain)) { + return next; + } + + return prev; + }; + + + const requestFilter = { + urls: [""], + types: ["main_frame", "sub_frame"] + }; + const requestOptions = ["blocking", "responseHeaders"]; + + + + + chrome.webRequest.onHeadersReceived.addListener(function (details) { + + const url = details.url; + const hostName = extractHostFromUrl(url); + const defaultKey = "(default)"; + + // Decide which set of blocking rules to use, depending on the host + // of the URL being requested. + const matchingUrlReduceFunctionBound = matchingUrlReduceFunction.bind(undefined, hostName); + const matchingPattern = Object + .keys(domainRules) + .filter((aRule) => aRule !== defaultKey) + .sort() + .reduce(matchingUrlReduceFunctionBound, undefined); + + const standardsToBlock = domainRules[matchingPattern || defaultKey]; + + const options = Object.keys(standards); + const packedValues = packingLib.pack(options, standardsToBlock); + + details.responseHeaders.push({ + name: "Set-Cookie", + value: `web-api-manager=${packedValues}` + }); + + return { + responseHeaders: details.responseHeaders + }; + }, requestFilter, requestOptions); }()); \ No newline at end of file diff --git a/config/index.html b/config/index.html index 4c8553f..d73eac8 100644 --- a/config/index.html +++ b/config/index.html @@ -24,10 +24,10 @@ - + + - diff --git a/config/js/config.js b/config/js/config.js index fb885ec..79f694d 100644 --- a/config/js/config.js +++ b/config/js/config.js @@ -1,8 +1,9 @@ /*jslint es6: true*/ -/*global window, browser, Vue*/ +/*global window, browser, chrome, Vue*/ (function () { "use strict"; + const rootObject = (window.browser || window.chrome); const doc = window.document; const standards = window.WEB_API_MANAGER.standards; const defaultConservativeRules = window.WEB_API_MANAGER.defaults.conservative; @@ -30,7 +31,9 @@ }); const updateStoredSettings = function () { - storageLib.set(state.domainRules, function () {}); + storageLib.set(state.domainRules, function () { + rootObject.runtime.sendMessage(["rulesUpdate", state.domainRules]); + }); }; vm.$watch("selectedStandards", updateStoredSettings); diff --git a/content_scripts/src/instrument.js b/content_scripts/src/instrument.js index 26b905c..42d0db1 100644 --- a/content_scripts/src/instrument.js +++ b/content_scripts/src/instrument.js @@ -1,16 +1,24 @@ /*jslint es6: true, browser: true*/ -/*global chrome, window*/ +/*global chrome, window, Cookies*/ // This script file runs in the context of the extension, and mainly // exists to inject the proxy blocking code into content frames. (function () { "use strict"; - let script = document.createElement('script'); - let rootElm = document.head || document.documentElement; - let code = ` + const script = document.createElement('script'); + const rootElm = document.head || document.documentElement; + + const cookieKey = "web-api-manager"; + const {packingLib, standards} = window.WEB_API_MANAGER; + const options = Object.keys(standards); + const packedValues = Cookies.get(cookieKey); + const standardsToBlock = packingLib.unpack(options, packedValues); + Cookies.remove(cookieKey); + + const code = ` window.WEB_API_MANAGER_PAGE = { - standards: ${JSON.stringify(window.WEB_API_MANAGER.standards)}, - toBlock: ${JSON.stringify(window.WEB_API_MANAGER.defaults)}, + standards: ${JSON.stringify(standards)}, + toBlock: ${JSON.stringify(standardsToBlock)}, shouldLog: true }; ###-INJECTED-PROXY-BLOCKING-CODE-### diff --git a/gulpfile.js b/gulpfile.js index c41eacc..e05e551 100644 --- a/gulpfile.js +++ b/gulpfile.js @@ -3,6 +3,17 @@ const fs = require('fs'); gulp.task('default', function () { + const isLineAComment = function (aLine) { + const lineStartsWithComment = ( + aLine.indexOf("// ") === 0 || + aLine.indexOf("/*") === 0 || + aLine.indexOf(" */") === 0 || + aLine.indexOf(" * ") === 0 + ); + return lineStartsWithComment; + }; + + const builtScriptComment = "/** This file is automatically generated. **/\n"; const standardsDefDir = "data/standards"; // Build all the standards listings into a single features.js file. @@ -19,8 +30,7 @@ gulp.task('default', function () { return prev; }, {}); - let renderedStandardsModule = "/** This file is automatically generated by gulp. **/\n"; - renderedStandardsModule += `window.WEB_API_MANAGER.standards = ${JSON.stringify(combinedStandards)};`; + const renderedStandardsModule = builtScriptComment + `window.WEB_API_MANAGER.standards = ${JSON.stringify(combinedStandards)};`; fs.writeFileSync("content_scripts/dist/standards.js", renderedStandardsModule); @@ -29,14 +39,7 @@ gulp.task('default', function () { const stripCommentsFromSource = function (source) { const fileLines = source.split("\n"); - const linesWithoutComments = fileLines.filter(function (aLine) { - const lineStartsWithComment = ( - aLine.indexOf("// ") === 0 || - aLine.indexOf("/*") === 0 || - aLine.indexOf(" * ") === 0 - ); - return !lineStartsWithComment; - }); + const linesWithoutComments = fileLines.filter(aLine => !isLineAComment(aLine)); return linesWithoutComments.join("\n"); }; @@ -47,12 +50,14 @@ gulp.task('default', function () { proxyBlockSrcWOComments ); - fs.writeFileSync("content_scripts/dist/instrument.js", instrumentSrcWithProxyInjected); + fs.writeFileSync("content_scripts/dist/instrument.js", builtScriptComment + instrumentSrcWithProxyInjected); // Last, several content script files are just copied over, unmodified, // as script files to be injected. - const srcFilesToCopy = ["defaults.js", "init.js"]; + const srcFilesToCopy = ["defaults.js"]; srcFilesToCopy.forEach(function (aSrcPath) { - fs.copyFileSync("content_scripts/src/" + aSrcPath, "content_scripts/dist/" + aSrcPath); + const scriptSrc = fs.readFileSync("content_scripts/src/" + aSrcPath, "utf8"); + const scriptSrcWOComments = stripCommentsFromSource(scriptSrc); + fs.writeFileSync("content_scripts/dist/" + aSrcPath, builtScriptComment + scriptSrcWOComments); }); }); diff --git a/lib/URI.js b/lib/URI.js new file mode 100644 index 0000000..1c19495 --- /dev/null +++ b/lib/URI.js @@ -0,0 +1,117 @@ +/*! URI.js v1.19.0 http://medialize.github.io/URI.js/ */ +/* build contains: IPv6.js, punycode.js, SecondLevelDomains.js, URI.js */ +/* + URI.js - Mutating URLs + IPv6 Support + + Version: 1.19.0 + + Author: Rodney Rehm + Web: http://medialize.github.io/URI.js/ + + Licensed under + MIT License http://www.opensource.org/licenses/mit-license + + https://mths.be/punycode v1.4.0 by @mathias URI.js - Mutating URLs + Second Level Domain (SLD) Support + + Version: 1.19.0 + + Author: Rodney Rehm + Web: http://medialize.github.io/URI.js/ + + Licensed under + MIT License http://www.opensource.org/licenses/mit-license + + URI.js - Mutating URLs + + Version: 1.19.0 + + Author: Rodney Rehm + Web: http://medialize.github.io/URI.js/ + + Licensed under + MIT License http://www.opensource.org/licenses/mit-license + +*/ +(function(k,n){"object"===typeof module&&module.exports?module.exports=n():"function"===typeof define&&define.amd?define(n):k.IPv6=n(k)})(this,function(k){var n=k&&k.IPv6;return{best:function(l){l=l.toLowerCase().split(":");var h=l.length,c=8;""===l[0]&&""===l[1]&&""===l[2]?(l.shift(),l.shift()):""===l[0]&&""===l[1]?l.shift():""===l[h-1]&&""===l[h-2]&&l.pop();h=l.length;-1!==l[h-1].indexOf(".")&&(c=7);var m;for(m=0;mk;k++)if("0"===h[0]&&1k&&(h=n,k=p)):"0"===l[m]&&(u=!0,n=m,p=1);p>k&&(h=n,k=p);1=l&&h>>10&1023|55296),c=56320|c&1023);return g+=q(c)}).join("")}function w(c,g){return c+22+75*(26>c)-((0!=g)<<5)}function p(c,h,m){var l=0;c=m?g(c/700):c>>1;for(c+=g(c/h);455e&&(e=0);for(b=0;b=l&&n("invalid-input");var r=c.charCodeAt(e++); +r=10>r-48?r-22:26>r-65?r-65:26>r-97?r-97:36;(36<=r||r>g((2147483647-k)/f))&&n("overflow");k+=r*f;var A=d<=a?1:d>=a+26?26:d-a;if(rg(2147483647/r)&&n("overflow");f*=r}f=h.length+1;a=p(k-b,f,0==b);g(k/f)>2147483647-q&&n("overflow");q+=g(k/f);k%=f;h.splice(k++,0,q)}return m(h)}function u(h){var l,m,k,t=[];h=c(h);var a=h.length;var b=128;var d=0;var e=72;for(k=0;kf&&t.push(q(f))}for((l=m=t.length)&&t.push("-");l=b&& +fg((2147483647-d)/A)&&n("overflow");d+=(r-b)*A;b=r;for(k=0;k=e+26?26:r-e;if(y= 0x80 (not a basic code point)","invalid-input":"Invalid input"},g=Math.floor,q=String.fromCharCode,t;var v={version:"1.3.2",ucs2:{decode:c,encode:m},decode:D,encode:u,toASCII:function(c){return h(c,function(c){return z.test(c)?"xn--"+u(c):c})},toUnicode:function(c){return h(c,function(c){return E.test(c)?D(c.slice(4).toLowerCase()): +c})}};if("function"==typeof define&&"object"==typeof define.amd&&define.amd)define("punycode",function(){return v});else if(B&&C)if(module.exports==B)C.exports=v;else for(t in v)v.hasOwnProperty(t)&&(B[t]=v[t]);else k.punycode=v})(this); +(function(k,n){"object"===typeof module&&module.exports?module.exports=n():"function"===typeof define&&define.amd?define(n):k.SecondLevelDomains=n(k)})(this,function(k){var n=k&&k.SecondLevelDomains,l={list:{ac:" com gov mil net org ",ae:" ac co gov mil name net org pro sch ",af:" com edu gov net org ",al:" com edu gov mil net org ",ao:" co ed gv it og pb ",ar:" com edu gob gov int mil net org tur ",at:" ac co gv or ",au:" asn com csiro edu gov id net org ",ba:" co com edu gov mil net org rs unbi unmo unsa untz unze ", +bb:" biz co com edu gov info net org store tv ",bh:" biz cc com edu gov info net org ",bn:" com edu gov net org ",bo:" com edu gob gov int mil net org tv ",br:" adm adv agr am arq art ato b bio blog bmd cim cng cnt com coop ecn edu eng esp etc eti far flog fm fnd fot fst g12 ggf gov imb ind inf jor jus lel mat med mil mus net nom not ntr odo org ppg pro psc psi qsl rec slg srv tmp trd tur tv vet vlog wiki zlg ",bs:" com edu gov net org ",bz:" du et om ov rg ",ca:" ab bc mb nb nf nl ns nt nu on pe qc sk yk ", +ck:" biz co edu gen gov info net org ",cn:" ac ah bj com cq edu fj gd gov gs gx gz ha hb he hi hl hn jl js jx ln mil net nm nx org qh sc sd sh sn sx tj tw xj xz yn zj ",co:" com edu gov mil net nom org ",cr:" ac c co ed fi go or sa ",cy:" ac biz com ekloges gov ltd name net org parliament press pro tm ","do":" art com edu gob gov mil net org sld web ",dz:" art asso com edu gov net org pol ",ec:" com edu fin gov info med mil net org pro ",eg:" com edu eun gov mil name net org sci ",er:" com edu gov ind mil net org rochest w ", +es:" com edu gob nom org ",et:" biz com edu gov info name net org ",fj:" ac biz com info mil name net org pro ",fk:" ac co gov net nom org ",fr:" asso com f gouv nom prd presse tm ",gg:" co net org ",gh:" com edu gov mil org ",gn:" ac com gov net org ",gr:" com edu gov mil net org ",gt:" com edu gob ind mil net org ",gu:" com edu gov net org ",hk:" com edu gov idv net org ",hu:" 2000 agrar bolt casino city co erotica erotika film forum games hotel info ingatlan jogasz konyvelo lakas media news org priv reklam sex shop sport suli szex tm tozsde utazas video ", +id:" ac co go mil net or sch web ",il:" ac co gov idf k12 muni net org ","in":" ac co edu ernet firm gen gov i ind mil net nic org res ",iq:" com edu gov i mil net org ",ir:" ac co dnssec gov i id net org sch ",it:" edu gov ",je:" co net org ",jo:" com edu gov mil name net org sch ",jp:" ac ad co ed go gr lg ne or ",ke:" ac co go info me mobi ne or sc ",kh:" com edu gov mil net org per ",ki:" biz com de edu gov info mob net org tel ",km:" asso com coop edu gouv k medecin mil nom notaires pharmaciens presse tm veterinaire ", +kn:" edu gov net org ",kr:" ac busan chungbuk chungnam co daegu daejeon es gangwon go gwangju gyeongbuk gyeonggi gyeongnam hs incheon jeju jeonbuk jeonnam k kg mil ms ne or pe re sc seoul ulsan ",kw:" com edu gov net org ",ky:" com edu gov net org ",kz:" com edu gov mil net org ",lb:" com edu gov net org ",lk:" assn com edu gov grp hotel int ltd net ngo org sch soc web ",lr:" com edu gov net org ",lv:" asn com conf edu gov id mil net org ",ly:" com edu gov id med net org plc sch ",ma:" ac co gov m net org press ", +mc:" asso tm ",me:" ac co edu gov its net org priv ",mg:" com edu gov mil nom org prd tm ",mk:" com edu gov inf name net org pro ",ml:" com edu gov net org presse ",mn:" edu gov org ",mo:" com edu gov net org ",mt:" com edu gov net org ",mv:" aero biz com coop edu gov info int mil museum name net org pro ",mw:" ac co com coop edu gov int museum net org ",mx:" com edu gob net org ",my:" com edu gov mil name net org sch ",nf:" arts com firm info net other per rec store web ",ng:" biz com edu gov mil mobi name net org sch ", +ni:" ac co com edu gob mil net nom org ",np:" com edu gov mil net org ",nr:" biz com edu gov info net org ",om:" ac biz co com edu gov med mil museum net org pro sch ",pe:" com edu gob mil net nom org sld ",ph:" com edu gov i mil net ngo org ",pk:" biz com edu fam gob gok gon gop gos gov net org web ",pl:" art bialystok biz com edu gda gdansk gorzow gov info katowice krakow lodz lublin mil net ngo olsztyn org poznan pwr radom slupsk szczecin torun warszawa waw wroc wroclaw zgora ",pr:" ac biz com edu est gov info isla name net org pro prof ", +ps:" com edu gov net org plo sec ",pw:" belau co ed go ne or ",ro:" arts com firm info nom nt org rec store tm www ",rs:" ac co edu gov in org ",sb:" com edu gov net org ",sc:" com edu gov net org ",sh:" co com edu gov net nom org ",sl:" com edu gov net org ",st:" co com consulado edu embaixada gov mil net org principe saotome store ",sv:" com edu gob org red ",sz:" ac co org ",tr:" av bbs bel biz com dr edu gen gov info k12 name net org pol tel tsk tv web ",tt:" aero biz cat co com coop edu gov info int jobs mil mobi museum name net org pro tel travel ", +tw:" club com ebiz edu game gov idv mil net org ",mu:" ac co com gov net or org ",mz:" ac co edu gov org ",na:" co com ",nz:" ac co cri geek gen govt health iwi maori mil net org parliament school ",pa:" abo ac com edu gob ing med net nom org sld ",pt:" com edu gov int net nome org publ ",py:" com edu gov mil net org ",qa:" com edu gov mil net org ",re:" asso com nom ",ru:" ac adygeya altai amur arkhangelsk astrakhan bashkiria belgorod bir bryansk buryatia cbg chel chelyabinsk chita chukotka chuvashia com dagestan e-burg edu gov grozny int irkutsk ivanovo izhevsk jar joshkar-ola kalmykia kaluga kamchatka karelia kazan kchr kemerovo khabarovsk khakassia khv kirov koenig komi kostroma kranoyarsk kuban kurgan kursk lipetsk magadan mari mari-el marine mil mordovia mosreg msk murmansk nalchik net nnov nov novosibirsk nsk omsk orenburg org oryol penza perm pp pskov ptz rnd ryazan sakhalin samara saratov simbirsk smolensk spb stavropol stv surgut tambov tatarstan tom tomsk tsaritsyn tsk tula tuva tver tyumen udm udmurtia ulan-ude vladikavkaz vladimir vladivostok volgograd vologda voronezh vrn vyatka yakutia yamal yekaterinburg yuzhno-sakhalinsk ", +rw:" ac co com edu gouv gov int mil net ",sa:" com edu gov med net org pub sch ",sd:" com edu gov info med net org tv ",se:" a ac b bd c d e f g h i k l m n o org p parti pp press r s t tm u w x y z ",sg:" com edu gov idn net org per ",sn:" art com edu gouv org perso univ ",sy:" com edu gov mil net news org ",th:" ac co go in mi net or ",tj:" ac biz co com edu go gov info int mil name net nic org test web ",tn:" agrinet com defense edunet ens fin gov ind info intl mincom nat net org perso rnrt rns rnu tourism ", +tz:" ac co go ne or ",ua:" biz cherkassy chernigov chernovtsy ck cn co com crimea cv dn dnepropetrovsk donetsk dp edu gov if in ivano-frankivsk kh kharkov kherson khmelnitskiy kiev kirovograd km kr ks kv lg lugansk lutsk lviv me mk net nikolaev od odessa org pl poltava pp rovno rv sebastopol sumy te ternopil uzhgorod vinnica vn zaporizhzhe zhitomir zp zt ",ug:" ac co go ne or org sc ",uk:" ac bl british-library co cym gov govt icnet jet lea ltd me mil mod national-library-scotland nel net nhs nic nls org orgn parliament plc police sch scot soc ", +us:" dni fed isa kids nsn ",uy:" com edu gub mil net org ",ve:" co com edu gob info mil net org web ",vi:" co com k12 net org ",vn:" ac biz com edu gov health info int name net org pro ",ye:" co com gov ltd me net org plc ",yu:" ac co edu gov org ",za:" ac agric alt bourse city co cybernet db edu gov grondar iaccess imt inca landesign law mil net ngo nis nom olivetti org pix school tm web ",zm:" ac co com edu gov net org sch ",com:"ar br cn de eu gb gr hu jpn kr no qc ru sa se uk us uy za ",net:"gb jp se uk ", +org:"ae",de:"com "},has:function(h){var c=h.lastIndexOf(".");if(0>=c||c>=h.length-1)return!1;var k=h.lastIndexOf(".",c-1);if(0>=k||k>=c-1)return!1;var n=l.list[h.slice(c+1)];return n?0<=n.indexOf(" "+h.slice(k+1,c)+" "):!1},is:function(h){var c=h.lastIndexOf(".");if(0>=c||c>=h.length-1||0<=h.lastIndexOf(".",c-1))return!1;var k=l.list[h.slice(c+1)];return k?0<=k.indexOf(" "+h.slice(0,c)+" "):!1},get:function(h){var c=h.lastIndexOf(".");if(0>=c||c>=h.length-1)return null;var k=h.lastIndexOf(".",c-1); +if(0>=k||k>=c-1)return null;var n=l.list[h.slice(c+1)];return!n||0>n.indexOf(" "+h.slice(k+1,c)+" ")?null:h.slice(k+1)},noConflict:function(){k.SecondLevelDomains===this&&(k.SecondLevelDomains=n);return this}};return l}); +(function(k,n){"object"===typeof module&&module.exports?module.exports=n(require("./punycode"),require("./IPv6"),require("./SecondLevelDomains")):"function"===typeof define&&define.amd?define(["./punycode","./IPv6","./SecondLevelDomains"],n):k.URI=n(k.punycode,k.IPv6,k.SecondLevelDomains,k)})(this,function(k,n,l,h){function c(a,b){var d=1<=arguments.length,e=2<=arguments.length;if(!(this instanceof c))return d?e?new c(a,b):new c(a):new c;if(void 0===a){if(d)throw new TypeError("undefined is not a valid argument for URI"); +a="undefined"!==typeof location?location.href+"":""}if(null===a&&d)throw new TypeError("null is not a valid argument for URI");this.href(a);return void 0!==b?this.absoluteTo(b):this}function m(a){return a.replace(/([.*+?^=!:${}()|[\]\/\\])/g,"\\$1")}function w(a){return void 0===a?"Undefined":String(Object.prototype.toString.call(a)).slice(8,-1)}function p(a){return"Array"===w(a)}function D(a,b){var d={},c;if("RegExp"===w(b))d=null;else if(p(b)){var f=0;for(c=b.length;f]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?\u00ab\u00bb\u201c\u201d\u2018\u2019]))/ig;c.findUri={start:/\b(?:([a-z][a-z0-9.+-]*:\/\/)|www\.)/gi,end:/[\s\r\n]|$/,trim:/[`!()\[\]{};:'".,<>?\u00ab\u00bb\u201c\u201d\u201e\u2018\u2019]+$/,parens:/(\([^\)]*\)|\[[^\]]*\]|\{[^}]*\}|<[^>]*>)/g};c.defaultPorts={http:"80",https:"443",ftp:"21", +gopher:"70",ws:"80",wss:"443"};c.hostProtocols=["http","https"];c.invalid_hostname_characters=/[^a-zA-Z0-9\.\-:_]/;c.domAttributes={a:"href",blockquote:"cite",link:"href",base:"href",script:"src",form:"action",img:"src",area:"href",iframe:"src",embed:"src",source:"src",track:"src",input:"src",audio:"src",video:"src"};c.getDomAttribute=function(a){if(a&&a.nodeName){var b=a.nodeName.toLowerCase();if("input"!==b||"image"===a.type)return c.domAttributes[b]}};c.encode=E;c.decode=decodeURIComponent;c.iso8859= +function(){c.encode=escape;c.decode=unescape};c.unicode=function(){c.encode=E;c.decode=decodeURIComponent};c.characters={pathname:{encode:{expression:/%(24|26|2B|2C|3B|3D|3A|40)/ig,map:{"%24":"$","%26":"&","%2B":"+","%2C":",","%3B":";","%3D":"=","%3A":":","%40":"@"}},decode:{expression:/[\/\?#]/g,map:{"/":"%2F","?":"%3F","#":"%23"}}},reserved:{encode:{expression:/%(21|23|24|26|27|28|29|2A|2B|2C|2F|3A|3B|3D|3F|40|5B|5D)/ig,map:{"%3A":":","%2F":"/","%3F":"?","%23":"#","%5B":"[","%5D":"]","%40":"@", +"%21":"!","%24":"$","%26":"&","%27":"'","%28":"(","%29":")","%2A":"*","%2B":"+","%2C":",","%3B":";","%3D":"="}}},urnpath:{encode:{expression:/%(21|24|27|28|29|2A|2B|2C|3B|3D|40)/ig,map:{"%21":"!","%24":"$","%27":"'","%28":"(","%29":")","%2A":"*","%2B":"+","%2C":",","%3B":";","%3D":"=","%40":"@"}},decode:{expression:/[\/\?#:]/g,map:{"/":"%2F","?":"%3F","#":"%23",":":"%3A"}}}};c.encodeQuery=function(a,b){var d=c.encode(a+"");void 0===b&&(b=c.escapeQuerySpace);return b?d.replace(/%20/g,"+"):d};c.decodeQuery= +function(a,b){a+="";void 0===b&&(b=c.escapeQuerySpace);try{return c.decode(b?a.replace(/\+/g,"%20"):a)}catch(d){return a}};var t={encode:"encode",decode:"decode"},v,G=function(a,b){return function(d){try{return c[b](d+"").replace(c.characters[a][b].expression,function(d){return c.characters[a][b].map[d]})}catch(e){return d}}};for(v in t)c[v+"PathSegment"]=G("pathname",t[v]),c[v+"UrnPathSegment"]=G("urnpath",t[v]);t=function(a,b,d){return function(e){var f=d?function(a){return c[b](c[d](a))}:c[b]; +e=(e+"").split(a);for(var g=0,h=e.length;gc)return a.charAt(0)===b.charAt(0)&&"/"===a.charAt(0)?"/":"";if("/"!==a.charAt(c)||"/"!==b.charAt(c))c=a.substring(0,c).lastIndexOf("/");return a.substring(0,c+1)};c.withinString=function(a,b,d){d||(d={});var e=d.start||c.findUri.start,f=d.end||c.findUri.end,g=d.trim||c.findUri.trim,h= +d.parens||c.findUri.parens,k=/[a-z0-9-]=["']?$/i;for(e.lastIndex=0;;){var l=e.exec(a);if(!l)break;var m=l.index;if(d.ignoreHtml){var n=a.slice(Math.max(m-3,0),m);if(n&&k.test(n))continue}var p=m+a.slice(m).search(f);n=a.slice(m,p);for(p=-1;;){var q=h.exec(n);if(!q)break;p=Math.max(p,q.index+q[0].length)}n=-1b))throw new TypeError('Port "'+a+'" is not a valid port');}};c.noConflict=function(a){if(a)return a={URI:this.noConflict()},h.URITemplate&&"function"===typeof h.URITemplate.noConflict&&(a.URITemplate=h.URITemplate.noConflict()),h.IPv6&&"function"===typeof h.IPv6.noConflict&&(a.IPv6=h.IPv6.noConflict()),h.SecondLevelDomains&&"function"===typeof h.SecondLevelDomains.noConflict&&(a.SecondLevelDomains=h.SecondLevelDomains.noConflict()), +a;h.URI===this&&(h.URI=H);return this};g.build=function(a){if(!0===a)this._deferred_build=!0;else if(void 0===a||this._deferred_build)this._string=c.build(this._parts),this._deferred_build=!1;return this};g.clone=function(){return new c(this)};g.valueOf=g.toString=function(){return this.build(!1)._string};g.protocol=z("protocol");g.username=z("username");g.password=z("password");g.hostname=z("hostname");g.port=z("port");g.query=F("query","?");g.fragment=F("fragment","#");g.search=function(a,b){var c= +this.query(a,b);return"string"===typeof c&&c.length?"?"+c:c};g.hash=function(a,b){var c=this.fragment(a,b);return"string"===typeof c&&c.length?"#"+c:c};g.pathname=function(a,b){if(void 0===a||!0===a){var d=this._parts.path||(this._parts.hostname?"/":"");return a?(this._parts.urn?c.decodeUrnPath:c.decodePath)(d):d}this._parts.path=this._parts.urn?a?c.recodeUrnPath(a):"":a?c.recodePath(a):"/";this.build(!b);return this};g.path=g.pathname;g.href=function(a,b){var d;if(void 0===a)return this.toString(); +this._string="";this._parts=c._parts();var e=a instanceof c,f="object"===typeof a&&(a.hostname||a.path||a.pathname);a.nodeName&&(f=c.getDomAttribute(a),a=a[f]||"",f=!1);!e&&f&&void 0!==a.pathname&&(a=a.toString());if("string"===typeof a||a instanceof String)this._parts=c.parse(String(a),this._parts);else if(e||f)for(d in e=e?a._parts:a,e)q.call(this._parts,d)&&(this._parts[d]=e[d]);else throw new TypeError("invalid input");this.build(!b);return this};g.is=function(a){var b=!1,d=!1,e=!1,f=!1,g=!1, +h=!1,k=!1,m=!this._parts.urn;this._parts.hostname&&(m=!1,d=c.ip4_expression.test(this._parts.hostname),e=c.ip6_expression.test(this._parts.hostname),b=d||e,g=(f=!b)&&l&&l.has(this._parts.hostname),h=f&&c.idn_expression.test(this._parts.hostname),k=f&&c.punycode_expression.test(this._parts.hostname));switch(a.toLowerCase()){case "relative":return m;case "absolute":return!m;case "domain":case "name":return f;case "sld":return g;case "ip":return b;case "ip4":case "ipv4":case "inet4":return d;case "ip6":case "ipv6":case "inet6":return e; +case "idn":return h;case "url":return!this._parts.urn;case "urn":return!!this._parts.urn;case "punycode":return k}return null};var J=g.protocol,K=g.port,L=g.hostname;g.protocol=function(a,b){if(a&&(a=a.replace(/:(\/\/)?$/,""),!a.match(c.protocol_expression)))throw new TypeError('Protocol "'+a+"\" contains characters other than [A-Z0-9.+-] or doesn't start with [A-Z]");return J.call(this,a,b)};g.scheme=g.protocol;g.port=function(a,b){if(this._parts.urn)return void 0===a?"":this;void 0!==a&&(0===a&& +(a=null),a&&(a+="",":"===a.charAt(0)&&(a=a.substring(1)),c.ensureValidPort(a)));return K.call(this,a,b)};g.hostname=function(a,b){if(this._parts.urn)return void 0===a?"":this;if(void 0!==a){var d={preventInvalidHostname:this._parts.preventInvalidHostname};if("/"!==c.parseHost(a,d))throw new TypeError('Hostname "'+a+'" contains characters other than [A-Z0-9.-]');a=d.hostname;this._parts.preventInvalidHostname&&c.ensureValidHostname(a,this._parts.protocol)}return L.call(this,a,b)};g.origin=function(a, +b){if(this._parts.urn)return void 0===a?"":this;if(void 0===a){var d=this.protocol();return this.authority()?(d?d+"://":"")+this.authority():""}d=c(a);this.protocol(d.protocol()).authority(d.authority()).build(!b);return this};g.host=function(a,b){if(this._parts.urn)return void 0===a?"":this;if(void 0===a)return this._parts.hostname?c.buildHost(this._parts):"";if("/"!==c.parseHost(a,this._parts))throw new TypeError('Hostname "'+a+'" contains characters other than [A-Z0-9.-]');this.build(!b);return this}; +g.authority=function(a,b){if(this._parts.urn)return void 0===a?"":this;if(void 0===a)return this._parts.hostname?c.buildAuthority(this._parts):"";if("/"!==c.parseAuthority(a,this._parts))throw new TypeError('Hostname "'+a+'" contains characters other than [A-Z0-9.-]');this.build(!b);return this};g.userinfo=function(a,b){if(this._parts.urn)return void 0===a?"":this;if(void 0===a){var d=c.buildUserinfo(this._parts);return d?d.substring(0,d.length-1):d}"@"!==a[a.length-1]&&(a+="@");c.parseUserinfo(a, +this._parts);this.build(!b);return this};g.resource=function(a,b){if(void 0===a)return this.path()+this.search()+this.hash();var d=c.parse(a);this._parts.path=d.path;this._parts.query=d.query;this._parts.fragment=d.fragment;this.build(!b);return this};g.subdomain=function(a,b){if(this._parts.urn)return void 0===a?"":this;if(void 0===a){if(!this._parts.hostname||this.is("IP"))return"";var d=this._parts.hostname.length-this.domain().length-1;return this._parts.hostname.substring(0,d)||""}d=this._parts.hostname.length- +this.domain().length;d=this._parts.hostname.substring(0,d);d=new RegExp("^"+m(d));a&&"."!==a.charAt(a.length-1)&&(a+=".");if(-1!==a.indexOf(":"))throw new TypeError("Domains cannot contain colons");a&&c.ensureValidHostname(a,this._parts.protocol);this._parts.hostname=this._parts.hostname.replace(d,a);this.build(!b);return this};g.domain=function(a,b){if(this._parts.urn)return void 0===a?"":this;"boolean"===typeof a&&(b=a,a=void 0);if(void 0===a){if(!this._parts.hostname||this.is("IP"))return"";var d= +this._parts.hostname.match(/\./g);if(d&&2>d.length)return this._parts.hostname;d=this._parts.hostname.length-this.tld(b).length-1;d=this._parts.hostname.lastIndexOf(".",d-1)+1;return this._parts.hostname.substring(d)||""}if(!a)throw new TypeError("cannot set domain empty");if(-1!==a.indexOf(":"))throw new TypeError("Domains cannot contain colons");c.ensureValidHostname(a,this._parts.protocol);!this._parts.hostname||this.is("IP")?this._parts.hostname=a:(d=new RegExp(m(this.domain())+"$"),this._parts.hostname= +this._parts.hostname.replace(d,a));this.build(!b);return this};g.tld=function(a,b){if(this._parts.urn)return void 0===a?"":this;"boolean"===typeof a&&(b=a,a=void 0);if(void 0===a){if(!this._parts.hostname||this.is("IP"))return"";var c=this._parts.hostname.lastIndexOf(".");c=this._parts.hostname.substring(c+1);return!0!==b&&l&&l.list[c.toLowerCase()]?l.get(this._parts.hostname)||c:c}if(a)if(a.match(/[^a-zA-Z0-9-]/))if(l&&l.is(a))c=new RegExp(m(this.tld())+"$"),this._parts.hostname=this._parts.hostname.replace(c, +a);else throw new TypeError('TLD "'+a+'" contains characters other than [A-Z0-9]');else{if(!this._parts.hostname||this.is("IP"))throw new ReferenceError("cannot set TLD on non-domain host");c=new RegExp(m(this.tld())+"$");this._parts.hostname=this._parts.hostname.replace(c,a)}else throw new TypeError("cannot set TLD empty");this.build(!b);return this};g.directory=function(a,b){if(this._parts.urn)return void 0===a?"":this;if(void 0===a||!0===a){if(!this._parts.path&&!this._parts.hostname)return""; +if("/"===this._parts.path)return"/";var d=this._parts.path.length-this.filename().length-1;d=this._parts.path.substring(0,d)||(this._parts.hostname?"/":"");return a?c.decodePath(d):d}d=this._parts.path.length-this.filename().length;d=this._parts.path.substring(0,d);d=new RegExp("^"+m(d));this.is("relative")||(a||(a="/"),"/"!==a.charAt(0)&&(a="/"+a));a&&"/"!==a.charAt(a.length-1)&&(a+="/");a=c.recodePath(a);this._parts.path=this._parts.path.replace(d,a);this.build(!b);return this};g.filename=function(a, +b){if(this._parts.urn)return void 0===a?"":this;if("string"!==typeof a){if(!this._parts.path||"/"===this._parts.path)return"";var d=this._parts.path.lastIndexOf("/");d=this._parts.path.substring(d+1);return a?c.decodePathSegment(d):d}d=!1;"/"===a.charAt(0)&&(a=a.substring(1));a.match(/\.?\//)&&(d=!0);var e=new RegExp(m(this.filename())+"$");a=c.recodePath(a);this._parts.path=this._parts.path.replace(e,a);d?this.normalizePath(b):this.build(!b);return this};g.suffix=function(a,b){if(this._parts.urn)return void 0=== +a?"":this;if(void 0===a||!0===a){if(!this._parts.path||"/"===this._parts.path)return"";var d=this.filename(),e=d.lastIndexOf(".");if(-1===e)return"";d=d.substring(e+1);d=/^[a-z0-9%]+$/i.test(d)?d:"";return a?c.decodePathSegment(d):d}"."===a.charAt(0)&&(a=a.substring(1));if(d=this.suffix())e=a?new RegExp(m(d)+"$"):new RegExp(m("."+d)+"$");else{if(!a)return this;this._parts.path+="."+c.recodePath(a)}e&&(a=c.recodePath(a),this._parts.path=this._parts.path.replace(e,a));this.build(!b);return this};g.segment= +function(a,b,c){var d=this._parts.urn?":":"/",f=this.path(),g="/"===f.substring(0,1);f=f.split(d);void 0!==a&&"number"!==typeof a&&(c=b,b=a,a=void 0);if(void 0!==a&&"number"!==typeof a)throw Error('Bad segment "'+a+'", must be 0-based integer');g&&f.shift();0>a&&(a=Math.max(f.length+a,0));if(void 0===b)return void 0===a?f:f[a];if(null===a||void 0===f[a])if(p(b)){f=[];a=0;for(var h=b.length;a 1) { + attributes = extend({ + path: '/' + }, api.defaults, attributes); + + if (typeof attributes.expires === 'number') { + var expires = new Date(); + expires.setMilliseconds(expires.getMilliseconds() + attributes.expires * 864e+5); + attributes.expires = expires; + } + + // We're using "expires" because "max-age" is not supported by IE + attributes.expires = attributes.expires ? attributes.expires.toUTCString() : ''; + + try { + result = JSON.stringify(value); + if (/^[\{\[]/.test(result)) { + value = result; + } + } catch (e) {} + + if (!converter.write) { + value = encodeURIComponent(String(value)) + .replace(/%(23|24|26|2B|3A|3C|3E|3D|2F|3F|40|5B|5D|5E|60|7B|7D|7C)/g, decodeURIComponent); + } else { + value = converter.write(value, key); + } + + key = encodeURIComponent(String(key)); + key = key.replace(/%(23|24|26|2B|5E|60|7C)/g, decodeURIComponent); + key = key.replace(/[\(\)]/g, escape); + + var stringifiedAttributes = ''; + + for (var attributeName in attributes) { + if (!attributes[attributeName]) { + continue; + } + stringifiedAttributes += '; ' + attributeName; + if (attributes[attributeName] === true) { + continue; + } + stringifiedAttributes += '=' + attributes[attributeName]; + } + return (document.cookie = key + '=' + value + stringifiedAttributes); + } + + // Read + + if (!key) { + result = {}; + } + + // To prevent the for loop in the first place assign an empty array + // in case there are no cookies at all. Also prevents odd result when + // calling "get()" + var cookies = document.cookie ? document.cookie.split('; ') : []; + var rdecode = /(%[0-9A-Z]{2})+/g; + var i = 0; + + for (; i < cookies.length; i++) { + var parts = cookies[i].split('='); + var cookie = parts.slice(1).join('='); + + if (cookie.charAt(0) === '"') { + cookie = cookie.slice(1, -1); + } + + try { + var name = parts[0].replace(rdecode, decodeURIComponent); + cookie = converter.read ? + converter.read(cookie, name) : converter(cookie, name) || + cookie.replace(rdecode, decodeURIComponent); + + if (this.json) { + try { + cookie = JSON.parse(cookie); + } catch (e) {} + } + + if (key === name) { + result = cookie; + break; + } + + if (!key) { + result[name] = cookie; + } + } catch (e) {} + } + + return result; + } + + api.set = api; + api.get = function (key) { + return api.call(api, key); + }; + api.getJSON = function () { + return api.apply({ + json: true + }, [].slice.call(arguments)); + }; + api.defaults = {}; + + api.remove = function (key, attributes) { + api(key, '', extend(attributes, { + expires: -1 + })); + }; + + api.withConverter = init; + + return api; + } + + return init(function () {}); +})); diff --git a/lib/pack.js b/lib/pack.js new file mode 100644 index 0000000..6a17b78 --- /dev/null +++ b/lib/pack.js @@ -0,0 +1,84 @@ +/*jslint es6: true*/ +/*global window*/ +(function () { + "use strict"; + + const bucketSize = 8; + + const binOptionsReduceFunction = function (binSize, prev, next) { + + if (prev.length === 0) { + prev.push([next]); + return prev; + } + + const mostRecentBin = prev[prev.length - 1]; + if (mostRecentBin.length < binSize) { + mostRecentBin.push(next); + return prev; + } + + prev.push([next]); + return prev; + }; + + const pack = function (options, selected) { + + const numBuckets = Math.ceil(options.length / bucketSize); + const binToBucketSizeFunc = binOptionsReduceFunction.bind(undefined, bucketSize); + options.sort(); + + const binnedOptions = options.reduce(binToBucketSizeFunc, []); + const bitFields = new Uint8Array(numBuckets); + + for (let i = 0; i < numBuckets; i += 1) { + let bitfield = 0; + let currentBucket = binnedOptions[i]; + + for (let j = 0; j < currentBucket.length; j += 1) { + + let currentOption = currentBucket[j]; + if (selected.indexOf(currentOption) !== -1) { + bitfield |= 1 << j; + } + } + + bitFields[i] = bitfield; + } + + const decoder = new TextDecoder('utf8'); + return window.btoa(decoder.decode(bitFields)); + }; + + const unpack = function (options, data) { + + const numBuckets = Math.ceil(options.length / bucketSize); + const binToBucketSizeFunc = binOptionsReduceFunction.bind(undefined, bucketSize); + options.sort(); + + const binnedOptions = options.reduce(binToBucketSizeFunc, []); + + const encoder = new TextEncoder('utf8'); + const bitFields = encoder.encode(window.atob(data)); + + const result = []; + + for (let i = 0; i < bitFields.length; i += 1) { + let currentBitField = bitFields[i]; + let currentOptionsBin = binnedOptions[i]; + + for (let j = 0; j < bucketSize; j += 1) { + if (currentBitField & (1 << j)) { + let currentOption = currentOptionsBin[j]; + result.push(currentOption); + } + } + } + + return result; + }; + + window.WEB_API_MANAGER.packingLib = { + pack, unpack + }; +}()); \ No newline at end of file diff --git a/config/js/storage.js b/lib/storage.js similarity index 100% rename from config/js/storage.js rename to lib/storage.js diff --git a/manifest.json b/manifest.json index 61aae36..507f670 100644 --- a/manifest.json +++ b/manifest.json @@ -1,27 +1,44 @@ { "manifest_version": 2, "name": "WebAPI Manager", - "version": "0.2", + "version": "0.3", "description": "Improves browser security by restricting page access to parts of the Web API.", "permissions": [ - "*://*/*", - "storage" + "http://*/*", "https://*/*", + "", + "storage", + "tabs", + "webRequest", + "webRequestBlocking", + "webNavigation" ], "content_scripts": [ { "matches": ["*://*/*"], "js": [ - "content_scripts/dist/init.js", + "lib/init.js", + "lib/pack.js", + "lib/js.cookie.js", "content_scripts/dist/standards.js", - "content_scripts/dist/defaults.js", "content_scripts/dist/instrument.js" ], "all_frames": true, "run_at": "document_start" } ], + "web_accessible_resources": [ + "lib/init.js", + "lib/js.cookie.js", + "lib/storage.js", + "lib/URI.js" + ], "background": { "scripts": [ + "lib/init.js", + "lib/pack.js", + "lib/storage.js", + "lib/URI.js", + "content_scripts/dist/standards.js", "background_scripts/bootstrap.js" ] }, @@ -29,4 +46,4 @@ "page": "config/index.html", "chrome_style": true } -} \ No newline at end of file +}