From 0df7faffac4b7080b1c66b71bffd8a26aebc41bd Mon Sep 17 00:00:00 2001 From: Raymond Hill Date: Wed, 19 Feb 2025 14:01:27 -0500 Subject: [PATCH] Improve `noeval-if` scriptlet Related feedback: https://github.com/uBlockOrigin/uBlock-issues/issues/2907#issuecomment-2660051167 --- src/js/resources/noeval.js | 58 ++++++++++++++++++++++++++++++++++ src/js/resources/scriptlets.js | 35 +------------------- 2 files changed, 59 insertions(+), 34 deletions(-) create mode 100644 src/js/resources/noeval.js diff --git a/src/js/resources/noeval.js b/src/js/resources/noeval.js new file mode 100644 index 000000000..d66db532b --- /dev/null +++ b/src/js/resources/noeval.js @@ -0,0 +1,58 @@ +/******************************************************************************* + + uBlock Origin - a comprehensive, efficient content blocker + Copyright (C) 2019-present Raymond Hill + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see {http://www.gnu.org/licenses/}. + + Home: https://github.com/gorhill/uBlock + +*/ + +import { proxyApplyFn } from './proxy-apply.js'; +import { registerScriptlet } from './base.js'; +import { safeSelf } from './safe-self.js'; + +/******************************************************************************/ + +function noEvalIf( + needle = '' +) { + if ( typeof needle !== 'string' ) { return; } + const safe = safeSelf(); + const logPrefix = safe.makeLogPrefix('noeval-if', needle); + const reNeedle = safe.patternToRegex(needle); + proxyApplyFn('eval', function(context) { + const { callArgs } = context; + const a = String(callArgs[0]); + if ( needle !== '' && reNeedle.test(a) ) { + safe.uboLog(logPrefix, 'Prevented:\n', a); + return; + } + if ( needle === '' || safe.logLevel > 1 ) { + safe.uboLog(logPrefix, 'Not prevented:\n', a); + } + return context.reflect(); + }); +} +registerScriptlet(noEvalIf, { + name: 'noeval-if.js', + aliases: [ + 'prevent-eval-if.js', + ], + dependencies: [ + proxyApplyFn, + safeSelf, + ], +}); diff --git a/src/js/resources/scriptlets.js b/src/js/resources/scriptlets.js index 20a34f30e..10a89d083 100755 --- a/src/js/resources/scriptlets.js +++ b/src/js/resources/scriptlets.js @@ -22,6 +22,7 @@ import './attribute.js'; import './href-sanitizer.js'; +import './noeval.js'; import './replace-argument.js'; import './spoof-css.js'; import './prevent-settimeout.js'; @@ -1598,40 +1599,6 @@ function adjustSetTimeout( /******************************************************************************/ -builtinScriptlets.push({ - name: 'noeval-if.js', - aliases: [ - 'prevent-eval-if.js', - ], - fn: noEvalIf, - dependencies: [ - 'safe-self.fn', - ], -}); -function noEvalIf( - needle = '' -) { - if ( typeof needle !== 'string' ) { return; } - const safe = safeSelf(); - const logPrefix = safe.makeLogPrefix('noeval-if', needle); - const reNeedle = safe.patternToRegex(needle); - window.eval = new Proxy(window.eval, { // jshint ignore: line - apply: function(target, thisArg, args) { - const a = String(args[0]); - if ( needle !== '' && reNeedle.test(a) ) { - safe.uboLog(logPrefix, 'Prevented:\n', a); - return; - } - if ( needle === '' || safe.logLevel > 1 ) { - safe.uboLog(logPrefix, 'Not prevented:\n', a); - } - return Reflect.apply(target, thisArg, args); - } - }); -} - -/******************************************************************************/ - builtinScriptlets.push({ name: 'prevent-fetch.js', aliases: [