diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 19:47:39 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 19:47:39 +0000 |
commit | 8d13bdc6cac0e20c43c6f909fc0208774b9c5c84 (patch) | |
tree | 5fd46925c6b4a881c9208772ed8e5cc0588bc164 /src/js/contentscripts/supercookie.js | |
parent | Initial commit. (diff) | |
download | privacybadger-8d13bdc6cac0e20c43c6f909fc0208774b9c5c84.tar.xz privacybadger-8d13bdc6cac0e20c43c6f909fc0208774b9c5c84.zip |
Adding upstream version 2020.10.7.upstream/2020.10.7upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/js/contentscripts/supercookie.js')
-rw-r--r-- | src/js/contentscripts/supercookie.js | 151 |
1 files changed, 151 insertions, 0 deletions
diff --git a/src/js/contentscripts/supercookie.js b/src/js/contentscripts/supercookie.js new file mode 100644 index 0000000..0b15211 --- /dev/null +++ b/src/js/contentscripts/supercookie.js @@ -0,0 +1,151 @@ +/* + * This file is part of Privacy Badger <https://www.eff.org/privacybadger> + * Copyright (C) 2015 Electronic Frontier Foundation + * + * Derived from Chameleon <https://github.com/ghostwords/chameleon> + * Copyright (C) 2015 ghostwords + * + * Privacy Badger is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 3 as + * published by the Free Software Foundation. + * + * Privacy Badger is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Privacy Badger. If not, see <http://www.gnu.org/licenses/>. + */ + +/** + * Generate script to inject into the page + * + * @returns {string} + */ +function getScPageScript() { + // code below is not a content script: no chrome.* APIs ///////////////////// + + // return a string + return "(" + function () { + + /* + * If localStorage is inaccessible, such as when "Block third-party cookies" + * in enabled in Chrome or when `dom.storage.enabled` is set to `false` in + * Firefox, do not go any further. + */ + try { + // No localStorage raises an Exception in Chromium-based browsers, while + // it's equal to `null` in Firefox. + if (null === localStorage) { + throw false; + } + } catch (ex) { + return; + } + + (function (DOCUMENT, dispatchEvent, CUSTOM_EVENT, LOCAL_STORAGE, OBJECT, keys) { + + var event_id = DOCUMENT.currentScript.getAttribute('data-event-id-super-cookie'); + + /** + * send message to the content script + * + * @param {*} message + */ + var send = function (message) { + dispatchEvent.call(DOCUMENT, new CUSTOM_EVENT(event_id, { + detail: message + })); + }; + + /** + * Read HTML5 local storage and return contents + * @returns {Object} + */ + let getLocalStorageItems = function () { + let lsItems = {}; + for (let i = 0; i < LOCAL_STORAGE.length; i++) { + let key = LOCAL_STORAGE.key(i); + lsItems[key] = LOCAL_STORAGE.getItem(key); + } + return lsItems; + }; + + if (event_id) { // inserted script may run before the event_id is available + let localStorageItems = getLocalStorageItems(); + if (keys.call(OBJECT, localStorageItems).length) { + // send to content script + send({ localStorageItems }); + } + } + + // save locally to keep from getting overwritten by site code + } (document, document.dispatchEvent, CustomEvent, localStorage, Object, Object.keys)); + + } + "());"; + + // code above is not a content script: no chrome.* APIs ///////////////////// + +} + +// END FUNCTION DEFINITIONS /////////////////////////////////////////////////// + +(function () { + +// don't inject into non-HTML documents (such as XML documents) +// but do inject into XHTML documents +if (document instanceof HTMLDocument === false && ( + document instanceof XMLDocument === false || + document.createElement('div') instanceof HTMLDivElement === false +)) { + return; +} + +// don't bother asking to run when trivially in first-party context +if (window.top == window) { + return; +} + +// TODO race condition; fix waiting on https://crbug.com/478183 + +// TODO here we could also be injected too quickly +// and miss localStorage setting upon initial page load +// +// we should eventually switch injection back to document_start +// (reverting https://github.com/EFForg/privacybadger/pull/1522), +// and fix localstorage detection +// (such as by delaying it or peforming it periodically) +// +// could then remove test workarounds like +// https://github.com/EFForg/privacybadger/commit/39d5d0899e22d1c451d429e44553c5f9cad7fc46 + +// TODO sometimes contentscripts/utils.js isn't here?! +// TODO window.FRAME_URL / window.injectScript are undefined ... +chrome.runtime.sendMessage({ + type: "inspectLocalStorage", + frameUrl: window.FRAME_URL +}, function (enabledAndThirdParty) { + if (!enabledAndThirdParty) { + return; + } + + var event_id_super_cookie = Math.random(); + + // listen for messages from the script we are about to insert + document.addEventListener(event_id_super_cookie, function (e) { + // pass these on to the background page (handled by webrequest.js) + chrome.runtime.sendMessage({ + type: "supercookieReport", + data: e.detail, + frameUrl: window.FRAME_URL + }); + }); + + window.injectScript(getScPageScript(), { + event_id_super_cookie: event_id_super_cookie + }); + +}); + +}()); |