Tweaks in CPM rule generation (#147)

* add simple selector escaping

* Fix existing rule detection: click is not always the first opt-out step

Author: muodov

collectors/CookiePopups/scrapeScript.js

@@ -97,6 +97,15 @@ function getButtons(el) {
     return Array.from(el.querySelectorAll('button, input[type="button"], input[type="submit"], a, [role="button"], [class*="button"]'));
 }
 
+/**
+ * Naive selector escaping. Use with caution.
+ * @param {string} selector
+ * @returns {string}
+ */
+function insecureEscapeSelectorPart(selector) {
+    return selector.replace(/[.*+?^${}()|[\]\\"]/g, '\\$&');
+}
+
 /**
  * Get the selector for an element
  * @param {HTMLElement} el - The element to get the selector for
@@ -134,7 +143,7 @@ function getSelector(el, specificity) {
 
         if (specificity.ids) {
             if (element.id) {
-                localSelector += `#${element.id}`;
+                localSelector += `#${insecureEscapeSelectorPart(element.id)}`;
             } else if (!element.hasAttribute('id')) { // do not add it for id attribute without a value
                 localSelector += `:not([id])`;
             }
@@ -143,15 +152,15 @@ function getSelector(el, specificity) {
         if (specificity.dataAttributes) {
             const dataAttributes = Array.from(element.attributes).filter(a => a.name.startsWith('data-'));
             dataAttributes.forEach(a => {
-                const escapedValue = a.value.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+                const escapedValue = insecureEscapeSelectorPart(a.value);
                 localSelector += `[${a.name}="${escapedValue}"]`;
             });
         }
 
         if (specificity.classes) {
             const classes = Array.from(element.classList);
             if (classes.length > 0) {
-                localSelector += `.${classes.join('.')}`;
+                localSelector += `.${classes.map(c => insecureEscapeSelectorPart(c)).join('.')}`;
             }
         }
 

post-processing/generate-autoconsent-rules/generation.js

@@ -6,18 +6,17 @@
  * @returns {boolean} True if buttons are the same.
  */
 function isSameRejectButton(newButton, existingRule) {
-    if (!existingRule.optOut || existingRule.optOut.length === 0) {
+    if (!existingRule.optOut) {
         return false;
     }
 
-    const existingOptOut = existingRule.optOut[0];
-
-    // Compare selector
-    if (existingOptOut.waitForThenClick !== newButton.selector) {
+    const existingOptOut = existingRule.optOut.find(optOut => optOut.waitForThenClick);
+    if (!existingOptOut) {
         return false;
     }
 
-    return true;
+    // Compare selector
+    return existingOptOut.waitForThenClick === newButton.selector;
 }
 
 /**