Skip to content

Commit 32e0eb1

Browse files
hoothinhoothin
committed
Update searchJumper.user.js
1 parent 2097629 commit 32e0eb1

File tree

1 file changed

+78
-39
lines changed

1 file changed

+78
-39
lines changed

searchJumper.user.js

Lines changed: 78 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -1234,32 +1234,40 @@
12341234

12351235
function parseTrustedTypes(cspString) {
12361236
const policies = new Set();
1237+
let allowDuplicates = false;
1238+
let ttDirectiveFound = false;
12371239
const ttRegex = /trusted-types\s+([^;]+)/gi;
12381240
let match;
1241+
12391242
while ((match = ttRegex.exec(cspString)) !== null) {
1240-
match[1].trim().split(/\s+/)
1241-
.forEach(name => {
1242-
if (name !== "'allow-duplicates'" && name !== "'none'") {
1243+
ttDirectiveFound = true;
1244+
1245+
const policyNames = match[1].trim().split(/\s+/);
1246+
for (const name of policyNames) {
1247+
if (name === "'allow-duplicates'") {
1248+
allowDuplicates = true;
1249+
} else if (name !== "'none'") {
12431250
policies.add(name.replace(/'/g, ''));
12441251
}
1245-
});
1252+
}
12461253
}
1247-
return Array.from(policies);
1254+
return { names: policies, allowDuplicates: allowDuplicates, ttDirectiveFound: ttDirectiveFound };
12481255
}
12491256

1250-
async function getAvailablePolicyNamesOptimized() {
1251-
if (_unsafeWindow.trustedTypes && _unsafeWindow.trustedTypes.getPolicyNames) {
1252-
const existingNames = _unsafeWindow.trustedTypes.getPolicyNames();
1253-
if (existingNames.length > 0) {
1254-
return new Set(existingNames);
1255-
}
1256-
}
1257+
async function getCspTrustedTypesInfo() {
1258+
const combinedPolicies = new Set();
1259+
let combinedAllowDuplicates = false;
1260+
let combinedTtDirectiveFound = false;
12571261

12581262
const meta = document.querySelector('meta[http-equiv="Content-Security-Policy"]');
12591263
if (meta) {
1260-
const metaNames = parseTrustedTypes(meta.content);
1261-
if (metaNames.length > 0) {
1262-
return new Set(metaNames);
1264+
const metaResult = parseTrustedTypes(meta.content);
1265+
metaResult.names.forEach(name => combinedPolicies.add(name));
1266+
if (metaResult.allowDuplicates) {
1267+
combinedAllowDuplicates = true;
1268+
}
1269+
if (metaResult.ttDirectiveFound) {
1270+
combinedTtDirectiveFound = true;
12631271
}
12641272
}
12651273

@@ -1273,15 +1281,27 @@
12731281
.map(h => h.substring(26).trim())
12741282
.join('; ');
12751283

1276-
const headerNames = parseTrustedTypes(cspHeader);
1277-
if (headerNames.length > 0) {
1278-
resolve(new Set(headerNames));
1279-
} else {
1280-
resolve(new Set());
1284+
const headerResult = parseTrustedTypes(cspHeader);
1285+
headerResult.names.forEach(name => combinedPolicies.add(name));
1286+
if (headerResult.allowDuplicates) {
1287+
combinedAllowDuplicates = true;
12811288
}
1289+
if (headerResult.ttDirectiveFound) {
1290+
combinedTtDirectiveFound = true;
1291+
}
1292+
1293+
resolve({
1294+
names: combinedPolicies,
1295+
allowDuplicates: combinedAllowDuplicates,
1296+
ttDirectiveFound: combinedTtDirectiveFound
1297+
});
12821298
},
12831299
onerror: function(error) {
1284-
resolve(new Set());
1300+
resolve({
1301+
names: combinedPolicies,
1302+
allowDuplicates: combinedAllowDuplicates,
1303+
ttDirectiveFound: combinedTtDirectiveFound
1304+
});
12851305
}
12861306
});
12871307
});
@@ -1297,29 +1317,48 @@
12971317
}
12981318

12991319
async function createPolicy() {
1300-
if (_unsafeWindow.trustedTypes && _unsafeWindow.trustedTypes.createPolicy && isTrustedTypesEnforced()) {
1301-
const allowedNames = await getAvailablePolicyNamesOptimized();
1320+
if (!(_unsafeWindow.trustedTypes && _unsafeWindow.trustedTypes.createPolicy && isTrustedTypesEnforced())) {
1321+
return;
1322+
}
13021323

1303-
if (allowedNames.size === 0) {
1304-
escapeHTMLPolicy = _unsafeWindow.trustedTypes.createPolicy('pagetual_default', {
1305-
createHTML: (string, sink) => string
1306-
});
1307-
return;
1324+
const { names: allowedNames, allowDuplicates, ttDirectiveFound } = await getCspTrustedTypesInfo();
1325+
1326+
if (ttDirectiveFound && !allowDuplicates) {
1327+
debug("CSP Trusted Types is enforced without 'allow-duplicates'. " +
1328+
"Skipping policy creation to avoid conflicts with the page.");
1329+
return;
1330+
}
1331+
1332+
const MY_POLICY_NAME = 'pvcep_default';
1333+
1334+
try {
1335+
escapeHTMLPolicy = _unsafeWindow.trustedTypes.createPolicy(MY_POLICY_NAME, {
1336+
createHTML: (string, sink) => string,
1337+
createScriptURL: string => string,
1338+
createScript: string => string
1339+
});
1340+
return;
1341+
} catch (e) {
1342+
}
1343+
1344+
const existingPolicies = new Set(_unsafeWindow.trustedTypes.getPolicyNames());
1345+
for (const name of allowedNames) {
1346+
if (name === '*' || existingPolicies.has(name)) {
1347+
continue;
13081348
}
13091349

1310-
for (const name of allowedNames) {
1311-
if (name === '*') continue;
1312-
try {
1313-
escapeHTMLPolicy = _unsafeWindow.trustedTypes.createPolicy(name, {
1314-
createHTML: (string, sink) => string
1315-
});
1316-
break;
1317-
} catch (e) {
1318-
console.warn(`create '${name}' failed`);
1319-
return;
1320-
}
1350+
try {
1351+
escapeHTMLPolicy = _unsafeWindow.trustedTypes.createPolicy(name, {
1352+
createHTML: (string, sink) => string,
1353+
createScriptURL: string => string,
1354+
createScript: string => string
1355+
});
1356+
return;
1357+
} catch (e) {
1358+
debug(`create '${name}' failed, trying next...`);
13211359
}
13221360
}
1361+
debug("Could not create any trusted types policy.");
13231362
}
13241363

13251364
var escapeHTMLPolicy;

0 commit comments

Comments
 (0)