FilesExpand file tree

 master

/

prevent-element-src-loading.js

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

137 lines (127 loc) · 4.39 KB

 master

/

prevent-element-src-loading.js

Top

File metadata and controls

• Code
• Blame

137 lines (127 loc) · 4.39 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

import {

hit,

toRegExp,

safeGetDescriptor,

} from '../helpers/index';

/* eslint-disable max-len, consistent-return */

/**

* @scriptlet prevent-element-src-loading

*

* @description

* Prevents target element source loading without triggering 'onerror' listeners and not breaking 'onload' ones.

*

* **Syntax**

* ```

* example.org#%#//scriptlet('prevent-element-src-loading', tagName, match)

* ```

*

* - `tagName` - required, case-insensitive target element tagName which `src` property resource loading will be silently prevented; possible values:

* - `script`

* - `img`

* - `iframe`

* - `match` - required, string or regular expression for matching the element's URL;

*

* **Examples**

* 1. Prevent script source loading:

* ```

* example.org#%#//scriptlet('prevent-element-src-loading', 'script' ,'adsbygoogle')

* ```

*/

/* eslint-enable max-len */

export function preventElementSrcLoading(source, tagName, match) {

// do nothing if browser does not support Proxy or Reflect

if (typeof Proxy === 'undefined' || typeof Reflect === 'undefined') {

return;

}

const srcMockData = {

// "KCk9Pnt9" = "()=>{}"

script: 'data:text/javascript;base64,KCk9Pnt9',

// Empty 1x1 image

img: 'data:image/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==',

// Empty h1 tag

iframe: 'data:text/html;base64, PGRpdj48L2Rpdj4=',

};

let instance;

if (tagName === 'script') {

instance = HTMLScriptElement;

} else if (tagName === 'img') {

instance = HTMLImageElement;

} else if (tagName === 'iframe') {

instance = HTMLIFrameElement;

} else {

return;

}

// For websites that use Trusted Types

// https://w3c.github.io/webappsec-trusted-types/dist/spec/

const hasTrustedTypes = window.trustedTypes && typeof window.trustedTypes.createPolicy === 'function';

let policy;

if (hasTrustedTypes) {

policy = window.trustedTypes.createPolicy('mock', {

createScriptURL: (arg) => arg,

});

}

const SOURCE_PROPERTY_NAME = 'src';

const searchRegexp = toRegExp(match);

const setAttributeWrapper = (target, thisArg, args) => {

// Check if arguments are present

if (!args[0] || !args[1]) {

return Reflect.apply(target, thisArg, args);

}

const nodeName = thisArg.nodeName.toLowerCase();

const attrName = args[0].toLowerCase();

const attrValue = args[1];

const isMatched = attrName === SOURCE_PROPERTY_NAME

&& tagName.toLowerCase() === nodeName

&& srcMockData[nodeName]

&& searchRegexp.test(attrValue);

if (!isMatched) {

return Reflect.apply(target, thisArg, args);

}

hit(source);

// Forward the URI that corresponds with element's MIME type

return Reflect.apply(target, thisArg, [attrName, srcMockData[nodeName]]);

};

const setAttributeHandler = {

apply: setAttributeWrapper,

};

// eslint-disable-next-line max-len

instance.prototype.setAttribute = new Proxy(Element.prototype.setAttribute, setAttributeHandler);

const origDescriptor = safeGetDescriptor(instance.prototype, SOURCE_PROPERTY_NAME);

if (!origDescriptor) {

return;

}

Object.defineProperty(instance.prototype, SOURCE_PROPERTY_NAME, {

enumerable: true,

configurable: true,

get() {

return origDescriptor.get.call(this);

},

set(urlValue) {

const nodeName = this.nodeName.toLowerCase();

const isMatched = tagName.toLowerCase() === nodeName

&& srcMockData[nodeName]

&& searchRegexp.test(urlValue);

if (!isMatched) {

origDescriptor.set.call(this, urlValue);

return;

}

// eslint-disable-next-line no-undef

if (policy && urlValue instanceof TrustedScriptURL) {

const trustedSrc = policy.createScriptURL(urlValue);

origDescriptor.set.call(this, trustedSrc);

hit(source);

return;

}

origDescriptor.set.call(this, srcMockData[nodeName]);

hit(source);

},

});

}

preventElementSrcLoading.names = [

'prevent-element-src-loading',

];

preventElementSrcLoading.injections = [

hit,

toRegExp,

safeGetDescriptor,

];