mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

use textContent instead innerHTML to remediateDOM based XSS vulnerbilities

Browse source
This commit is contained in:
Boik 2017-09-17 11:27:03 +08:00
parent 800ba9a325
commit 26e6f2c46c
1 changed files with 30 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
lib/renderer/content-scripts-injector.js
View file

@ -5,7 +5,7 @@ const {runInThisContext} = require('vm')
// https://developer.chrome.com/extensions/match_patterns
const matchesPattern = function (pattern) {
if (pattern === '<all_urls>') return true
const regexp = new RegExp('^' + pattern.replace(/\*/g, '.*') + '$')
const regexp = new RegExp(`^${pattern.replace(/\*/g, '.*')}$`)
const url = `${location.protocol}//${location.host}${location.pathname}`
return url.match(regexp)
}
@ -23,12 +23,30 @@ const runContentScript = function (extensionId, url, code) {
return compiledWrapper.call(this, context.chrome)
}
const runStylesheet = function (url, code) {
const wrapper = `(function (code) {
function init() {
var styleElement = document.createElement('style');
styleElement.setAttribute('type', 'text/css');
styleElement.textContent = code;
document.head.append(styleElement);
}
document.addEventListener('DOMContentLoaded', init);
})`;
const compiledWrapper = runInThisContext(wrapper, {
filename: url,
lineOffset: 1,
displayErrors: true,
});
return compiledWrapper.call(this, code);
}
// Run injected scripts.
// https://developer.chrome.com/extensions/content_scripts
const injectContentScript = function (extensionId, script) {
if (!script.matches.some(matchesPattern)) return
if (script.js) {
if (script.js.length) {
for (const {url, code} of script.js) {
const fire = runContentScript.bind(window, extensionId, url, code)
if (script.runAt === 'document_start') {
@ -41,13 +59,16 @@ const injectContentScript = function (extensionId, script) {
}
}
if (script.css) {
for (const {code} of script.css) {
process.once('document-end', () => {
var node = document.createElement('style')
node.innerHTML = code
window.document.body.appendChild(node)
})
if (script.css.length) {
for (const {url, code} of script.css) {
const fire = runStylesheet.bind(window, url, code)
if (script.runAt === 'document_start') {
process.once('document-start', fire)
} else if (script.runAt === 'document_end') {
process.once('document-end', fire)
} else if (script.runAt === 'document_idle') {
document.addEventListener('DOMContentLoaded', fire)
}
}
}
}