Merge pull request #5402 from brave/scriptlet-injection-fix

Allow modification of window attributes with scriptlets

components/brave_extension/extension/brave_extension/actions/shieldsPanelActions.ts

@@ -147,11 +147,12 @@ export const generateClassIdStylesheet = (tabId: number, classes: string[], ids:
   }
 }
 
-export const cosmeticFilterRuleExceptions = (tabId: number, exceptions: string[]) => {
+export const cosmeticFilterRuleExceptions = (tabId: number, exceptions: string[], scriptlet: string) => {
   return {
     type: types.COSMETIC_FILTER_RULE_EXCEPTIONS,
     tabId,
-    exceptions
+    exceptions,
+    scriptlet
   }
 }
 

components/brave_extension/extension/brave_extension/background/api/cosmeticFilterAPI.ts

@@ -57,14 +57,7 @@ export const applyAdblockCosmeticFilters = (tabId: number, hostname: string) =>
       runAt: 'document_start'
     })
 
-    if (resources.injected_script) {
-      chrome.tabs.executeScript(tabId, {
-        code: resources.injected_script,
-        runAt: 'document_start'
-      })
-    }
-
-    shieldsPanelActions.cosmeticFilterRuleExceptions(tabId, resources.exceptions)
+    shieldsPanelActions.cosmeticFilterRuleExceptions(tabId, resources.exceptions, resources.injected_script || '')
   })
 }
 

components/brave_extension/extension/brave_extension/background/reducers/shieldsPanelReducer.ts

@@ -376,7 +376,8 @@ export default function shieldsPanelReducer (
       }
       state = shieldsPanelState.saveCosmeticFilterRuleExceptions(state, action.tabId, action.exceptions)
       chrome.tabs.sendMessage(action.tabId, {
-        type: 'cosmeticFilteringBackgroundReady'
+        type: 'cosmeticFilteringBackgroundReady',
+        scriptlet: action.scriptlet
       })
       break
     }

components/brave_extension/extension/brave_extension/content_cosmetic.ts

@@ -37,6 +37,24 @@ let cosmeticObserver: MutationObserver | undefined = undefined
 const allSelectorsToRules = new Map<string, number>()
 const cosmeticStyleSheet = new CSSStyleSheet()
 
+function injectScriptlet (text: string) {
+  let script
+  try {
+    script = document.createElement('script')
+    const textnode: Text = document.createTextNode(text)
+    script.appendChild(textnode);
+    (document.head || document.documentElement).appendChild(script)
+  } catch (ex) {
+    /* Unused catch */
+  }
+  if (script) {
+    if (script.parentNode) {
+      script.parentNode.removeChild(script)
+    }
+    script.textContent = ''
+  }
+}
+
 /**
  * Provides a new function which can only be scheduled once at a time.
  *
@@ -515,6 +533,7 @@ chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
   switch (action) {
     case 'cosmeticFilteringBackgroundReady': {
       scheduleQueuePump()
+      injectScriptlet(msg.scriptlet)
       break
     }
     case 'cosmeticFilterConsiderNewSelectors': {

components/brave_extension/extension/brave_extension/types/actions/shieldsPanelActions.ts

@@ -188,11 +188,11 @@ interface CosmeticFilterRuleExceptionsReturn {
   type: types.COSMETIC_FILTER_RULE_EXCEPTIONS,
   tabId: number,
   exceptions: string[],
-  randomizedClassName: string
+  scriptlet: string
 }
 
 export interface CosmeticFilterRuleExceptions {
-  (tabId: number, exceptions: string[], randomizedClassName: string): CosmeticFilterRuleExceptionsReturn
+  (tabId: number, exceptions: string[], scriptlet: string): CosmeticFilterRuleExceptionsReturn
 }
 
 interface ContentScriptsLoadedReturn {

components/brave_shields/browser/ad_block_service_browsertest.cc

@@ -976,3 +976,42 @@ IN_PROC_BROWSER_TEST_F(AdBlockServiceTest, CosmeticFilteringUnhide) {
               &as_expected));
   EXPECT_TRUE(as_expected);
 }
+
+// Test scriptlet injection that modifies window attributes
+IN_PROC_BROWSER_TEST_F(AdBlockServiceTest,
+                       CosmeticFilteringWindowScriptlet) {
+  /* "content" below corresponds to the following scriptlet:
+   * ```
+   * (function() {
+   *   const send = window.getComputedStyle;
+   *   window.getComputedStyle = function(selector) {
+   *     return { 'color': 'Impossible value' };
+   *   }
+   * })();
+   * ```
+   */
+  UpdateAdBlockInstanceWithRules("b.com##+js(hjt)", "[{"
+          "\"name\": \"hijacktest\","
+          "\"aliases\": [\"hjt\"],"
+          "\"kind\": {\"mime\": \"application/javascript\"},"
+          "\"content\": \"KGZ1bmN0aW9uKCkgewogIGNvbnN0IHNlbmQgPSB3aW5kb3cuZ2V0"
+          "Q29tcHV0ZWRTdHlsZTsKICB3aW5kb3cuZ2V0Q29tcHV0ZWRTdHlsZSA9IGZ1bmN0aW9"
+          "uKHNlbGVjdG9yKSB7CiAgICByZXR1cm4geyAnY29sb3InOiAnSW1wb3NzaWJsZSB2YW"
+          "x1ZScgfTsKICB9Cn0pKCk7Cg==\"}]");
+
+  WaitForBraveExtensionShieldsDataReady();
+
+  GURL tab_url = embedded_test_server()->GetURL("b.com",
+                                                "/cosmetic_filtering.html");
+  ui_test_utils::NavigateToURL(browser(), tab_url);
+
+  content::WebContents* contents =
+    browser()->tab_strip_model()->GetActiveWebContents();
+
+  bool as_expected = false;
+  ASSERT_TRUE(ExecuteScriptAndExtractBool(
+              contents,
+              "checkSelector('.ad', 'color', 'Impossible value')",
+              &as_expected));
+  EXPECT_TRUE(as_expected);
+}