uBlock/src/js · ub/uBlock - AtomGit

RRaymond HillImprove json-edit -related scriptlets

文件	最后提交记录	最后更新时间
codemirror	Add path support as target option in static extended filtering Support for paths allows to narrow down specific static extended filters to specific webpages on a given site. Examples of usage: example.com/toto##h1 /example\.com\/toto\d+/#@#h1	1 年前
resources	Improve `trusted-create-html` scriptlet	3 个月前
scriptlets	Improve `noscript` spoofing Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/2642	1 年前
wasm	Increase URL buffer size to 8192 (from 2048) Related: https://github.com/easylist/easylist/commit/777d7ba9	1 年前
1p-filters.js	Fix merging of uncommitted filters Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/3912	4 个月前
3p-filters.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
about.js	Better integrate latest eslint version	1 年前
advanced-settings.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
arglist-parser.js	Fix regexes with potential catastrophic backtracking The quoted email below was sent to ubo-security at raymondhill dot net: ===== Dear Raymond, I am writing to report a potential Regular Expression Denial of Service (ReDoS) vulnerability in the 1p-filters.js script of uBlock Origin. The vulnerability occurs due to the use of the regular expression /\s+$/, which is used to remove trailing whitespace. This issue can lead to a denial of service when processing strings with a large number of trailing spaces, potentially causing a browser to freeze. Affected file(s) js/1p-filters.js Vulnerable pattern(s) Lines 131 and 167: /\s+$/ Description of the issue The regular expression /\s+$/ is applied to remove trailing whitespace in user‑ provided content. However, when the content has a large number of spaces (e.g., ~100,000), this pattern causes excessive backtracking in the regular expression engine, resulting in performance degradation and UI freezing. This is a classic ReDoS attack vector. Steps to reproduce 1. Open the uBlock Origin dashboard and navigate to the My filters tab. 2. Run the following code in the browser's DevTools Console or as a bookmarklet. 3. Observe the UI freezing for several seconds or even longer, depending on the number of spaces used. PoC (Proof of Concept) /** * poc.js — triggers ReDoS in 1p-filters.js * Expected: <1 ms; Actual: several seconds – UI freeze */ (() => { const payload = " ".repeat(100000) + "!"; // 100,000 spaces + sentinel const run = () => { if (!window.cmEditor) { console.error("cmEditor not ready"); return; } // Inject payload into the editor cmEditor.setValue(payload); console.time("ReDoS"); // Call the vulnerable function (mirroring getEditorText) cmEditor.getValue().replace(/\s+$/, ''); // Alternatively, simulate a realistic user flow: // document.querySelector('#userFiltersApply').click(); console.timeEnd("ReDoS"); }; if (document.readyState === "complete") { run(); } else { window.addEventListener("load", run, { once: true }); } })(); Impact This issue can significantly degrade the user experience, causing the page to become unresponsive. If an attacker can inject this malicious string into the page (for example, through XSS or other attacks), it could lead to a denial of service (DoS). This vulnerability can be triggered repeatedly, causing the browser to hang indefinitely. Suggested fix The issue can be mitigated by replacing /\s+$/ with a more efficient solution, such as a look‑behind assertion /(?<=\S)\s+$/ (available in modern browsers) which ensures no backtracking occurs, or using trimEnd() for legacy support: // Example of using look-behind: cmEditor.setValue(text.replace(/(?<=\S)\s+$/, '') + '\n\n'); // Alternatively, using trimEnd(): cmEditor.setValue(text.trimEnd() + '\n\n'); Additional information If required, I am happy to assist in testing or provide more information. Please feel free to contact me for further clarification. Best regards, [redacted] =====	1 年前
asset-viewer.js	Better integrate latest eslint version	1 年前
assets.js	Fix undue fetch from remote server at first install Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/3761 Regression from: https://github.com/gorhill/uBlock/commit/69fce3aa6eaa2a34b7e9d2b974674d9da9d49514	9 个月前
background.js	Add path support as target option in static extended filtering Support for paths allows to narrow down specific static extended filters to specific webpages on a given site. Examples of usage: example.com/toto##h1 /example\.com\/toto\d+/#@#h1	1 年前
base64-custom.js	Better integrate latest eslint version	1 年前
benchmarks.js	Improve compatibility of `uritransform=` with DNR syntax The `uritransform=` option will now be converted to a proper DNR rule when the following condition are fulfilled: - The value of the `uritransform` option matches `//[replacement]/`, i.e. the pattern to match is empty, and only the replacement part is provided. - The filter pattern is a regex. Is such case, the DNR rule will be a `redirect` making use of the `regexSubstitution` property. In case the above conditions are not fulfilled, the filter will be discarded as incompatible with DNR syntax (as was the case before). This is potentially a breaking change, in cases where a filter assumed that the part to match was the start of the path part of a URL. A reminder that `uritransform` is an option which requires a trusted source, otherwise it is rejected.	9 个月前
biditrie.js	Increase URL buffer size to 8192 (from 2048) Related: https://github.com/easylist/easylist/commit/777d7ba9	1 年前
broadcast.js	Fix bad eslint rule + minor code review `webext.js` module needs to be explicitly imported. Added time-based heuristic to decide when a webpage loses communication with background process.	2 年前
cachestorage.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
click2load.js	Better integrate latest eslint version	1 年前
cloud-ui.js	Better integrate latest eslint version	1 年前
code-viewer.js	Code viewer shouldn't be maximizable Related feedback: https://github.com/uBlockOrigin/uBlock-issues/issues/3161#issuecomment-2764549781	1 年前
commands.js	Better integrate latest eslint version	1 年前
console.js	Better integrate latest eslint version	1 年前
contentscript-extra.js	Fix potential exception in procedural operator `:matches-attr` Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/3720	9 个月前
contentscript.js	Mind id/class changes in generic cosmetic filtering surveyor Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/3904	4 个月前
contextmenu.js	Better integrate latest eslint version	1 年前
cosmetic-filtering.js	Fix `specifichide` option Related internal feedback: https://github.com/uBlockOrigin/uBlock-discussions/discussions/964	4 个月前
dashboard-common.js	Better integrate latest eslint version	1 年前
dashboard.js	Better integrate latest eslint version	1 年前
devtools.js	Increase URL buffer size to 8192 (from 2048) Related: https://github.com/easylist/easylist/commit/777d7ba9	1 年前
diff-updater.js	Fetch diff patches from "reliable" servers only Some CDN servers take too long to mirror updated resources, potentially preventing diff-updating to work reliably as intended.	1 年前
document-blocked.js	Fix i18n issue in strict-block page	4 个月前
dom-inspector.js	Better integrate latest eslint version	1 年前
dom.js	[mv3] Add dashboard pane to manage custom filters Related issue: https://github.com/uBlockOrigin/uBOL-home/issues/418	7 个月前
dyna-rules.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
dynamic-net-filtering.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
epicker-ui.js	Add quit button to element zapper mode Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/1968 Given the availability of this new quit button, the element zapper will now default to stick around after zapping an element.	1 年前
fa-icons.js	Better integrate latest eslint version	1 年前
filtering-context.js	New static network filter option `urlskip=` Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/3206 The main purpose is to bypass URLs designed to track whether a user visited a specific URL, typically used in click-tracking links. The `urlskip=` option ... - ... is valid only when used in a trusted filter list - ... is enforced only on top documents - ... is enforced on both blocked and non-blocked documents - ... is a modifier, i.e. it cannot be used along with other modifier options in a single filter The syntax is `urlskip=[steps]`, where steps is a space-separated list of extraction directives detailing what action to perform on the current URL. The only supported directive in this first commit is `?name`, which purpose is to extract the value of a named URL parameter and use the result as the new URL. Example: \|\|example.com/path/to/tracker$urlskip=?url The above filter will cause navigation to https://example.com/path/to/tracker?url=https://example.org/ to automatically bypass navigation to `example.com` and navigate directly to https://example.org/ It is possible to recursively extract URL parameters by using more than one directive, example: \|\|example.com/path/to/tracker$urlskip=?url ?to More extraction capabilities may be added in the future.	1 年前
filtering-engines.js	Better integrate latest eslint version	1 年前
hnswitches.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
hntrie.js	Also report char segment size	9 个月前
html-filtering.js	Add path support as target option in static extended filtering Support for paths allows to narrow down specific static extended filters to specific webpages on a given site. Examples of usage: example.com/toto##h1 /example\.com\/toto\d+/#@#h1	1 年前
httpheader-filtering.js	Fix regression in response header filtering Related commit: https://github.com/gorhill/uBlock/commit/8b696a691a0871da8200d1806300842d988a4326	1 年前
i18n.js	[mv3] Expand "Develop" pane Move "No filtering" section in "Settings" to "Develop" pane. It is now possible to view/edit the list of hostnames for any of the filtering mode. This takes care of these issues: - https://github.com/uBlockOrigin/uBOL-home/issues/270 - https://github.com/uBlockOrigin/uBOL-home/issues/297 Add ability to see all rulesets (read-only), to assist in investigating filtering issues.	11 个月前
jsonpath.js	Improve `json-edit`-related scriptlets	2 个月前
logger-ui-inspector.js	Better integrate latest eslint version	1 年前
logger-ui.js	Add path support as target option in static extended filtering Support for paths allows to narrow down specific static extended filters to specific webpages on a given site. Examples of usage: example.com/toto##h1 /example\.com\/toto\d+/#@#h1	1 年前
logger.js	Better integrate latest eslint version	1 年前
lz4.js	Better integrate latest eslint version	1 年前
messaging.js	Improve compatibility of `uritransform=` with DNR syntax The `uritransform=` option will now be converted to a proper DNR rule when the following condition are fulfilled: - The value of the `uritransform` option matches `//[replacement]/`, i.e. the pattern to match is empty, and only the replacement part is provided. - The filter pattern is a regex. Is such case, the DNR rule will be a `redirect` making use of the `regexSubstitution` property. In case the above conditions are not fulfilled, the filter will be discarded as incompatible with DNR syntax (as was the case before). This is potentially a breaking change, in cases where a filter assumed that the part to match was the start of the path part of a URL. A reminder that `uritransform` is an option which requires a trusted source, otherwise it is rejected.	9 个月前
mrucache.js	Better integrate latest eslint version	1 年前
pagestore.js	Improve compatibility of `uritransform=` with DNR syntax The `uritransform=` option will now be converted to a proper DNR rule when the following condition are fulfilled: - The value of the `uritransform` option matches `//[replacement]/`, i.e. the pattern to match is empty, and only the replacement part is provided. - The filter pattern is a regex. Is such case, the DNR rule will be a `redirect` making use of the `regexSubstitution` property. In case the above conditions are not fulfilled, the filter will be discarded as incompatible with DNR syntax (as was the case before). This is potentially a breaking change, in cases where a filter assumed that the part to match was the start of the path part of a URL. A reminder that `uritransform` is an option which requires a trusted source, otherwise it is rejected.	9 个月前
popup-fenix.js	Force cache bypass reload when no-scripting switch is toggled Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/3652	11 个月前
redirect-engine.js	Make `google-ima` a valid injectable scriptlet Related feedback: https://www.reddit.com/r/uBlockOrigin/comments/1m4dbk1/ublock_being_detected_on_south_park_studios/	9 个月前
redirect-resources.js	Add `adthrive` shim	4 个月前
regex-analyzer.js	[mv3] Avoid instantiating regexes by using simple needle first Related issue: https://github.com/uBlockOrigin/uBOL-home/issues/223	4 个月前
reverselookup-worker.js	Complete support for reporing strict-block messages Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/1195	10 个月前
reverselookup.js	Add path support as target option in static extended filtering Support for paths allows to narrow down specific static extended filters to specific webpages on a given site. Examples of usage: example.com/toto##h1 /example\.com\/toto\d+/#@#h1	1 年前
s14e-serializer.js	Drop threaded serialization/deserialization	6 个月前
scriptlet-filtering-core.js	Code review re. scriptlets lookup Possibly fixes a race condition at browser launch causing empty scriptlets to be injected (and cached).	1 年前
scriptlet-filtering.js	Code review	1 年前
settings.js	Better integrate latest eslint version	1 年前
start.js	Remove obsolete code	8 个月前
static-dnr-filtering.js	[mv3] Add support for regex-based extended filters Related issues: - https://github.com/uBlockOrigin/uBOL-home/issues/223 - https://github.com/uBlockOrigin/uAssets/issues/31261	4 个月前
static-ext-filtering-db.js	Code review re. scriptlets lookup Possibly fixes a race condition at browser launch causing empty scriptlets to be injected (and cached).	1 年前
static-ext-filtering.js	Better integrate latest eslint version	1 年前
static-filtering-io.js	Better integrate latest eslint version	1 年前
static-filtering-parser.js	Fix comment	4 个月前
static-net-filtering.js	[mv3] Fix `removeparam` conversion Related issue: https://github.com/uBlockOrigin/uAssets/issues/30636	3 个月前
storage.js	Fix custom prefixes unduly assigning trust to external lists Related discussion: https://github.com/uBlockOrigin/uBlock-issues/issues/3843#issuecomment-3475894380	6 个月前
support.js	Better integrate latest eslint version	1 年前
tab.js	Exclude `chrome:` as valid openers for popup candidates Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/2227	1 年前
tasks.js	Better integrate latest eslint version	1 年前
text-encode.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
text-utils.js	Better integrate latest eslint version	1 年前
theme.js	Better integrate latest eslint version	1 年前
traffic.js	Minor	8 个月前
ublock.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
uri-utils.js	Add ability to inject scriptlets according to origin of ancestor contexts New syntax for scriptlet-based filtering: it is now possible to inject a scriptlet in a context according to whether an ancestor origin matches a specific hostname. Example: example.com>>##+js(set, iAmEmbeddedInExampleDotCom, true) The new `>>` specifier means that the scriptlet will not be injected in `example.com`, but will be injected in all direct and indirect embedded contexts in pages loaded from `example.com` The new ancestor domain specifier also works for entity directives: example.*##+js(set, iAmEmbeddedInExampleDotEffectiveTLD, true) This is an experimental feature, to be further evaluated and discussed by filter list maintainers. This is not a complete implementation, by choice. Do not open issues regarding this new syntax, the current shortcomings are known. The new syntax is being discussed internally at: https://github.com/uBlockOrigin/uBlock-discussions/discussions/244	1 年前
url-net-filtering.js	Better integrate latest eslint version	1 年前
urlskip.js	Improve `urlskip` implementation Support multiple instances of regex-based steps. Related issue: https://github.com/uBlockOrigin/uBlock-issues/issues/3914	4 个月前
utils.js	Use `Object.hasOwn` instead of `Object.prototype.hasOwnProperty` Reference: https://developer.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/Object/hasOwn	1 年前
whitelist.js	Fix regexes with potential catastrophic backtracking The quoted email below was sent to ubo-security at raymondhill dot net: ===== Dear Raymond, I am writing to report a potential Regular Expression Denial of Service (ReDoS) vulnerability in the 1p-filters.js script of uBlock Origin. The vulnerability occurs due to the use of the regular expression /\s+$/, which is used to remove trailing whitespace. This issue can lead to a denial of service when processing strings with a large number of trailing spaces, potentially causing a browser to freeze. Affected file(s) js/1p-filters.js Vulnerable pattern(s) Lines 131 and 167: /\s+$/ Description of the issue The regular expression /\s+$/ is applied to remove trailing whitespace in user‑ provided content. However, when the content has a large number of spaces (e.g., ~100,000), this pattern causes excessive backtracking in the regular expression engine, resulting in performance degradation and UI freezing. This is a classic ReDoS attack vector. Steps to reproduce 1. Open the uBlock Origin dashboard and navigate to the My filters tab. 2. Run the following code in the browser's DevTools Console or as a bookmarklet. 3. Observe the UI freezing for several seconds or even longer, depending on the number of spaces used. PoC (Proof of Concept) /** * poc.js — triggers ReDoS in 1p-filters.js * Expected: <1 ms; Actual: several seconds – UI freeze */ (() => { const payload = " ".repeat(100000) + "!"; // 100,000 spaces + sentinel const run = () => { if (!window.cmEditor) { console.error("cmEditor not ready"); return; } // Inject payload into the editor cmEditor.setValue(payload); console.time("ReDoS"); // Call the vulnerable function (mirroring getEditorText) cmEditor.getValue().replace(/\s+$/, ''); // Alternatively, simulate a realistic user flow: // document.querySelector('#userFiltersApply').click(); console.timeEnd("ReDoS"); }; if (document.readyState === "complete") { run(); } else { window.addEventListener("load", run, { once: true }); } })(); Impact This issue can significantly degrade the user experience, causing the page to become unresponsive. If an attacker can inject this malicious string into the page (for example, through XSS or other attacks), it could lead to a denial of service (DoS). This vulnerability can be triggered repeatedly, causing the browser to hang indefinitely. Suggested fix The issue can be mitigated by replacing /\s+$/ with a more efficient solution, such as a look‑behind assertion /(?<=\S)\s+$/ (available in modern browsers) which ensures no backtracking occurs, or using trimEnd() for legacy support: // Example of using look-behind: cmEditor.setValue(text.replace(/(?<=\S)\s+$/, '') + '\n\n'); // Alternatively, using trimEnd(): cmEditor.setValue(text.trimEnd() + '\n\n'); Additional information If required, I am happy to assist in testing or provide more information. Please feel free to contact me for further clarification. Best regards, [redacted] =====	1 年前