-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathmain_world_script.js
367 lines (343 loc) · 15.5 KB
/
main_world_script.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
// This script is the part of Don't Track Me Google (DTMG) that modifies
// objects in the page's context. It should run in the MAIN world.
// It may run in the ISOLATED world if the MAIN world is not supported.
// This content script runs as document_start, so we can have some assurance
// that the methods in the page are reliable.
// Keep the following functions in sync with contentscript.js:
// - getRealLinkFromGoogleUrl
// - getReferrerPolicy (dtmgLink.referrerPolicy)
// - isNoPingEnabled (dtmgLink.noping)
// The indentation of this file is somewhat strange:
// - getRealLinkFromGoogleUrl is not indented, for easier diffing against
// its copy in contentscript.js
// - The comments before setupAggresiveUglyLinkPreventer, blockTrackingBeacons
// and overwriteWindowOpen have not been indented yet because of blame.
;(function dtmg_main_closure() {
// This element is inserted by contentscript.js
var dtmgLink = document.querySelector('link#dont_track_me_google_link');
if (injectInMainWorldIfIsolatedWorldInFirefox()) {
// world:"MAIN" was not supported by Firefox: https://bugzil.la/1736575
// ... and we ended up being executed in the ISOLATED world.
// Note: in Chrome we set minimum_chrome_version:111, which implies
// availability of world:MAIN, as introduced in:
// https://chromium.googlesource.com/chromium/src/+/8f07eaff87947a2e93214de2695de8052119180b
return;
}
// These are the main functions:
setupAggresiveUglyLinkPreventer();
blockTrackingBeacons();
overwriteWindowOpen();
if (dtmgLink) {
dtmgLink.remove();
}
/**
* @param {URL|HTMLHyperlinkElementUtils} a
* @returns {String} the real URL if the given link is a Google redirect URL.
*/
function getRealLinkFromGoogleUrl(a) {
if (a.protocol !== 'https:' && a.protocol !== 'http:') {
return;
}
var url;
if ((a.hostname === location.hostname || a.hostname === 'www.google.com') &&
(a.pathname === '/url' || a.pathname === '/local_url' ||
a.pathname === '/searchurl/rr.html' ||
a.pathname === '/linkredirect')) {
// Google Maps / Dito (/local_url?q=<url>)
// Mobile (/url?q=<url>)
// Google Meet's chat (/linkredirect?authuser=0&dest=<url>)
url = /[?&](?:q|url|dest)=((?:https?|ftp)[%:][^&]+)/.exec(a.search);
if (url) {
return decodeURIComponent(url[1]);
}
// Help pages, e.g. safe browsing (/url?...&q=%2Fsupport%2Fanswer...)
url = /[?&](?:q|url)=((?:%2[Ff]|\/)[^&]+)/.exec(a.search);
if (url) {
return a.origin + decodeURIComponent(url[1]);
}
// Redirect pages for Android intents (/searchurl/rr.html#...&url=...)
// rr.html only supports http(s). So restrict to http(s) only.
url = /[#&]url=(https?[:%][^&]+)/.exec(a.hash);
if (url) {
return decodeURIComponent(url[1]);
}
}
// Google Search with old mobile UA (e.g. Firefox 41).
if (a.hostname === 'googleweblight.com' && a.pathname === '/fp') {
url = /[?&]u=((?:https?|ftp)[%:][^&]+)/.exec(a.search);
if (url) {
return decodeURIComponent(url[1]);
}
}
}
/**
* Intercept the .href setter in the page so that the page can never change the
* URL to a tracking URL. Just intercepting mousedown/touchstart is not enough
* because e.g. on Google Maps, the page rewrites the URL in the contextmenu
* event at the bubbling event stage and then stops the event propagation. So
* there is no event-driven way to fix the URL. The DOMAttrModified event could
* be used, but the event is deprecated, so not a viable long-term solution.
*/
function setupAggresiveUglyLinkPreventer() {
var proto = HTMLAnchorElement.prototype;
// The link target can be changed in many ways, but let's only consider
// the .href attribute since it's probably the only used setter.
var hrefProp = Object.getOwnPropertyDescriptor(proto, 'href');
var hrefGet = Function.prototype.call.bind(hrefProp.get);
var hrefSet = Function.prototype.call.bind(hrefProp.set);
Object.defineProperty(proto, 'href', {
configurable: true,
enumerable: true,
get() {
return hrefGet(this);
},
set(v) {
hrefSet(this, v);
try {
v = getRealLinkFromGoogleUrl(this);
if (v) {
hrefSet(this, v);
}
} catch (e) {
// Not expected to happen, but don't break the setter if for
// some reason the (hostile) page broke the link APIs.
}
updateReferrerPolicy(this);
},
});
function replaceAMethod(methodName, methodFunc) {
// Overwrite the methods without triggering setters, because that
// may inadvertently overwrite the prototype, as observed in
// https://github.com/Rob--W/dont-track-me-google/issues/52#issuecomment-1596207655
Object.defineProperty(proto, methodName, {
configurable: true,
// All methods that we are overriding are not part of
// HTMLAnchorElement.prototype, but inherit.
enumerable: false,
writable: true,
value: methodFunc,
});
}
// proto inherits Element.prototype.setAttribute:
var setAttribute = Function.prototype.call.bind(proto.setAttribute);
replaceAMethod('setAttribute', function(name, value) {
// Attribute names are not case-sensitive, but weird capitalizations
// are unlikely, so only check all-lowercase and all-uppercase.
if (name === 'href' || name === 'HREF') {
this.href = value;
} else {
setAttribute(this, name, value);
}
});
// proto inherits EventTarget.prototype.dispatchEvent:
var aDispatchEvent = Function.prototype.apply.bind(proto.dispatchEvent);
replaceAMethod('dispatchEvent', function() {
updateReferrerPolicy(this);
return aDispatchEvent(this, arguments);
});
// proto inherits HTMLElement.prototype.click:
var aClick = Function.prototype.apply.bind(proto.click);
replaceAMethod('click', function() {
updateReferrerPolicy(this);
return aClick(this, arguments);
});
var rpProp = Object.getOwnPropertyDescriptor(proto, 'referrerPolicy');
var rpGet = Function.prototype.call.bind(rpProp.get);
var rpSet = Function.prototype.call.bind(rpProp.set);
function getReferrerPolicy() {
// This mirrors getReferrerPolicy() from contentscript.js; by
// default, forceNoReferrer = true, which translates to 'origin'.
return dtmgLink ? dtmgLink.referrerPolicy : 'origin';
}
function updateReferrerPolicy(a) {
try {
if (rpGet(a) === 'no-referrer') {
// "no-referrer" is more privacy-friendly than "origin".
return;
}
var referrerPolicy = getReferrerPolicy();
if (referrerPolicy) {
rpSet(a, referrerPolicy);
}
} catch (e) {
// Not expected to happen, but don't break callers if it happens
// anyway.
}
}
}
// Block sendBeacon requests with destination /gen_204, because Google
// asynchronously sends beacon requests in response to mouse events on links:
// https://github.com/Rob--W/dont-track-me-google/issues/20
//
// This implementation also blocks other forms of tracking via gen_204 as a side
// effect. That is not fully intentional, but given the lack of obvious ways to
// discern such link-tracking events from others, I will block all of them.
function blockTrackingBeacons() {
var navProto = window.Navigator.prototype;
var navProtoSendBeacon = navProto.sendBeacon;
if (!navProtoSendBeacon) {
return;
}
var sendBeacon = Function.prototype.apply.bind(navProtoSendBeacon);
// Blocks the following:
// gen_204
// /gen_204
// https://www.google.com/gen_204
var isTrackingUrl = RegExp.prototype.test.bind(
/^(?:(?:https?:\/\/[^\/]+)?\/)?gen_204(?:[?#]|$)/);
navProto.sendBeacon = function(url, data) {
if (isTrackingUrl(url) && isNoPingEnabled()) {
// Lie that the data has been transmitted to avoid fallbacks.
return true;
}
return sendBeacon(this, arguments);
};
function isNoPingEnabled() {
try {
// Mirrors the noping variable from contentscript.js
return dtmgLink ? dtmgLink.disabled : true;
} catch (e) {
return true;
}
}
}
// Google sometimes uses window.open() to open ugly links.
// https://github.com/Rob--W/dont-track-me-google/issues/18
// https://github.com/Rob--W/dont-track-me-google/issues/41
function overwriteWindowOpen() {
var open = window.open;
window.open = function(url, windowName, windowFeatures) {
var isBlankUrl = !url || url === "about:blank";
try {
if (!isBlankUrl) {
var a = document.createElement('a');
// Triggers getRealLinkFromGoogleUrl via the href setter in
// setupAggresiveUglyLinkPreventer.
a.href = url;
url = a.href;
// The origin check exists to avoid adding "noreferrer" to
// same-origin popups. That implies noopener and causes
// https://github.com/Rob--W/dont-track-me-google/issues/43
// And allow any Google domain to support auth popups:
// https://github.com/Rob--W/dont-track-me-google/issues/45
// And don't bother editing the list if it already contains
// "opener" (it would be disabled by "noreferrer").
if (a.referrerPolicy && a.origin !== location.origin &&
!/\.google\.([a-z]+)$/.test(a.hostname) &&
!/\bopener|noreferrer/.test(windowFeatures)) {
if (windowFeatures) {
windowFeatures += ',';
} else {
windowFeatures = '';
}
windowFeatures += 'noreferrer';
}
}
} catch (e) {
// Not expected to happen, but don't break callers if it does.
}
var win = open(url, windowName, windowFeatures);
try {
if (isBlankUrl && win) {
// In Google Docs, sometimes a blank document is opened,
// and document.write is used to insert a redirector.
// https://github.com/Rob--W/dont-track-me-google/issues/41
var doc = win.document;
var docWrite = win.Function.prototype.call.bind(doc.write);
doc.write = function(markup) {
try {
markup = fixupDocMarkup(markup);
} catch (e) {
// Not expected, but don't break callers otherwise.
}
return docWrite(this, markup);
};
}
} catch (e) {
// Not expected to happen, but don't break callers if it does.
}
return win;
};
function fixupDocMarkup(html) {
html = html || '';
html += '';
return html.replace(
/<meta [^>]*http-equiv=(["']?)refresh\1[^>]*>/i,
function(m) {
var doc = new DOMParser().parseFromString(m, 'text/html');
var meta = doc.querySelector('meta[http-equiv=refresh]');
return meta && fixupMetaUrl(meta) || m;
});
}
function fixupMetaUrl(meta) {
var parts = /^(\d*;\s*url=)(.+)$/i.exec(meta.content);
if (!parts) {
return;
}
var metaPrefix = parts[1];
var url = parts[2];
var a = document.createElement('a');
// Triggers getRealLinkFromGoogleUrl via the href setter in
// setupAggresiveUglyLinkPreventer.
a.href = url;
url = a.href;
meta.content = metaPrefix + url;
var html = meta.outerHTML;
if (a.referrerPolicy) {
// Google appears to already append the no-referrer
// meta tag, but add one just in case it doesn't.
html = '<meta name="referrer" content="no-referrer">' + html;
}
return html;
}
}
function injectInMainWorldIfIsolatedWorldInFirefox() {
/* globals globalThis, console */
if (globalThis === window) {
// Content script world check relies on https://bugzil.la/1208775
// (globalThis is the content script's Sandbox global in Firefox).
// In Chrome, globalThis === window is always true, and in every
// regular browser (including Firefox), being in the main world
// implies globalThis === window.
return false;
}
// Extra sanity checks in case the above logic was messed up.
let browser = globalThis.browser;
if (
typeof browser !== 'object' ||
!browser.runtime ||
typeof browser.runtime.getURL !== 'function'
) {
return false;
}
var mainWorldScript = browser.runtime.getURL('main_world_script.js');
if (!mainWorldScript.startsWith('moz-extension:')) {
return false; // Unexpectedly not Firefox.
}
// MV2 extensions in Firefox can inject moz-extension:-scripts without
// web_accessible_resources. MV3 cannot: https://bugzil.la/1783078
// MV3 should use world:main when available: https://bugzil.la/1736575
var s = document.createElement('script');
s.src = mainWorldScript;
// Use closed shadow DOM to avoid leaking extension UUID to the page.
var shadowHost = document.createElement('span');
shadowHost.attachShadow({ mode: 'closed' }).append(s);
s.onload = s.onerror = function(e) {
s.onload = s.onerror = null;
if (e.type === 'error') {
// Forgotten to delete MV2 code after MV3 migration?
// Could also happen during development in Firefox, because
// manifest.json defaults to manifest_version 3, and
// tools/make-firefox-manifest.js sets MV3 to MV2.
// Note: this execution could be blocked by the page's CSP.
var s2 = document.createElement('script');
s2.textContent = '(' + dtmg_main_closure + ')()';
s.replaceWith(s2);
console.warn('[DTMG] Falling back to inline script injection');
}
shadowHost.remove();
};
(document.body || document.documentElement).append(shadowHost);
return true;
}
})();