From 6ad781554aa198a84a2eab458f01e2a8d4e475c5 Mon Sep 17 00:00:00 2001 From: reashetyrr <6582364+reashetyrr@users.noreply.github.com> Date: Fri, 29 Jul 2022 16:31:01 +0200 Subject: [PATCH 1/8] create the base, now building the actual injection_scriptjs --- package.json | 6 ++- scripts/build.js | 43 +++++++++++++------ scripts/build_js/chromium.js | 18 ++++---- scripts/build_js/firefox.js | 19 ++++---- src/bypasses/BypassDefinition.js | 5 +++ src/bypasses/linkvertise.js | 15 +++++++ ...script.js => injection_script-original.js} | 0 7 files changed, 76 insertions(+), 30 deletions(-) create mode 100644 src/bypasses/BypassDefinition.js create mode 100644 src/bypasses/linkvertise.js rename src/js/{injection_script.js => injection_script-original.js} (100%) diff --git a/package.json b/package.json index e0fd32f44..5efd2a065 100644 --- a/package.json +++ b/package.json @@ -1,5 +1,7 @@ { "dependencies": { - "adm-zip": "^0.5.9" - } + "adm-zip": "^0.5.9", + "es-main": "^1.2.0" + }, + "type": "module" } diff --git a/scripts/build.js b/scripts/build.js index ccd6ec8ee..9c4314783 100644 --- a/scripts/build.js +++ b/scripts/build.js @@ -6,22 +6,24 @@ * nover = Creates a package without version number * ver = Creates a package with version number as specified in version.txt */ +import { createRequire } from "module"; +const require = createRequire(import.meta.url); + const fs = require('fs'); const path = require('path'); -const distribution = 'build/dist'; - let working_directory = process.cwd(); function set_working_directory (cwd) { - if (fs.existsSync(path.join(cwd, 'LICENSE'))) + + if (fs.existsSync(path.join(cwd, 'LICENSE'))) { working_directory = cwd; - else + } else set_working_directory(path.join(cwd, '..')); } - set_working_directory(working_directory); +const distribution = `${working_directory}/build/dist`; const args = process.argv; args.shift(); args.shift() @@ -35,13 +37,16 @@ const [build_type, versioning] = args; console.log(`[FastForward.build] ${build_type} (${versioning ? versioning : 'dev'}): Creating package...`); const builds = []; +import ff_builder from './build_js/firefox.js'; +import chrm_builder from './build_js/chromium.js'; + const builders = { - firefox: require('./build_js/firefox.js'), - chromium: require('./build_js/chromium.js') + firefox: ff_builder, + chromium: chrm_builder }; -if (fs.existsSync('build')) - fs.rmSync('build', {recursive: true}); +if (fs.existsSync(`${working_directory}/build`)) + fs.rmSync(`${working_directory}/build`, {recursive: true}); fs.mkdirSync(distribution, {recursive: true}); @@ -69,7 +74,7 @@ function copyFolderRecursiveSync( source, target ) { } async function run_build(type, commit_number) { - const destination = `build/FastForward.${type}`; + const destination = `${working_directory}/build/FastForward.${type}`; fs.mkdirSync(destination, {recursive: true}); @@ -97,7 +102,7 @@ async function run_build(type, commit_number) { fs.copyFileSync(`${working_directory}/platform_spec/${type}/manifest.json`, `${destination}/manifest.json`); console.log(`[FastForward.build.${type}] creating the manifest`); - const manifest_contents = require(`${working_directory}/${destination}/manifest.json`); + const manifest_contents = require(`${destination}/manifest.json`); let version; if (!versioning) version = `0.${commit_number}.0` @@ -108,7 +113,7 @@ async function run_build(type, commit_number) { // replace windows OR linux style new lines if they are there manifest_contents.version = version.replace(/\r\n/g, '').replace(/\n/g, ''); - fs.writeFileSync(`${working_directory}/${destination}/manifest.json`, JSON.stringify(manifest_contents, null, 4)); + fs.writeFileSync(`${destination}/manifest.json`, JSON.stringify(manifest_contents, null, 4)); await builders[type]({versioning, destination, commit_number, version: manifest_contents.version}); } @@ -124,6 +129,20 @@ const { } = require('child_process'); exec(`git rev-list HEAD --count`, async (error, stdout, stderr) => { + const bypasses = {}; + + for (const _ of fs.readdirSync(`${working_directory}/src/bypasses`)) { + if (_ === 'BypassDefinition.js') continue; + + const bypass = await import(`file:///${working_directory}/src/bypasses/${_}`); + bypass.matches.map(match => { bypasses[match] = `bypasses/${_}`}); + } + fs.writeFileSync(`${working_directory}/src/js/injection_script.js`, `const bypasses = ${JSON.stringify(bypasses)}; + +if (bypasses.hasOwnProperty(location.host)) { + const bypass = import(bypasses[location.host]); + bypass.execute(); +}`) for (const _ of builds) await run_build(_, stdout.replace('\n', '')); }) diff --git a/scripts/build_js/chromium.js b/scripts/build_js/chromium.js index 195c7a178..e89b9a2a1 100644 --- a/scripts/build_js/chromium.js +++ b/scripts/build_js/chromium.js @@ -1,22 +1,24 @@ -if (require.main === module) +import esMain from "es-main"; +if (esMain(import.meta)) throw new Error('This file is a build module, run the build.js file to actually build FastForward'); -const zipper = require('adm-zip'); +import zipper from "adm-zip"; +import * as path from "path"; -module.exports = async function ({versioning, destination, commit_number, version} = {}) { +export default async function ({versioning, destination, commit_number, version} = {}) { console.log(`[FastForward.build.chromium] building the Chromium package`); const z = new zipper(); - z.addLocalFolder(`${process.cwd()}/${destination}`); + z.addLocalFolder(destination); - let output_file = `${process.cwd()}/build/dist/`; + let output_file = path.join(destination, '..', 'dist'); if (!versioning) - output_file += `FastForward_chromium_${commit_number}_dev.crx`; + output_file += `/FastForward_chromium_${commit_number}_dev.crx`; else if ('nover' === versioning) - output_file += `FastForward_chromium_0.${commit_number}.crx`; + output_file += `/FastForward_chromium_0.${commit_number}.crx`; else - output_file += `FastForward_${version}_chromium.crx`; + output_file += `/FastForward_${version}_chromium.crx`; await z.writeZipPromise(output_file, {}); console.log('[FastForward.build.chromium] Succesfull build the Chromium package: %s', output_file) diff --git a/scripts/build_js/firefox.js b/scripts/build_js/firefox.js index 56bf596ae..f6fae538a 100644 --- a/scripts/build_js/firefox.js +++ b/scripts/build_js/firefox.js @@ -1,22 +1,25 @@ -if (require.main === module) +import esMain from "es-main"; +if (esMain(import.meta)) throw new Error('This file is a build module, run the build.js file to actually build FastForward'); -const zipper = require('adm-zip'); +import zipper from 'adm-zip'; +import * as path from "path"; +// const zipper = require('adm-zip'); -module.exports = async function ({versioning, destination, commit_number, version} = {}) { +export default async function ({versioning, destination, commit_number, version} = {}) { console.log(`[FastForward.build.firefox] building the FireFox package`); const z = new zipper(); - z.addLocalFolder(`${process.cwd()}/${destination}`); + z.addLocalFolder(destination); - let output_file = `${process.cwd()}/build/dist/`; + let output_file = path.join(destination, '..', 'dist'); if (!versioning) - output_file += `FastForward_firefox_${commit_number}_dev.xpi`; + output_file += `/FastForward_firefox_${commit_number}_dev.xpi`; else if ('nover' === versioning) - output_file += `FastForward_firefox_0.${commit_number}.xpi`; + output_file += `/FastForward_firefox_0.${commit_number}.xpi`; else - output_file += `FastForward_${version}_firefox.xpi`; + output_file += `/FastForward_${version}_firefox.xpi`; await z.writeZipPromise(output_file, {}); console.log('[FastForward.build.firefox] Succesfull build the FireFox package: %s', output_file) diff --git a/src/bypasses/BypassDefinition.js b/src/bypasses/BypassDefinition.js new file mode 100644 index 000000000..7f0de364e --- /dev/null +++ b/src/bypasses/BypassDefinition.js @@ -0,0 +1,5 @@ +const IMPLEMENTATION_ERROR = (function_name) => { throw new Error(`${function_name} must be implemented`); } + +export default class BypassDefinition { + execute() { IMPLEMENTATION_ERROR(); } +} diff --git a/src/bypasses/linkvertise.js b/src/bypasses/linkvertise.js new file mode 100644 index 000000000..461f7dfa3 --- /dev/null +++ b/src/bypasses/linkvertise.js @@ -0,0 +1,15 @@ +import BypassDefinition from './BypassDefinition.js'; + +class Linkvertise extends BypassDefinition { + constructor() { + super(); + // custom bypass required bases can be set here + } + execute() { + //linkvertise code here + } +} + +export default new Linkvertise(); + +export const matches = ['linkvertise.com', 'link.vertise']; diff --git a/src/js/injection_script.js b/src/js/injection_script-original.js similarity index 100% rename from src/js/injection_script.js rename to src/js/injection_script-original.js From ba5f17320bb292f1180854395f56e7d5b37fffa6 Mon Sep 17 00:00:00 2001 From: Princess Mortix <47502554+princessmortix@users.noreply.github.com> Date: Fri, 29 Jul 2022 19:15:28 -0300 Subject: [PATCH 2/8] CI: add workflow to your branch --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ef0a391be..e6212bbfe 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -2,7 +2,7 @@ name: Package on: push: - branches: [ main ] + branches: [ main, prj-hatsune-miku ] workflow_dispatch: From f241985a75ac315b29f5791b40389f5249523036 Mon Sep 17 00:00:00 2001 From: reashetyrr <6582364+reashetyrr@users.noreply.github.com> Date: Tue, 2 Aug 2022 15:06:56 +0200 Subject: [PATCH 3/8] add th einjection_script.js to the js injections manifest --- platform_spec/firefox/manifest.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/platform_spec/firefox/manifest.json b/platform_spec/firefox/manifest.json index 7ac21b84b..60741633c 100644 --- a/platform_spec/firefox/manifest.json +++ b/platform_spec/firefox/manifest.json @@ -51,7 +51,8 @@ "" ], "js": [ - "content_script.js" + "content_script.js", + "injection_script.js" ], "run_at": "document_start" } From d0e11a6b3124de55cce33d2746bb6cabadaf1c50 Mon Sep 17 00:00:00 2001 From: reashetyrr <6582364+reashetyrr@users.noreply.github.com> Date: Tue, 2 Aug 2022 16:58:23 +0200 Subject: [PATCH 4/8] its alive, v1 still not capturing the actual fastforward.team --- platform_spec/firefox/manifest.json | 3 +- scripts/build.js | 35 +++++++++- src/bypasses/BypassDefinition.js | 8 +++ src/bypasses/linkvertise.js | 59 +++++++++++++++-- src/helpers/dom.js | 99 +++++++++++++++++++++++++++++ src/js/content_script.js | 29 +++++---- src/js/injection_script.js | 30 +++++++++ 7 files changed, 242 insertions(+), 21 deletions(-) create mode 100644 src/helpers/dom.js create mode 100644 src/js/injection_script.js diff --git a/platform_spec/firefox/manifest.json b/platform_spec/firefox/manifest.json index 60741633c..7ac21b84b 100644 --- a/platform_spec/firefox/manifest.json +++ b/platform_spec/firefox/manifest.json @@ -51,8 +51,7 @@ "" ], "js": [ - "content_script.js", - "injection_script.js" + "content_script.js" ], "run_at": "document_start" } diff --git a/scripts/build.js b/scripts/build.js index 9c4314783..c836a3011 100644 --- a/scripts/build.js +++ b/scripts/build.js @@ -101,6 +101,12 @@ async function run_build(type, commit_number) { console.log(`[FastForward.build.${type}] copying manifest to ${destination}`); fs.copyFileSync(`${working_directory}/platform_spec/${type}/manifest.json`, `${destination}/manifest.json`); + console.log(`[FastForward.build.${type}] copying bypass files to ${destination}`) + copyFolderRecursiveSync(`${working_directory}/src/bypasses`, destination); + + console.log(`[FastForward.build.${type}] copying helper files to ${destination}`) + copyFolderRecursiveSync(`${working_directory}/src/helpers`, destination); + console.log(`[FastForward.build.${type}] creating the manifest`); const manifest_contents = require(`${destination}/manifest.json`); let version; @@ -137,11 +143,36 @@ exec(`git rev-list HEAD --count`, async (error, stdout, stderr) => { const bypass = await import(`file:///${working_directory}/src/bypasses/${_}`); bypass.matches.map(match => { bypasses[match] = `bypasses/${_}`}); } + fs.writeFileSync(`${working_directory}/src/js/injection_script.js`, `const bypasses = ${JSON.stringify(bypasses)}; if (bypasses.hasOwnProperty(location.host)) { - const bypass = import(bypasses[location.host]); - bypass.execute(); + const bypass_url = bypasses[location.host]; + + import(\`\${window.x8675309bp}\${bypass_url}\`).then(({default: bypass}) => { + import(\`\${window.x8675309bp}helpers/dom.js\`).then(({default: helpers}) => { + const bps = new bypass; + bps.set_helpers(helpers); + console.log('ensure_dom: %r', bps.ensure_dom); + if (bps.ensure_dom) { + let executed = false; + document.addEventListener('readystatechange', () => { + if (['interactive', 'complete'].includes(document.readyState) && !executed) { + executed = true; + bps.execute(); + } + }); + document.addEventListener("DOMContentLoaded",()=>{ + if (!executed) { + executed = true; + bps.execute(); + } + }); + } else { + bps.execute(); + } + }); + }); }`) for (const _ of builds) await run_build(_, stdout.replace('\n', '')); diff --git a/src/bypasses/BypassDefinition.js b/src/bypasses/BypassDefinition.js index 7f0de364e..305a77025 100644 --- a/src/bypasses/BypassDefinition.js +++ b/src/bypasses/BypassDefinition.js @@ -1,5 +1,13 @@ const IMPLEMENTATION_ERROR = (function_name) => { throw new Error(`${function_name} must be implemented`); } export default class BypassDefinition { + constructor() { + this.ensure_dom = false; + } + + set_helpers (helpers) { + this.helpers = helpers; + } + execute() { IMPLEMENTATION_ERROR(); } } diff --git a/src/bypasses/linkvertise.js b/src/bypasses/linkvertise.js index 461f7dfa3..bcb77583d 100644 --- a/src/bypasses/linkvertise.js +++ b/src/bypasses/linkvertise.js @@ -1,15 +1,64 @@ import BypassDefinition from './BypassDefinition.js'; -class Linkvertise extends BypassDefinition { +export default class Linkvertise extends BypassDefinition { constructor() { super(); // custom bypass required bases can be set here } + execute() { - //linkvertise code here + if (window.location.href.toString().includes("?r=")) { + const urlParams = new URLSearchParams(window.location.search); + const r = urlParams.get('r') + this.helpers.safelyNavigate(atob(decodeURIComponent(r))); + } + + const lvt_this = this; + + const rawOpen = window.XMLHttpRequest.prototype.open; + + window.XMLHttpRequest.prototype.open = function () { + this.addEventListener('load', data => { + if (data.currentTarget?.responseText?.includes('tokens')) { + const response = JSON.parse(data.currentTarget.responseText); + + if (!response.data.valid) + return lvt_this.helpers.insertInfoBox('Please solve the captcha, afterwards we can immediately redirect you'); + + const target_token = response.data.tokens['TARGET']; + const ut = localStorage.getItem("X-LINKVERTISE-UT"); + const linkvertise_link = location.pathname.replace(/\/[0-9]$/, ""); + + + fetch(`https://publisher.linkvertise.com/api/v1/redirect/link/static${linkvertise_link}?X-Linkvertise-UT=${ut}`).then(r => r.json()).then(json => { + if (json?.data.link.id) { + const json_body = { + serial: btoa(JSON.stringify({ + timestamp: new Date().getTime(), + random: "6548307", + link_id: json.data.link.id + })), + token: target_token + } + fetch(`https://publisher.linkvertise.com/api/v1/redirect/link${linkvertise_link}/target?X-Linkvertise-UT=${ut}`, { + method: "POST", + body: JSON.stringify(json_body), + headers: { + "Accept": 'application/json', + "Content-Type": 'application/json' + } + }).then(r => r.json()).then(json => { + if (json?.data.target) { + lvt_this.helpers.safelyNavigate(json.data.target) + } + }) + } + }) + } + }); + rawOpen.apply(this, arguments); + } } } -export default new Linkvertise(); - -export const matches = ['linkvertise.com', 'link.vertise']; +export const matches = ['linkvertise.com', 'linkvertise.net', 'link-to.net']; diff --git a/src/helpers/dom.js b/src/helpers/dom.js new file mode 100644 index 000000000..9dc53d9e3 --- /dev/null +++ b/src/helpers/dom.js @@ -0,0 +1,99 @@ +export function insertInfoBox(text) { + let infobox_container = document.querySelector('div#ffibv1'); + + if (!infobox_container) { + infobox_container = document.createElement('div'); + infobox_container.setAttribute('id', 'ffibv1'); + infobox_container.setAttribute('style', ` + z-index: 99999999; position: fixed; bottom: 0; line-height:normal; + right: 0; padding: 20px; color:#111; font-size:21px; + font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,helvetica neue,Arial,sans-serif,apple color emoji,segoe ui emoji,segoe ui symbol; + max-width:500px; display: flex; flex-direction: column-reverse; + `); + + document.body.appendChild(infobox_container); + } + const div = document.createElement("div"); + div.style = 'margin-left:20px; margin-bottom: 20px;background:#eee;border-radius:10px;padding:20px;box-shadow:#111 0px 5px 40px;cursor:pointer'; + div.innerHTML = ``; + div.setAttribute("tabindex","-1"); + div.setAttribute("aria-hidden","true"); + const span = div.querySelector("span"); + span.textContent=text; + div.onclick= () => document.body.removeChild(div); + infobox_container.appendChild(div); +} + +export function unsafelyNavigate(target, referer=null) { + //The background script will intercept the request and redirect to html/before-navigate.html or to the target depending on the user's settings. + let url = `https://fastforward.team/bypassed?target=${encodeURIComponent(target)}`; + if (referer) + url += `&referer=${encodeURIComponent(referer)}`; + + switch(target)//All values here have been tested using "Take me to destinations after 0 seconds." + { + case (/(krnl\.place|hugegames\.io)/.exec(target)||{}).input: + url+="&safe_in=15" + break; + case (/(bowfile\.com)/.exec(target)||{}).input: + url+="&safe_in=20" + break; + } + + location.assign(url); +} + +export function parseTarget (target) { + return target instanceof HTMLAnchorElement ? target.href : target; +} + +export function safelyNavigate(target, drophash) { + target = parseTarget(target) + if(!isGoodLink(target)) + return false + + // bypassed=true + let url = new URL(target) + if(!drophash&&(!url||!url.hash)) + target+=location.hash + + unsafelyNavigate(target) + return true +} + +export function isGoodLink(link) { + if(typeof link !== "string" || link.split("#")[0] === location.href.split("#")[0]) + { + return false + } + try + { + let u = new URL(decodeURI(link).trim().toLocaleLowerCase()) + //check if host is a private/internal ip + if (u.hostname === 'localhost' || u.hostname === '[::1]' || /^127(?:\.(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}$/.test(u.hostname)) { + return false + } + const parts = u.hostname.split('.'); + if (parts[0] === '10' || (parts[0] === '172' && (parseInt(parts[1], 10) >= 16 && parseInt(parts[1], 10) <= 31)) || (parts[0] === '192' && parts[1] === '168')) { + return false + } + // Check if protocol is safe + let safeProtocols = ["http:", "https:", "mailto:", "irc:", "telnet:", "tel:", "svn:"] + if (!safeProtocols.includes(u.protocol)) { + return false + } + } + catch(e) + { + return false + } + return true +} + +export default { + insertInfoBox, + safelyNavigate, + unsafelyNavigate, + parseTarget, + isGoodLink +} diff --git a/src/js/content_script.js b/src/js/content_script.js index 7518131c1..9d2144beb 100644 --- a/src/js/content_script.js +++ b/src/js/content_script.js @@ -132,19 +132,24 @@ if(document instanceof Document) //encodeURIcomponent and replace whatever's not encoded, https://stackoverflow.com/a/16435373/17117909 ffClipboard_stored = encodeURIComponent(ffClipboard_stored).replace(/\-/g, "%2D").replace(/\_/g, "%5F").replace(/\./g, "%2E").replace(/\!/g, "%21").replace(/\~/g, "%7E").replace(/\*/g, "%2A").replace(/\'/g, "%27").replace(/\(/g, "%28").replace(/\)/g, "%29") + const s = document.createElement('script'); + s.innerHTML = `window.x8675309bp = '${brws.runtime.getURL('')}';`; + document.documentElement.appendChild(s); + let script=document.createElement("script") - script.innerHTML=`(()=>{ - const crowdEnabled=`+(res.crowdEnabled?"true":"false")+`, - ignoreCrowdBypass=`+(ignoreCrowdBypass?"true":"false")+`, - bypassClipboard="`+bypassClipboard.split("\\").join("\\\\").split("\"").join("\\\"")+`" - let ffClipboard_stored="`+ffClipboard_stored+`" - if(location.href=="https://fastforward.team/firstrun") - { - location.replace("https://fastforward.team/firstrun?1") - return - } - `+res.injectionScript+` - })()` + script.setAttribute('type', 'module'); + script.src = brws.runtime.getURL('injection_script.js'); + // script.innerHTML=`(()=>{ + // const crowdEnabled=`+(res.crowdEnabled?"true":"false")+`, + // ignoreCrowdBypass=`+(ignoreCrowdBypass?"true":"false")+`, + // bypassClipboard="`+bypassClipboard.split("\\").join("\\\\").split("\"").join("\\\"")+`" + // let ffClipboard_stored="`+ffClipboard_stored+`" + // if(location.href=="https://fastforward.team/firstrun") + // { + // location.replace("https://fastforward.team/firstrun?1") + // return + // } + // })()` script=document.documentElement.appendChild(script) setTimeout(()=>document.documentElement.removeChild(script),10) }); diff --git a/src/js/injection_script.js b/src/js/injection_script.js new file mode 100644 index 000000000..3aa6601aa --- /dev/null +++ b/src/js/injection_script.js @@ -0,0 +1,30 @@ +const bypasses = {"linkvertise.com":"bypasses/linkvertise.js","linkvertise.net":"bypasses/linkvertise.js","link-to.net":"bypasses/linkvertise.js"}; + +if (bypasses.hasOwnProperty(location.host)) { + const bypass_url = bypasses[location.host]; + + import(`${window.x8675309bp}${bypass_url}`).then(({default: bypass}) => { + import(`${window.x8675309bp}helpers/dom.js`).then(({default: helpers}) => { + const bps = new bypass; + bps.set_helpers(helpers); + console.log('ensure_dom: %r', bps.ensure_dom); + if (bps.ensure_dom) { + let executed = false; + document.addEventListener('readystatechange', () => { + if (['interactive', 'complete'].includes(document.readyState) && !executed) { + executed = true; + bps.execute(); + } + }); + document.addEventListener("DOMContentLoaded",()=>{ + if (!executed) { + executed = true; + bps.execute(); + } + }); + } else { + bps.execute(); + } + }); + }); +} \ No newline at end of file From f3870c3af714bb41f730c74a99db8b8640595864 Mon Sep 17 00:00:00 2001 From: reashetyrr <6582364+reashetyrr@users.noreply.github.com> Date: Tue, 2 Aug 2022 17:00:07 +0200 Subject: [PATCH 5/8] referer is optional, with the linkvertise module it did not have referer --- src/js/background.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/js/background.js b/src/js/background.js index a237c19a5..464faa5be 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -478,7 +478,7 @@ brws.webRequest.onBeforeRequest.addListener(details=>{ const target = parsed_url.searchParams.get('target'); return encodedRedirect(target, referer, safe_in) -},{types:["main_frame"],urls:["*://fastforward.team/bypassed?target=*&referer=*"]},["blocking"]) +},{types:["main_frame"],urls:["*://fastforward.team/bypassed?target=*","*://fastforward.team/bypassed?target=*&referer=*"]},["blocking"]) brws.webRequest.onBeforeRequest.addListener(details=>{ countIt() From 83b2f86191365c4c7e8a26510094b86f99d6182c Mon Sep 17 00:00:00 2001 From: reashetyrr <6582364+reashetyrr@users.noreply.github.com> Date: Mon, 12 Sep 2022 08:19:15 +0200 Subject: [PATCH 6/8] remove the whole content-security-policy bypass --- src/js/background.js | 53 -------------------------------------------- 1 file changed, 53 deletions(-) diff --git a/src/js/background.js b/src/js/background.js index 464faa5be..d0483d385 100644 --- a/src/js/background.js +++ b/src/js/background.js @@ -1006,58 +1006,5 @@ brws.webRequest.onHeadersReceived.addListener(details=>{ } delete soralink_contribute[details.url] } - if(firefox)//Fixing Content-Security-Policy on Firefox because apparently extensions have no special privileges there - { - let csp = false - for(let i in details.responseHeaders) - { - if("value"in details.responseHeaders[i]&&["content-security-policy","x-content-security-policy"].indexOf(details.responseHeaders[i].name.toLowerCase())>-1) - { - csp = true - let _policies = details.responseHeaders[i].value.replace(";,",";").split(";"), - policies = {} - for(let j in _policies) - { - let policy = _policies[j].trim(),name=policy.split(" ")[0] - policies[name] = policy.substr(name.length).trim().split(" ") - } - if(!("script-src"in policies)&&"default-src"in policies) - { - policies["script-src"] = policies["default-src"] - let ni = policies["script-src"].indexOf("'none'") - if(ni > -1) - { - policies["script-src"].splice(ni, 1) - } - } - if("script-src"in policies) - { - if(policies["script-src"].indexOf("'unsafe-inline'")==-1) - { - policies["script-src"].push("'unsafe-inline'") - } - } - else - { - policies["script-src"]=["*","blob:","data:","'unsafe-inline'","'unsafe-eval'"] - } - let value="" - for(let name in policies) - { - value+=name - for(let j in policies[name]) - { - value+=" "+policies[name][j] - } - value+="; " - } - details.responseHeaders[i].value=value.substr(0,value.length-2) - } - } - if(csp) - { - return{responseHeaders:details.responseHeaders} - } - } } },{types:["main_frame"],urls:[""]},["blocking","responseHeaders"]) From fcc1eb47467ee6d2523fe2dff4b812836991b2e9 Mon Sep 17 00:00:00 2001 From: reashetyrr <6582364+reashetyrr@users.noreply.github.com> Date: Mon, 12 Sep 2022 08:20:22 +0200 Subject: [PATCH 7/8] readd the proper infobox container remove and auto remove --- src/helpers/dom.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/helpers/dom.js b/src/helpers/dom.js index 9dc53d9e3..87d492f41 100644 --- a/src/helpers/dom.js +++ b/src/helpers/dom.js @@ -20,8 +20,9 @@ export function insertInfoBox(text) { div.setAttribute("aria-hidden","true"); const span = div.querySelector("span"); span.textContent=text; - div.onclick= () => document.body.removeChild(div); + div.onclick= () => infobox_container.removeChild(div); infobox_container.appendChild(div); + setTimeout(()=>infobox_container.removeChild(div), 7000); } export function unsafelyNavigate(target, referer=null) { From 0749e01412138a2dee1baad6d57f6e31b77be44f Mon Sep 17 00:00:00 2001 From: reashetyrr <6582364+reashetyrr@users.noreply.github.com> Date: Mon, 12 Sep 2022 08:21:32 +0200 Subject: [PATCH 8/8] readd the warning infobox about not bypassing copyrighted stuff --- src/bypasses/linkvertise.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/bypasses/linkvertise.js b/src/bypasses/linkvertise.js index bcb77583d..ed80b0fbd 100644 --- a/src/bypasses/linkvertise.js +++ b/src/bypasses/linkvertise.js @@ -31,6 +31,9 @@ export default class Linkvertise extends BypassDefinition { fetch(`https://publisher.linkvertise.com/api/v1/redirect/link/static${linkvertise_link}?X-Linkvertise-UT=${ut}`).then(r => r.json()).then(json => { + if (json?.data.link.target_type !== 'URL') { + return insertInfoBox('Due to copyright reasons we are not bypassing linkvertise stored content (paste, download etc)'); + } if (json?.data.link.id) { const json_body = { serial: btoa(JSON.stringify({