From 20cafbdf7f1d1309726a3b02c0bd8f7520c63c79 Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Wed, 16 Oct 2024 13:51:08 +0100 Subject: [PATCH 1/2] Change tab URL calculation for contentblockerrules.js --- .../UserScripts/contentblockerrules.js | 47 ++++++++++++------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/Sources/BrowserServicesKit/ContentBlocking/UserScripts/contentblockerrules.js b/Sources/BrowserServicesKit/ContentBlocking/UserScripts/contentblockerrules.js index 7ca771a6e..b85acb56f 100644 --- a/Sources/BrowserServicesKit/ContentBlocking/UserScripts/contentblockerrules.js +++ b/Sources/BrowserServicesKit/ContentBlocking/UserScripts/contentblockerrules.js @@ -19,7 +19,37 @@ // "use strict"; (function () { - const topLevelUrl = getTopLevelURL() + + + /** + * Best guess effort of the tabs hostname. Cribbed from getTabHostname in: https://github.com/duckduckgo/content-scope-scripts/ + * @returns {string|null} inferred tab hostname + */ + function getTabURL () { + let framingOrigin = null + try { + // @ts-expect-error - globalThis.top is possibly 'null' here + framingOrigin = globalThis.top.location.href + } catch { + framingOrigin = globalThis.document.referrer + } + + // Not supported in Firefox + if ('ancestorOrigins' in globalThis.location && globalThis.location.ancestorOrigins.length) { + // ancestorOrigins is reverse order, with the last item being the top frame + framingOrigin = globalThis.location.ancestorOrigins.item(globalThis.location.ancestorOrigins.length - 1) + } + + try { + // @ts-expect-error - framingOrigin is possibly 'null' here + framingOrigin = new URL(framingOrigin) + } catch { + framingOrigin = null + } + return framingOrigin + } + + const topLevelUrl = getTabURL() let unprotectedDomain = false const domainParts = topLevelUrl && topLevelUrl.host ? topLevelUrl.host.split('.') : [] @@ -133,21 +163,6 @@ return false } - // private - function getTopLevelURL () { - try { - // FROM: https://stackoverflow.com/a/7739035/73479 - // FIX: Better capturing of top level URL so that trackers in embedded documents are not considered first party - if (window.location !== window.parent.location) { - return new URL(window.location.href !== 'about:blank' ? document.referrer : window.parent.location.href) - } else { - return new URL(document.location.href) - } - } catch (error) { - return new URL(location.href) - } - } - if (!window.__firefox__) { Object.defineProperty(window, '__firefox__', { enumerable: false, From 582756e01384f6ec68226bb67902cd28ec4384da Mon Sep 17 00:00:00 2001 From: Jonathan Kingston Date: Wed, 16 Oct 2024 13:56:20 +0100 Subject: [PATCH 2/2] Change tab URL calculation for surrogates.js --- .../ContentBlocking/UserScripts/surrogates.js | 41 +++++++++++++------ 1 file changed, 29 insertions(+), 12 deletions(-) diff --git a/Sources/BrowserServicesKit/ContentBlocking/UserScripts/surrogates.js b/Sources/BrowserServicesKit/ContentBlocking/UserScripts/surrogates.js index 9dd4fe34a..eb2f2d3e8 100644 --- a/Sources/BrowserServicesKit/ContentBlocking/UserScripts/surrogates.js +++ b/Sources/BrowserServicesKit/ContentBlocking/UserScripts/surrogates.js @@ -377,7 +377,35 @@ } ]) - const topLevelUrl = getTopLevelURL() + /** + * Best guess effort of the tabs hostname. Cribbed from getTabHostname in: https://github.com/duckduckgo/content-scope-scripts/ + * @returns {string|null} inferred tab hostname + */ + function getTabURL () { + let framingOrigin = null + try { + // @ts-expect-error - globalThis.top is possibly 'null' here + framingOrigin = globalThis.top.location.href + } catch { + framingOrigin = globalThis.document.referrer + } + + // Not supported in Firefox + if ('ancestorOrigins' in globalThis.location && globalThis.location.ancestorOrigins.length) { + // ancestorOrigins is reverse order, with the last item being the top frame + framingOrigin = globalThis.location.ancestorOrigins.item(globalThis.location.ancestorOrigins.length - 1) + } + + try { + // @ts-expect-error - framingOrigin is possibly 'null' here + framingOrigin = new URL(framingOrigin) + } catch { + framingOrigin = null + } + return framingOrigin + } + + const topLevelUrl = getTabURL() let unprotectedDomain = false const domainParts = topLevelUrl && topLevelUrl.host ? topLevelUrl.host.split('.') : [] @@ -466,17 +494,6 @@ return false } - // private - function getTopLevelURL () { - try { - // FROM: https://stackoverflow.com/a/7739035/73479 - // FIX: Better capturing of top level URL so that trackers in embedded documents are not considered first party - return new URL(window.location !== window.parent.location ? document.referrer : document.location.href) - } catch (error) { - return new URL(location.href) - } - } - // private function loadSurrogate (surrogatePattern) { trackers.surrogateList[surrogatePattern]()