Harden scriptlets which need to serialize function code into string · gorhill/uBlock@7823d98 · GitHub | Latest TMZ Celebrity News & Gossip | Watch TMZ Live
Skip to content

Commit 7823d98

Browse files
gorhillgorhill
committed
Harden scriptlets which need to serialize function code into string
Related issue: uBlockOrigin/uBlock-issues#2907
1 parent 5d1618e commit 7823d98

File tree

1 file changed

+14
-4
lines changed

1 file changed

+14
-4
lines changed

assets/resources/scriptlets.js

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,8 @@ function safeSelf() {
4949
const safe = {
5050
'Array_from': Array.from,
5151
'Error': self.Error,
52+
'Function_toStringFn': self.Function.prototype.toString,
53+
'Function_toString': thisArg => safe.Function_toStringFn.call(thisArg),
5254
'Math_floor': Math.floor,
5355
'Math_random': Math.random,
5456
'Object_defineProperty': Object.defineProperty.bind(Object),
@@ -1394,7 +1396,9 @@ function addEventListenerDefuser(
13941396
let type, handler;
13951397
try {
13961398
type = String(args[0]);
1397-
handler = String(args[1]);
1399+
handler = args[1] instanceof Function
1400+
? String(safe.Function_toString(args[1]))
1401+
: String(args[1]);
13981402
} catch(ex) {
13991403
}
14001404
const matchesType = safe.RegExp_test.call(reType, type);
@@ -2004,7 +2008,9 @@ function noRequestAnimationFrameIf(
20042008
const reNeedle = safe.patternToRegex(needle);
20052009
window.requestAnimationFrame = new Proxy(window.requestAnimationFrame, {
20062010
apply: function(target, thisArg, args) {
2007-
const a = String(args[0]);
2011+
const a = args[0] instanceof Function
2012+
? String(safe.Function_toString(args[0]))
2013+
: String(args[0]);
20082014
let defuse = false;
20092015
if ( log !== undefined ) {
20102016
log('uBO: requestAnimationFrame("%s")', a);
@@ -2072,7 +2078,9 @@ function noSetIntervalIf(
20722078
const reNeedle = safe.patternToRegex(needle);
20732079
self.setInterval = new Proxy(self.setInterval, {
20742080
apply: function(target, thisArg, args) {
2075-
const a = String(args[0]);
2081+
const a = args[0] instanceof Function
2082+
? String(safe.Function_toString(args[0]))
2083+
: String(args[0]);
20762084
const b = args[1];
20772085
if ( log !== undefined ) {
20782086
log('uBO: setInterval("%s", %s)', a, b);
@@ -2134,7 +2142,9 @@ function noSetTimeoutIf(
21342142
const reNeedle = safe.patternToRegex(needle);
21352143
self.setTimeout = new Proxy(self.setTimeout, {
21362144
apply: function(target, thisArg, args) {
2137-
const a = String(args[0]);
2145+
const a = args[0] instanceof Function
2146+
? String(safe.Function_toString(args[0]))
2147+
: String(args[0]);
21382148
const b = args[1];
21392149
if ( log !== undefined ) {
21402150
log('uBO: setTimeout("%s", %s)', a, b);

0 commit comments

Comments
 (0)

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.