Skip to content

Commit 589fc81

Browse files
ladamskiladamski@duckduckgo.com
ladamski
and
[email protected]
authored
fix (#204)
Co-authored-by: [email protected] <[email protected]>
1 parent d793f98 commit 589fc81

File tree

11 files changed

+79
-13
lines changed

11 files changed

+79
-13
lines changed

Sources/ContentScopeScripts/dist/contentScope.js

+7-1
Original file line numberDiff line numberDiff line change
@@ -1428,6 +1428,11 @@
14281428
// eslint-disable-next-line no-global-assign
14291429
let globalObj = typeof window === 'undefined' ? globalThis : window;
14301430
let Error$1 = globalObj.Error;
1431+
let messageSecret;
1432+
1433+
function registerMessageSecret (secret) {
1434+
messageSecret = secret;
1435+
}
14311436

14321437
function getDataKeySync (sessionKey, domainKey, inputData) {
14331438
// eslint-disable-next-line new-cap
@@ -1818,7 +1823,7 @@
18181823

18191824
function sendMessage (messageType, options) {
18201825
// FF & Chrome
1821-
return window.dispatchEvent(createCustomEvent('sendMessage', { detail: { messageType, options } }))
1826+
return window.dispatchEvent(createCustomEvent('sendMessage' + messageSecret, { detail: { messageType, options } }))
18221827
// TBD other platforms
18231828
}
18241829

@@ -1899,6 +1904,7 @@
18991904
if (!shouldRun()) {
19001905
return
19011906
}
1907+
registerMessageSecret(args.messageSecret);
19021908
initStringExemptionLists(args);
19031909
const resolvedFeatures = await Promise.all(features);
19041910
resolvedFeatures.forEach(({ init, featureName }) => {

build/android/contentScope.js

+7-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

build/chrome-mv3/inject.js

+7-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

build/chrome/inject.js

+6-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

build/firefox/inject.js

+16-2
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

build/integration/contentScope.js

+7-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

build/windows/contentScope.js

+7-1
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

inject/chrome.js

+5-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,9 @@
11
/**
22
* Inject all the overwrites into the page.
33
*/
4+
5+
const messageSecret = randomString()
6+
47
function inject (code) {
58
const elem = document.head || document.documentElement
69
// Inject into main page
@@ -92,6 +95,7 @@ function init () {
9295
}
9396
})
9497
}
98+
message.messageSecret = messageSecret
9599
const stringifiedArgs = JSON.stringify(message)
96100
const callRandomFunction = `
97101
window.${randomMethodName}('${randomPassword}', ${stringifiedArgs});
@@ -110,7 +114,7 @@ function init () {
110114
}
111115
})
112116

113-
window.addEventListener('sendMessage', (m) => {
117+
window.addEventListener('sendMessage' + messageSecret, (m) => {
114118
const messageType = m.detail.messageType
115119
chrome.runtime.sendMessage(m && m.detail, response => {
116120
const msg = { type: messageType, response }

inject/mozilla.js

+9-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,12 @@
11
/* global contentScopeFeatures */
22

3+
const messageSecret = randomString()
4+
5+
function randomString () {
6+
const num = crypto.getRandomValues(new Uint32Array(1))[0] / 2 ** 32
7+
return num.toString().replace('0.', '')
8+
}
9+
310
function init () {
411
contentScopeFeatures.load({
512
platform: {
@@ -28,6 +35,7 @@ function init () {
2835
}
2936
})
3037
}
38+
message.messageSecret = messageSecret
3139
contentScopeFeatures.init(message)
3240
})
3341

@@ -38,7 +46,7 @@ function init () {
3846
}
3947
})
4048

41-
window.addEventListener('sendMessage', (m) => {
49+
window.addEventListener('sendMessage' + messageSecret, (m) => {
4250
const messageType = m.detail.messageType
4351
chrome.runtime.sendMessage(m && m.detail, response => {
4452
const msg = { type: messageType, response }

src/content-scope-features.js

+2-1
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
import { initStringExemptionLists, isFeatureBroken } from './utils'
1+
import { initStringExemptionLists, isFeatureBroken, registerMessageSecret } from './utils'
22

33
function shouldRun () {
44
// don't inject into non-HTML documents (such as XML documents)
@@ -56,6 +56,7 @@ export async function init (args) {
5656
if (!shouldRun()) {
5757
return
5858
}
59+
registerMessageSecret(args.messageSecret)
5960
initStringExemptionLists(args)
6061
const resolvedFeatures = await Promise.all(features)
6162
resolvedFeatures.forEach(({ init, featureName }) => {

src/utils.js

+6-1
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ import { sjcl } from '../lib/sjcl.js'
55
// eslint-disable-next-line no-global-assign
66
let globalObj = typeof window === 'undefined' ? globalThis : window
77
let Error = globalObj.Error
8+
let messageSecret
9+
10+
export function registerMessageSecret (secret) {
11+
messageSecret = secret
12+
}
813

914
/**
1015
* Used for testing to override the globals used within this file.
@@ -501,6 +506,6 @@ export function createCustomEvent (eventName, eventDetail) {
501506

502507
export function sendMessage (messageType, options) {
503508
// FF & Chrome
504-
return window.dispatchEvent(createCustomEvent('sendMessage', { detail: { messageType, options } }))
509+
return window.dispatchEvent(createCustomEvent('sendMessage' + messageSecret, { detail: { messageType, options } }))
505510
// TBD other platforms
506511
}

0 commit comments

Comments
 (0)