From 4256f90aa8d552d603e2e8576c95e8b1db935f82 Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Wed, 13 Jan 2021 14:27:44 -0800 Subject: [PATCH 1/4] add firstparty script for cleaning links on tumblr and tumblr subs --- src/js/firstparties/tumblr.js | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 src/js/firstparties/tumblr.js diff --git a/src/js/firstparties/tumblr.js b/src/js/firstparties/tumblr.js new file mode 100644 index 0000000000..5c990a7017 --- /dev/null +++ b/src/js/firstparties/tumblr.js @@ -0,0 +1,36 @@ +// only observed links with this format out in the wild +let tumblr_links = "a[href^='https://t.umblr.com/redirect?']" + +// reassigns the href and scrubs link of all unnecessary attributes +function unwrapLink(a) { + let href = new URL(a.href).searchParams.get('z'); + if (!window.isURL(href)) { + return; + } + + for (let attr of a.attributes) { + if (!['target', 'class', 'style'].includes(attr.name)) { + a.removeAttribute(attr.name) + } + } + + a.rel = "noreferrer"; + a.href = href; +} + +// main handler to target each link on page and launder them through the unwrapLink func +function unwrapAll() { + document.querySelectorAll(tumblr_links).forEach((a) => { + unwrapLink(a); + }); +} + +chrome.runtime.sendMessage({ + type: "checkEnabled" +}, function (enabled) { + if (!enabled) { + return; + } + unwrapAll(); + setInterval(unwrapAll, 2000); +}); From 7b4d164651d556ec01a95c8aaa2867050583f58d Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Wed, 13 Jan 2021 14:29:00 -0800 Subject: [PATCH 2/4] add tumblr firstparty blob to manifest --- src/manifest.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/manifest.json b/src/manifest.json index 009282adb3..18ae2f7b71 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -461,6 +461,20 @@ "all_frames": true, "run_at": "document_idle" }, + { + "js": [ + "js/firstparties/lib/utils.js", + "js/firstparties/tumblr.js" + ], + "matches": [ + "https://tumblr.com/*", + "http://tumblr.com/*", + "https://*.tumblr.com/*", + "http://*.tumblr.com/*" + ], + "all_frames": true, + "run_at": "document_idle" + }, { "js": [ "js/contentscripts/utils.js", From 2d89cf819e3cc2aa7b3ef33a820930535a2b59fb Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Wed, 13 Jan 2021 14:30:00 -0800 Subject: [PATCH 3/4] fix linting errs --- src/js/firstparties/tumblr.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/js/firstparties/tumblr.js b/src/js/firstparties/tumblr.js index 5c990a7017..0ad3ee751c 100644 --- a/src/js/firstparties/tumblr.js +++ b/src/js/firstparties/tumblr.js @@ -1,5 +1,5 @@ // only observed links with this format out in the wild -let tumblr_links = "a[href^='https://t.umblr.com/redirect?']" +let tumblr_links = "a[href^='https://t.umblr.com/redirect?']"; // reassigns the href and scrubs link of all unnecessary attributes function unwrapLink(a) { @@ -10,7 +10,7 @@ function unwrapLink(a) { for (let attr of a.attributes) { if (!['target', 'class', 'style'].includes(attr.name)) { - a.removeAttribute(attr.name) + a.removeAttribute(attr.name); } } From 9dc43d32bd8816494e080162c8e4b167405d1f97 Mon Sep 17 00:00:00 2001 From: ablanathtanalba Date: Wed, 3 Feb 2021 15:25:11 -0800 Subject: [PATCH 4/4] add test for tumblr link unwrapping firstparty script --- src/tests/tests/firstparties.js | 35 +++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/src/tests/tests/firstparties.js b/src/tests/tests/firstparties.js index 3560e04ddc..df7ed4af38 100644 --- a/src/tests/tests/firstparties.js +++ b/src/tests/tests/firstparties.js @@ -5,6 +5,7 @@ let fb_wrap = 'https://facebook.com/l.php?u=' + destination; let fb_xss = 'https://facebook.com/l.php?u=javascript://bad.site/%250Aalert(1)'; let g_wrap = 'https://www.google.com/url?q=' + destination; let g_ping = '/url?url=' + destination; +let tumblr_wrap = 'https://t.umblr.com/redirect?z=' + destination; function makeLink(href) { let element = document.createElement('a'); @@ -164,4 +165,38 @@ QUnit.test('google search de-instrumentation', (assert) => { fixture.appendChild(util_script); }); +QUnit.test('tumblr link unwrapping', (assert) => { + const NUM_CHECKS = 2, + done = assert.async(); + assert.expect(NUM_CHECKS); + + let fixture = document.getElementById('qunit-fixture'); + let tumblr_link = makeLink(tumblr_wrap); + + // create first-party utility script + let util_script = document.createElement('script'); + util_script.src = '../js/firstparties/lib/utils.js'; + + // create the content script + let tumblr_script = document.createElement('script'); + tumblr_script.src = '../js/firstparties/tumblr.js'; + tumblr_script.onload = function() { + assert.equal(tumblr_link.href, destination, 'unwrapped tumblr link'); + assert.ok(tumblr_link.rel.includes('noreferrer'), + 'added noreferrer to tumblr link'); + + unstub(); + done(); + }; + + // after the utility script has finished loading, add the content script + util_script.onload = function() { + fixture.append(tumblr_script); + }; + + stub([tumblr_link], '/url?'); + fixture.appendChild(tumblr_link); + fixture.appendChild(util_script); +}); + }());