Scriptlets/src/scriptlets/prevent-innerHTML.ts at master · AdguardTeam/Scriptlets · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
import {
    hit,
    logMessage,
    toRegExp,
    parseMatchArg,
} from '../helpers';
import { type Source } from './scriptlets';

/**
 * @scriptlet prevent-innerHTML
 *
 * @description
 * Conditionally prevents assignment to `innerHTML` property
 * and can replace the value returned by the getter.
 *
 * Related UBO scriptlet:
 * https://github.com/gorhill/uBlock/wiki/Resources-Library#prevent-innerhtmljs-
 *
 * ### Syntax
 *
 * ```text
 * example.org#%#//scriptlet('prevent-innerHTML'[, selector[, pattern[, replacement]]])
 * ```
 *
 * - `selector` — optional, CSS selector to match element. If not specified, matches all elements.
 * - `pattern` — optional, string or regular expression to match against the assigned/returned value.
 *   Prepend with `!` to invert the match. If not specified, matches all values.
 * - `replacement` — optional, replacement value to return from getter when pattern matches.
 *   If not specified, the getter returns the original value unchanged (setter-only mode).
 *   If specified, enables getter manipulation mode. Possible values:
 *     - empty string — `''`,
 *     - custom text.
 *
 * ### Examples
 *
 * 1. Prevent any `innerHTML` assignment
 *
 *     ```adblock
 *     example.org#%#//scriptlet('prevent-innerHTML')
 *     ```
 *
 * 1. Prevent `innerHTML` assignment on elements matching selector
 *
 *     ```adblock
 *     example.org#%#//scriptlet('prevent-innerHTML', '#ads')
 *     ```
 *
 * 1. Prevent `innerHTML` assignment when the value contains "ad"
 *
 *     ```adblock
 *     example.org#%#//scriptlet('prevent-innerHTML', '', 'ad')
 *     ```
 *
 * 1. Prevent `innerHTML` assignment on specific element when value matches regex
 *
 *     ```adblock
 *     example.org#%#//scriptlet('prevent-innerHTML', 'div.ads', '/banner|sponsor/')
 *     ```
 *
 * 1. Prevent `innerHTML` assignment when value does NOT match pattern (inverted match)
 *
 *     ```adblock
 *     example.org#%#//scriptlet('prevent-innerHTML', '', '!allowed-content')
 *     ```
 *
 * 1. Replace innerHTML getter value with empty string when it contains "delete window"
 *
 *     ```adblock
 *     example.org#%#//scriptlet('prevent-innerHTML', '', 'delete window', '')
 *     ```
 *
 * 1. Replace innerHTML getter value with custom text when pattern matches
 *
 *     ```adblock
 *     example.org#%#//scriptlet('prevent-innerHTML', 'div.code', '/evil-script/', 'safe-replacement')
 *     ```
 *
 * @added v2.2.14.
 */
export function preventInnerHTML(source: Source, selector = '', pattern = '', replacement?: string): void {
    const { isInvertedMatch, matchRegexp } = parseMatchArg(pattern);

    const nativeDescriptor = Object.getOwnPropertyDescriptor(Element.prototype, 'innerHTML');
    if (nativeDescriptor === undefined) {
        return;
    }

    /**
     * Determines whether the innerHTML assignment should be prevented.
     *
     * @param element Element being assigned to.
     * @param value Value being assigned.
     *
     * @returns True if assignment should be prevented.
     */
    const shouldPrevent = (element: Element, value: string): boolean => {
        if (selector !== '') {
            if (typeof element.matches !== 'function') {
                return false;
            }

            try {
                if (element.matches(selector) === false) {
                    return false;
                }
            } catch (e) {
                // Invalid selector, do not prevent
                logMessage(source, `prevent-innerHTML: invalid selector "${selector}"`, true);
                return false;
            }
        }

        const patternMatches = matchRegexp.test(String(value));

        return isInvertedMatch ? !patternMatches : patternMatches;
    };

    Object.defineProperty(Element.prototype, 'innerHTML', {
        configurable: true,
        enumerable: true,
        get() {
            const value = nativeDescriptor.get
                ? nativeDescriptor.get.call(this)
                : nativeDescriptor.value;

            // If replacement is specified, check if we should replace the getter value
            if (replacement !== undefined && shouldPrevent(this, value)) {
                hit(source);
                logMessage(source, 'Replaced innerHTML getter value');
                return replacement;
            }

            return value;
        },
        set(value: string) {
            if (shouldPrevent(this, value)) {
                hit(source);
                logMessage(source, 'Prevented innerHTML assignment');
                return;
            }

            if (nativeDescriptor.set) {
                nativeDescriptor.set.call(this, value);
            }
        },
    });
}

export const preventInnerHTMLNames = [
    'prevent-innerHTML',
    // aliases are needed for matching the related scriptlet converted into our syntax
    'prevent-innerHTML.js',
    'ubo-prevent-innerHTML.js',
    'ubo-prevent-innerHTML',
];

// eslint-disable-next-line prefer-destructuring
preventInnerHTML.primaryName = preventInnerHTMLNames[0];

preventInnerHTML.injections = [
    hit,
    logMessage,
    toRegExp,
    parseMatchArg,
];