fix multiple response-related scriptlets. #386 #486

AG-28507, AG-40909

Squashed commit of the following:

commit 62c6ef2
Merge: 5a95425 056c175
Author: slvvko <v.leleka@adguard.com>
Date:   Fri Jan 30 09:53:51 2026 -0500

    merge parent branch into current one, resolve conflicts

commit 5a95425
Author: slvvko <v.leleka@adguard.com>
Date:   Fri Jan 30 09:53:00 2026 -0500

    prevent XHR scriptlet bypass via thisArg properties

commit f14d75d
Author: slvvko <v.leleka@adguard.com>
Date:   Thu Jan 29 19:28:28 2026 -0500

    fix changelog

commit c3447af
Author: slvvko <v.leleka@adguard.com>
Date:   Thu Jan 29 19:26:47 2026 -0500

    fix changelog

commit ee4806c
Author: slvvko <v.leleka@adguard.com>
Date:   Thu Jan 29 19:26:05 2026 -0500

    fix xml-prune

commit da017f7
Author: slvvko <v.leleka@adguard.com>
Date:   Thu Jan 29 19:25:51 2026 -0500

    fix trusted-replace-xhr-response

commit 6107e46
Author: slvvko <v.leleka@adguard.com>
Date:   Thu Jan 29 19:25:00 2026 -0500

    fix trusted-replace-fetch-response

Author: slvvko

CHANGELOG.md

@@ -23,11 +23,22 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic
 
 - Anti-adblock detection in `spoof-css` scriptlet
   by using cloaked bound functions instead of Proxies [#422].
+- Response corruption in `trusted-replace-fetch-response` and `trusted-replace-xhr-response`
+  scriptlets when URL pattern matches but content pattern does not [#486].
+- XHR handling in `trusted-replace-xhr-response` and `xml-prune` scriptlets:
+    - added `withCredentials` to forged requests,
+    - fixed duplicate headers when multiple scriptlets are used,
+    - used `ProgressEvent` for `load` and `loadend` events [#486].
+- XHR scriptlet bypass vulnerability in `trusted-replace-xhr-response`,
+  `prevent-xhr`, and `xml-prune` scriptlets where
+  setting `xhr.shouldBePrevented = false` could disable the scriptlet [#386].
 
 [Unreleased]: https://github.com/AdguardTeam/Scriptlets/compare/v2.2.15...HEAD
 [#329]: https://github.com/AdguardTeam/Scriptlets/issues/329
+[#386]: https://github.com/AdguardTeam/Scriptlets/issues/386
 [#422]: https://github.com/AdguardTeam/Scriptlets/issues/422
 [#461]: https://github.com/AdguardTeam/Scriptlets/issues/461
+[#486]: https://github.com/AdguardTeam/Scriptlets/issues/486
 
 ## [v2.2.15] - 2026-01-22
 

src/scriptlets/prevent-xhr.js

@@ -112,6 +112,12 @@ export function preventXHR(source, propsToMatch, customResponseText) {
     const nativeGetResponseHeader = window.XMLHttpRequest.prototype.getResponseHeader;
     const nativeGetAllResponseHeaders = window.XMLHttpRequest.prototype.getAllResponseHeaders;
 
+    // Store matched XHR requests and their data in private structures
+    // to prevent bypass via thisArg property manipulation
+    // https://github.com/AdguardTeam/Scriptlets/issues/386
+    const matchedXhrRequests = new Map();
+    const xhrRequestHeaders = new Map();
+
     let xhrData;
     let modifiedResponse = '';
     let modifiedResponseText = '';
@@ -126,19 +132,21 @@ export function preventXHR(source, propsToMatch, customResponseText) {
             logMessage(source, `xhr( ${objectToString(xhrData)} )`, true);
             hit(source);
         } else if (matchRequestProps(source, propsToMatch, xhrData)) {
-            thisArg.shouldBePrevented = true;
-            // Add xhrData to thisArg to keep original values in case of multiple requests
+            // Store xhrData in map to keep original values in case of multiple requests
             // https://github.com/AdguardTeam/Scriptlets/issues/347
-            thisArg.xhrData = xhrData;
+            matchedXhrRequests.set(thisArg, xhrData);
         }
 
         // Trap setRequestHeader of target xhr object to mimic request headers later;
         // needed for getResponseHeader() and getAllResponseHeaders() methods
-        if (thisArg.shouldBePrevented) {
-            thisArg.collectedHeaders = [];
+        if (matchedXhrRequests.has(thisArg) && !xhrRequestHeaders.has(thisArg)) {
+            xhrRequestHeaders.set(thisArg, []);
             const setRequestHeaderWrapper = (target, thisArg, args) => {
                 // Collect headers
-                thisArg.collectedHeaders.push(args);
+                const headers = xhrRequestHeaders.get(thisArg);
+                if (headers) {
+                    headers.push(args);
+                }
                 return Reflect.apply(target, thisArg, args);
             };
             const setRequestHeaderHandler = {
@@ -152,10 +160,12 @@ export function preventXHR(source, propsToMatch, customResponseText) {
     };
 
     const sendWrapper = (target, thisArg, args) => {
-        if (!thisArg.shouldBePrevented) {
+        if (!matchedXhrRequests.has(thisArg)) {
             return Reflect.apply(target, thisArg, args);
         }
 
+        const storedXhrData = matchedXhrRequests.get(thisArg);
+
         if (thisArg.responseType === 'blob') {
             modifiedResponse = new Blob();
         }
@@ -198,7 +208,7 @@ export function preventXHR(source, propsToMatch, customResponseText) {
                 Object.defineProperties(thisArg, {
                     readyState: { value: 4, writable: false },
                     statusText: { value: 'OK', writable: false },
-                    responseURL: { value: responseURL || thisArg.xhrData.url, writable: false },
+                    responseURL: { value: responseURL || storedXhrData.url, writable: false },
                     responseXML: { value: responseXML, writable: false },
                     status: { value: 200, writable: false },
                     response: { value: modifiedResponse, writable: false },
@@ -237,15 +247,18 @@ export function preventXHR(source, propsToMatch, customResponseText) {
             thisArg.dispatchEvent(loadEndEvent);
         }, 1);
 
-        nativeOpen.apply(forgedRequest, [thisArg.xhrData.method, thisArg.xhrData.url]);
+        nativeOpen.apply(forgedRequest, [storedXhrData.method, storedXhrData.url]);
 
         // Mimic request headers before sending
         // setRequestHeader can only be called on open request objects
-        thisArg.collectedHeaders.forEach((header) => {
+        const collectedHeaders = xhrRequestHeaders.get(thisArg) || [];
+        collectedHeaders.forEach((header) => {
             const name = header[0];
             const value = header[1];
             forgedRequest.setRequestHeader(name, value);
         });
+        // Note: We do NOT delete from xhrRequestHeaders here because
+        // getResponseHeader() and getAllResponseHeaders() need access to the headers later
 
         return undefined;
     };
@@ -260,16 +273,17 @@ export function preventXHR(source, propsToMatch, customResponseText) {
      * @returns {string|null} Header value or null if header is not set.
      */
     const getHeaderWrapper = (target, thisArg, args) => {
-        if (!thisArg.shouldBePrevented) {
+        const collectedHeaders = xhrRequestHeaders.get(thisArg);
+        if (!collectedHeaders) {
             return nativeGetResponseHeader.apply(thisArg, args);
         }
-        if (!thisArg.collectedHeaders.length) {
+        if (!collectedHeaders.length) {
             return null;
         }
         // The search for the header name is case-insensitive
         // https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/getResponseHeader
         const searchHeaderName = args[0].toLowerCase();
-        const matchedHeader = thisArg.collectedHeaders.find((header) => {
+        const matchedHeader = collectedHeaders.find((header) => {
             const headerName = header[0].toLowerCase();
             return headerName === searchHeaderName;
         });
@@ -287,13 +301,14 @@ export function preventXHR(source, propsToMatch, customResponseText) {
      * @returns {string} All headers as a string. For no headers an empty string is returned.
      */
     const getAllHeadersWrapper = (target, thisArg) => {
-        if (!thisArg.shouldBePrevented) {
+        const collectedHeaders = xhrRequestHeaders.get(thisArg);
+        if (!collectedHeaders) {
             return nativeGetAllResponseHeaders.call(thisArg);
         }
-        if (!thisArg.collectedHeaders.length) {
+        if (!collectedHeaders.length) {
             return '';
         }
-        const allHeadersStr = thisArg.collectedHeaders
+        const allHeadersStr = collectedHeaders
             .map((header) => {
                 /**
                  * TODO: array destructuring may be used here

src/scriptlets/trusted-replace-fetch-response.js

@@ -160,12 +160,17 @@ export function trustedReplaceFetchResponse(
         // eslint-disable-next-line prefer-spread
         return nativeFetch.apply(null, args)
             .then((response) => {
-                return response.text()
+                return response.clone().text()
                     .then((bodyText) => {
                         const patternRegexp = pattern === '*'
                             ? /(\n|.)*/
                             : toRegExp(pattern);
 
+                        const isPatternFound = pattern === '*' || patternRegexp.test(bodyText);
+                        if (!isPatternFound) {
+                            return response;
+                        }
+
                         if (shouldLogContent) {
                             logMessage(source, `Original text content: ${bodyText}`);
                         }
@@ -183,7 +188,7 @@ export function trustedReplaceFetchResponse(
                         const fetchDataStr = objectToString(fetchData);
                         const message = `Response body can't be converted to text: ${fetchDataStr}`;
                         logMessage(source, message);
-                        return Reflect.apply(target, thisArg, args);
+                        return response;
                     });
             })
             .catch(() => Reflect.apply(target, thisArg, args));

src/scriptlets/trusted-replace-xhr-response.js

@@ -124,6 +124,12 @@ export function trustedReplaceXhrResponse(source, pattern = '', replacement = ''
     const nativeOpen = window.XMLHttpRequest.prototype.open;
     const nativeSend = window.XMLHttpRequest.prototype.send;
 
+    // Store matched XHR requests and their data in private structures
+    // to prevent bypass via thisArg property manipulation
+    // https://github.com/AdguardTeam/Scriptlets/issues/386
+    const matchedXhrRequests = new Set();
+    const xhrRequestHeaders = new Map();
+
     let xhrData;
 
     const openWrapper = (target, thisArg, args) => {
@@ -139,17 +145,18 @@ export function trustedReplaceXhrResponse(source, pattern = '', replacement = ''
         }
 
         if (matchRequestProps(source, propsToMatch, xhrData)) {
-            thisArg.shouldBePrevented = true;
-            thisArg.headersReceived = !!thisArg.headersReceived;
+            matchedXhrRequests.add(thisArg);
         }
 
         // Trap setRequestHeader of target xhr object to mimic request headers later
-        if (thisArg.shouldBePrevented && !thisArg.headersReceived) {
-            thisArg.headersReceived = true;
-            thisArg.collectedHeaders = [];
+        if (matchedXhrRequests.has(thisArg) && !xhrRequestHeaders.has(thisArg)) {
+            xhrRequestHeaders.set(thisArg, []);
             const setRequestHeaderWrapper = (target, thisArg, args) => {
                 // Collect headers
-                thisArg.collectedHeaders.push(args);
+                const headers = xhrRequestHeaders.get(thisArg);
+                if (headers) {
+                    headers.push(args);
+                }
                 return Reflect.apply(target, thisArg, args);
             };
 
@@ -166,7 +173,7 @@ export function trustedReplaceXhrResponse(source, pattern = '', replacement = ''
     };
 
     const sendWrapper = (target, thisArg, args) => {
-        if (!thisArg.shouldBePrevented) {
+        if (!matchedXhrRequests.has(thisArg)) {
             return Reflect.apply(target, thisArg, args);
         }
 
@@ -176,6 +183,7 @@ export function trustedReplaceXhrResponse(source, pattern = '', replacement = ''
          * listeners on original XHR object
          */
         const forgedRequest = new XMLHttpRequest();
+        forgedRequest.withCredentials = thisArg.withCredentials;
         forgedRequest.addEventListener('readystatechange', () => {
             if (forgedRequest.readyState !== 4) {
                 return;
@@ -201,12 +209,17 @@ export function trustedReplaceXhrResponse(source, pattern = '', replacement = ''
                 ? /(\n|.)*/
                 : toRegExp(pattern);
 
-            if (shouldLogContent) {
-                logMessage(source, `Original text content: ${content}`);
-            }
-            const modifiedContent = content.replace(patternRegexp, replacement);
-            if (shouldLogContent) {
-                logMessage(source, `Modified text content: ${modifiedContent}`);
+            const isPatternFound = pattern === '*' || patternRegexp.test(content);
+
+            let responseContent = content;
+            if (isPatternFound) {
+                if (shouldLogContent) {
+                    logMessage(source, `Original text content: ${content}`);
+                }
+                responseContent = content.replace(patternRegexp, replacement);
+                if (shouldLogContent) {
+                    logMessage(source, `Modified text content: ${responseContent}`);
+                }
             }
 
             // Manually put required values into target XHR object
@@ -218,37 +231,41 @@ export function trustedReplaceXhrResponse(source, pattern = '', replacement = ''
                 responseXML: { value: responseXML, writable: false },
                 status: { value: status, writable: false },
                 statusText: { value: statusText, writable: false },
-                // modified values
-                response: { value: modifiedContent, writable: false },
-                responseText: { value: modifiedContent, writable: false },
+                // modified values only if pattern matched, otherwise original
+                response: { value: responseContent, writable: false },
+                responseText: { value: responseContent, writable: false },
             });
 
             // Mock events
             setTimeout(() => {
                 const stateEvent = new Event('readystatechange');
                 thisArg.dispatchEvent(stateEvent);
 
-                const loadEvent = new Event('load');
+                const loadEvent = new ProgressEvent('load');
                 thisArg.dispatchEvent(loadEvent);
 
-                const loadEndEvent = new Event('loadend');
+                const loadEndEvent = new ProgressEvent('loadend');
                 thisArg.dispatchEvent(loadEndEvent);
             }, 1);
 
-            hit(source);
+            if (isPatternFound) {
+                hit(source);
+            }
         });
 
         nativeOpen.apply(forgedRequest, [xhrData.method, xhrData.url]);
 
         // Mimic request headers before sending
         // setRequestHeader can only be called on open request objects
-        thisArg.collectedHeaders.forEach((header) => {
+        const collectedHeaders = xhrRequestHeaders.get(thisArg) || [];
+        collectedHeaders.forEach((header) => {
             const name = header[0];
             const value = header[1];
 
             forgedRequest.setRequestHeader(name, value);
         });
-        thisArg.collectedHeaders = [];
+        xhrRequestHeaders.delete(thisArg);
+        matchedXhrRequests.delete(thisArg);
 
         try {
             nativeSend.call(forgedRequest, args);

src/scriptlets/xml-prune.js

@@ -294,22 +294,31 @@ export function xmlPrune(source, propsToRemove, optionalProp = '', urlToMatch =
     const nativeOpen = window.XMLHttpRequest.prototype.open;
     const nativeSend = window.XMLHttpRequest.prototype.send;
 
+    // Store matched XHR requests and their data in private structures
+    // to prevent bypass via thisArg property manipulation
+    // https://github.com/AdguardTeam/Scriptlets/issues/386
+    const matchedXhrRequests = new Set();
+    const xhrRequestHeaders = new Map();
+
     let xhrData;
 
     const openWrapper = (target, thisArg, args) => {
         // eslint-disable-next-line prefer-spread
         xhrData = getXhrData.apply(null, args);
 
         if (matchRequestProps(source, urlToMatch, xhrData)) {
-            thisArg.shouldBePruned = true;
+            matchedXhrRequests.add(thisArg);
         }
 
         // Trap setRequestHeader of target xhr object to mimic request headers later
-        if (thisArg.shouldBePruned) {
-            thisArg.collectedHeaders = [];
+        if (matchedXhrRequests.has(thisArg) && !xhrRequestHeaders.has(thisArg)) {
+            xhrRequestHeaders.set(thisArg, []);
             const setRequestHeaderWrapper = (target, thisArg, args) => {
                 // Collect headers
-                thisArg.collectedHeaders.push(args);
+                const headers = xhrRequestHeaders.get(thisArg);
+                if (headers) {
+                    headers.push(args);
+                }
                 return Reflect.apply(target, thisArg, args);
             };
 
@@ -329,7 +338,10 @@ export function xmlPrune(source, propsToRemove, optionalProp = '', urlToMatch =
         const allowedResponseTypeValues = ['', 'text'];
         // Do nothing if request do not match
         // or response type is not a string
-        if (!thisArg.shouldBePruned || !allowedResponseTypeValues.includes(thisArg.responseType)) {
+        if (
+            !matchedXhrRequests.has(thisArg)
+            || !allowedResponseTypeValues.includes(thisArg.responseType)
+        ) {
             return Reflect.apply(target, thisArg, args);
         }
 
@@ -339,6 +351,7 @@ export function xmlPrune(source, propsToRemove, optionalProp = '', urlToMatch =
          * listeners on original XHR object
          */
         const forgedRequest = new XMLHttpRequest();
+        forgedRequest.withCredentials = thisArg.withCredentials;
         forgedRequest.addEventListener('readystatechange', () => {
             if (forgedRequest.readyState !== 4) {
                 return;
@@ -389,26 +402,31 @@ export function xmlPrune(source, propsToRemove, optionalProp = '', urlToMatch =
                 const stateEvent = new Event('readystatechange');
                 thisArg.dispatchEvent(stateEvent);
 
-                const loadEvent = new Event('load');
+                const loadEvent = new ProgressEvent('load');
                 thisArg.dispatchEvent(loadEvent);
 
-                const loadEndEvent = new Event('loadend');
+                const loadEndEvent = new ProgressEvent('loadend');
                 thisArg.dispatchEvent(loadEndEvent);
             }, 1);
-            hit(source);
+
+            if (shouldPruneResponse) {
+                hit(source);
+            }
         });
 
         nativeOpen.apply(forgedRequest, [xhrData.method, xhrData.url]);
 
         // Mimic request headers before sending
         // setRequestHeader can only be called on open request objects
-        thisArg.collectedHeaders.forEach((header) => {
+        const collectedHeaders = xhrRequestHeaders.get(thisArg) || [];
+        collectedHeaders.forEach((header) => {
             const name = header[0];
             const value = header[1];
 
             forgedRequest.setRequestHeader(name, value);
         });
-        thisArg.collectedHeaders = [];
+        xhrRequestHeaders.delete(thisArg);
+        matchedXhrRequests.delete(thisArg);
 
         try {
             nativeSend.call(forgedRequest, args);