Replace noscript with javascript content setting

Fix #2671 Follow-up: restore the 'Allow scripts once' functionality Auditors: @bbondy, @bridiver
brave · Jul 28, 2016 · 6b0d144 · bridiver · Jul 28, 2016 · bridiver
1 parent 440e93f
commit 6b0d144
Show file tree

Hide file tree

Showing 9 changed files with 36 additions and 135 deletions.
diff --git a/app/extensions.js b/app/extensions.js
@@ -53,6 +53,7 @@ let generateBraveManifest = () => {
           'content/scripts/adInsertion.js',
           'content/scripts/passwordManager.js',
           'content/scripts/flashListener.js',
+          'content/scripts/noScript.js',
           'content/scripts/themeColor.js'
         ]
       },

diff --git a/app/extensions/brave/content/scripts/noScript.js b/app/extensions/brave/content/scripts/noScript.js
@@ -0,0 +1,11 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+if (chrome.contentSettings.javascript == 'block') {
+  document.querySelectorAll('script').forEach((s) => {
+    // TODO: Send all of these in one IPC call
+    chrome.ipc.sendToHost('scripts-blocked',
+      s.src ? s.src : window.location.href)
+  })
+}
diff --git a/app/index.js b/app/index.js
@@ -30,7 +30,6 @@ const PackageLoader = require('./package-loader')
 const Extensions = require('./extensions')
 const Filtering = require('./filtering')
 const TrackingProtection = require('./trackingProtection')
-const NoScript = require('./noScript')
 const AdBlock = require('./adBlock')
 const HttpsEverywhere = require('./httpsEverywhere')
 const SiteHacks = require('./siteHacks')
@@ -366,7 +365,6 @@ app.on('ready', () => {
     Extensions.init()
     Filtering.init()
     SiteHacks.init()
-    NoScript.init()
     spellCheck.init()
     HttpsEverywhere.init()
     TrackingProtection.init()

diff --git a/app/noScript.js b/app/noScript.js
diff --git a/js/components/frame.js b/js/components/frame.js
@@ -25,7 +25,6 @@ const debounce = require('../lib/debounce.js')
 const getSetting = require('../settings').getSetting
 const settings = require('../constants/settings')
 const FindBar = require('./findbar.js')
-const consoleStrings = require('../constants/console')
 const { aboutUrls, isSourceAboutUrl, isTargetAboutUrl, getTargetAboutUrl, getBaseUrl } = require('../lib/appUrlUtil')
 const { isFrameError } = require('../lib/errorUtil')
 const locale = require('../l10n')
@@ -503,6 +502,11 @@ class Frame extends ImmutableComponent {
             windowActions.setBlockedBy(this.props.frame, 'fingerprintingProtection', description)
           }
           break
+        case messages.SCRIPTS_BLOCKED:
+          method = (src) => {
+            windowActions.setBlockedBy(this.props.frame, 'noScript', src)
+          }
+          break
         case messages.THEME_COLOR_COMPUTED:
           method = (computedThemeColor) =>
             windowActions.setThemeColor(this.props.frame, undefined, computedThemeColor || null)
@@ -737,14 +741,6 @@ class Frame extends ImmutableComponent {
     this.webview.addEventListener('media-paused', ({title}) => {
       windowActions.setAudioPlaybackActive(this.props.frame, false)
     })
-    this.webview.addEventListener('console-message', (e) => {
-      if (this.props.enableNoScript && e.level === 2 &&
-          e.message && e.message.includes(consoleStrings.SCRIPT_BLOCKED)) {
-        // Note that the site was blocked
-        windowActions.setBlockedBy(this.props.frame,
-                                   'noScript', this.getScriptLocation(e.message))
-      }
-    })
     this.webview.addEventListener('did-change-theme-color', ({themeColor}) => {
       // Due to a bug in Electron, after navigating to a page with a theme color
       // to a page without a theme color, the background is sent to us as black
@@ -772,16 +768,6 @@ class Frame extends ImmutableComponent {
     this.webview.addEventListener('mousewheel', this.onMouseWheel.bind(this))
   }
 
-  getScriptLocation (msg) {
-    const defaultMsg = '[Inline script]'
-    if (msg.includes(consoleStrings.EXTERNAL_SCRIPT_BLOCKED)) {
-      let match = /'.+?'/.exec(msg)
-      return match ? match[0].replace(/'/g, '') : defaultMsg
-    } else {
-      return defaultMsg
-    }
-  }
-
   goBack () {
     this.webview.goBack()
   }

diff --git a/js/components/noScriptInfo.js b/js/components/noScriptInfo.js
@@ -50,15 +50,12 @@ class NoScriptInfo extends ImmutableComponent {
       <div>
         <div className='truncate' data-l10n-args={JSON.stringify(l10nArgs)}
           data-l10n-id={this.numberBlocked === 1 ? 'scriptBlocked' : 'scriptsBlocked'} />
-        <div>
-          <Button l10nId='allowScriptsOnce' className='actionButton'
-            onClick={this.onAllowOnce.bind(this)} />
-        </div>
         <div>
         {
+          // TODO: restore the allow-once button
           // TODO: If this is a private tab, this should only allow scripts
           // temporarily. Depends on #1824
-          <Button l10nId='allowScripts' className='subtleButton'
+          <Button l10nId='allow' className='actionButton'
             onClick={this.onAllow.bind(this, false)} />
         }
         </div>

diff --git a/js/constants/console.js b/js/constants/console.js
diff --git a/js/constants/messages.js b/js/constants/messages.js
@@ -68,6 +68,7 @@ const messages = {
   APP_STATE_CHANGE: _,
   STOP_LOAD: _,
   THEME_COLOR_COMPUTED: _,
+  SCRIPTS_BLOCKED: _, /** @arg {string} src */
   HIDE_CONTEXT_MENU: _,
   LEAVE_FULL_SCREEN: _,
   ENTER_FULL_SCREEN: _,

diff --git a/js/state/contentSettings.js b/js/state/contentSettings.js
@@ -79,7 +79,18 @@ const getContentSettingsFromSiteSettings = (appState) => {
       setting: getPasswordManagerEnabled(appState) ? 'allow' : 'block',
       primaryPattern: '*'
     }],
-    javascript: [],
+    javascript: [{
+      setting: braveryDefaults.noScript ? 'block' : 'allow',
+      primaryPattern: '*'
+    }, {
+      setting: 'allow',
+      secondaryPattern: '*',
+      primaryPattern: 'file:///*'
+    }, {
+      setting: 'allow',
+      secondaryPattern: '*',
+      primaryPattern: 'chrome-extension://*'
+    }],
     canvasFingerprinting: [{
       setting: braveryDefaults.fingerprintingProtection ? 'block' : 'allow',
       primaryPattern: '*'
@@ -97,9 +108,10 @@ const getContentSettingsFromSiteSettings = (appState) => {
   let hostSettings = appState.get('siteSettings').toJS()
   for (var hostPattern in hostSettings) {
     let hostSetting = hostSettings[hostPattern]
-    if (hostSetting.noScript) {
-      // TODO(bridiver) - enable this when we support temporary overrides
-      // addContentSettings(contentSettings.javascript, hostPattern)
+    if (typeof hostSetting.noScript === 'boolean') {
+      // TODO: support temporary override
+      addContentSettings(contentSettings.javascript, hostPattern, '*',
+        hostSetting.noScript ? 'block' : 'allow')
     }
     if (hostSetting.cookieControl) {
       if (hostSetting.cookieControl === 'block3rdPartyCookie') {