Disable CSS blink-feature support: disables the possibility of using …

…the internal css function blink-feature() the function is not currently exposed to websites but is only allowed for testing. disabled as it is an advanced fingerprinting mechanism. also fixed the possibility of using internal selectors (-internal-*) for speculation rules.
uazo · Jul 30, 2024 · ed56703 · ed56703
1 parent da60013
commit ed56703
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/build/patches/Disable-CSS-blink-feature-support.patch b/build/patches/Disable-CSS-blink-feature-support.patch
@@ -0,0 +1,40 @@
+From: uazo <uazo@users.noreply.github.com>
+Date: Mon, 29 Jul 2024 06:48:25 +0000
+Subject: Disable CSS blink-feature support
+
+the function is not currently exposed to websites but is only allowed for testing.
+disabled as it is an potentially advanced fingerprinting mechanism.
+also fixed the possibility of using internal selectors for speculation rules.
+see https://chromium-review.googlesource.com/c/chromium/src/+/5540782
+
+License: GPL-2.0-or-later - https://spdx.org/licenses/GPL-2.0-or-later.html
+---
+ .../blink/renderer/core/css/parser/css_supports_parser.cc       | 2 +-
+ .../renderer/core/speculation_rules/document_rule_predicate.cc  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/third_party/blink/renderer/core/css/parser/css_supports_parser.cc b/third_party/blink/renderer/core/css/parser/css_supports_parser.cc
+--- a/third_party/blink/renderer/core/css/parser/css_supports_parser.cc
++++ b/third_party/blink/renderer/core/css/parser/css_supports_parser.cc
+@@ -322,7 +322,7 @@ CSSSupportsParser::Result CSSSupportsParser::ConsumeBlinkFeatureFn(
+       stream.ConsumeUntilPeekedTypeIs<kRightParenthesisToken>();
+   return RuntimeEnabledFeatures::IsFeatureEnabledFromString(
+              feature_name_block.Peek().Value().Utf8())
+-             ? Result::kSupported
++             ? Result::kUnsupported
+              : Result::kUnsupported;
+ }
+
+diff --git a/third_party/blink/renderer/core/speculation_rules/document_rule_predicate.cc b/third_party/blink/renderer/core/speculation_rules/document_rule_predicate.cc
+--- a/third_party/blink/renderer/core/speculation_rules/document_rule_predicate.cc
++++ b/third_party/blink/renderer/core/speculation_rules/document_rule_predicate.cc
+@@ -604,7 +604,7 @@ DocumentRulePredicate* DocumentRulePredicate::Parse(
+     HeapVector<Member<StyleRule>> selectors;
+     HeapVector<CSSSelector> arena;
+     CSSPropertyValueSet* empty_properties =
+-        ImmutableCSSPropertyValueSet::Create(nullptr, 0, kUASheetMode);
++        ImmutableCSSPropertyValueSet::Create(nullptr, 0, kHTMLStandardMode);
+     CSSParserContext* css_parser_context =
+         MakeGarbageCollected<CSSParserContext>(*execution_context);
+     for (auto* raw_selector : raw_selectors) {
+--