', 'text/html');
par_elem = par_html.querySelector('div');
} else if (key === 'legacy-ml') {
- par_html = parser.parseFromString(par_key, 'text/html');
+ par_html = parser.parseFromString(DOMPurify.sanitize(par_key), 'text/html');
par_elem = par_html.querySelector('div');
if (!flourish && par_key.includes('flourish.studio')) {
let flourish_script = document.createElement('script');
@@ -1186,7 +1202,7 @@ else if (matchDomain('gva.be')) {
}
} else {
console.log(key + ': ' + par_key);
- par_html = parser.parseFromString('
' + par_key + '
', 'text/html');
+ par_html = parser.parseFromString('
' + DOMPurify.sanitize(par_key) + '
', 'text/html');
par_elem = par_html.querySelector('p');
}
if (!['streamone', 'legacy-ml'].includes(key))
@@ -1266,7 +1282,7 @@ else if (matchDomain(nl_mediahuis_region_domains)) {
par_elem = '';
par_key = par[key];
if (key === 'subhead') {
- par_html = parser.parseFromString('
' + par_key + '
', 'text/html');
+ par_html = parser.parseFromString('
' + DOMPurify.sanitize(par_key) + '
', 'text/html');
par_elem = par_html.querySelector('div');
} else if (key === 'twitter' || key === 'instagram') {
par_elem = document.createElement('a');
@@ -1304,7 +1320,7 @@ else if (matchDomain(nl_mediahuis_region_domains)) {
par_div.innerText += par[key].credit ? '\n' + par[key].credit : '';
par_elem.appendChild(par_div);
} else {
- par_html = parser.parseFromString('
' + par_key + '
', 'text/html');
+ par_html = parser.parseFromString('
' + DOMPurify.sanitize(par_key) + '
', 'text/html');
par_elem = par_html.querySelector('div');
}
if (par_elem)
@@ -1691,7 +1707,7 @@ else if (matchDomain('business-standard.com')) {
json_text = parseHtmlEntities(json_text);
json_text = json_text.replace(/(?:^|[\w\"\'\’])(\.|\?|!)(?=[A-Z\"\”\“\‘\’\'][A-Za-zÀ-ÿ\"\”\“\‘\’\']{1,})/gm, "$&") + '';
let parser = new DOMParser();
- let html = parser.parseFromString('
' + json_text + '
', 'text/html');
+ let html = parser.parseFromString('
' + DOMPurify.sanitize(json_text) + '
', 'text/html');
let article = html.querySelector('div');
if (article) {
let p_content = document.querySelector('span.p-content.paywall');
@@ -1773,7 +1789,7 @@ else if (matchDomain('economictimes.com')) {
if (content && full_text) {
content.innerText = '';
let parser = new DOMParser();
- html = parser.parseFromString('
' + full_text.innerHTML + '
', 'text/html');
+ html = parser.parseFromString('
' + DOMPurify.sanitize(full_text.innerHTML) + '
', 'text/html');
let article = html.querySelector('div');
content.appendChild(article);
removeDOMElement(full_text);
@@ -2090,7 +2106,7 @@ else if (matchDomain('newyorker.com')) {
for (let overlay of overlays) {
let noscript = overlay.querySelector('noscript');
if (noscript && noscript.innerHTML) {
- let html = parser.parseFromString(noscript.innerHTML, 'text/html');
+ let html = parser.parseFromString(DOMPurify.sanitize(noscript.innerHTML), 'text/html');
overlay.appendChild(html.querySelector('img'));
removeDOMElement(noscript);
}
@@ -2114,7 +2130,7 @@ else if (matchDomain('nzherald.co.nz')) {
par_dom;
let parser = new DOMParser();
for (let hidden_par of hidden_pars) {
- let par_html = parser.parseFromString('
' + hidden_par.innerHTML + '
', 'text/html');
+ let par_html = parser.parseFromString('
' + DOMPurify.sanitize(hidden_par.innerHTML) + '
', 'text/html');
let par_dom = par_html.querySelector('div');
article_content.insertBefore(par_dom, hidden_par);
}
@@ -2307,7 +2323,7 @@ else if (matchDomain('techinasia.com')) {
let content = document.querySelector('div.content');
if (json_text && content) {
let parser = new DOMParser();
- let doc = parser.parseFromString('
' + json_text + '
', 'text/html');
+ let doc = parser.parseFromString('
' + DOMPurify.sanitize(json_text) + '
', 'text/html');
let content_new = doc.querySelector('div.content');
content.parentNode.replaceChild(content_new, content);
}
@@ -2593,6 +2609,7 @@ function matchDomain(domains, hostname) {
return matched_domain;
}
+// add domains to manifest (content_scripts - matches)
function replaceDomElementExt(url, proxy, base64, selector, text_fail = '') {
let proxyurl = proxy ? 'https://bpc2-cors-anywhere.herokuapp.com/' : '';
fetch(proxyurl + url, {headers: {"Content-Type": "text/plain", "X-Requested-With": "XMLHttpRequest"} })
@@ -2605,7 +2622,7 @@ function replaceDomElementExt(url, proxy, base64, selector, text_fail = '') {
selector = 'body';
}
let parser = new DOMParser();
- let doc = parser.parseFromString(html, 'text/html');
+ let doc = parser.parseFromString(DOMPurify.sanitize(html), 'text/html');
let article_new = doc.querySelector(selector);
if (article_new) {
if (article)
diff --git a/lib/empty.js b/lib/empty.js
new file mode 100644
index 00000000..e69de29b
diff --git a/lib/purify.min.js b/lib/purify.min.js
new file mode 100644
index 00000000..f7a8a51e
--- /dev/null
+++ b/lib/purify.min.js
@@ -0,0 +1,3 @@
+/*! @license DOMPurify | (c) Cure53 and other contributors | Released under the Apache license 2.0 and Mozilla Public License 2.0 | github.com/cure53/DOMPurify/blob/2.2.2/LICENSE */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self).DOMPurify=t()}(this,(function(){"use strict";var e=Object.hasOwnProperty,t=Object.setPrototypeOf,n=Object.isFrozen,r=Object.getPrototypeOf,o=Object.getOwnPropertyDescriptor,i=Object.freeze,a=Object.seal,l=Object.create,c="undefined"!=typeof Reflect&&Reflect,s=c.apply,u=c.construct;s||(s=function(e,t,n){return e.apply(t,n)}),i||(i=function(e){return e}),a||(a=function(e){return e}),u||(u=function(e,t){return new(Function.prototype.bind.apply(e,[null].concat(function(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t
1?n-1:0),o=1;o/gm),H=a(/^data-[\-\w.\u00B7-\uFFFF]/),j=a(/^aria-[\-\w]+$/),P=a(/^(?:(?:(?:f|ht)tps?|mailto|tel|callto|cid|xmpp):|[^a-z]|[a-z+.\-]+(?:[^a-z+.\-:]|$))/i),B=a(/^(?:\w+script|data):/i),W=a(/[\u0000-\u0020\u00A0\u1680\u180E\u2000-\u2029\u205F\u3000]/g),G="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(e){return typeof e}:function(e){return e&&"function"==typeof Symbol&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e};function q(e){if(Array.isArray(e)){for(var t=0,n=Array(e.length);t0&&void 0!==arguments[0]?arguments[0]:K(),n=function(t){return e(t)};if(n.version="2.2.9",n.removed=[],!t||!t.document||9!==t.document.nodeType)return n.isSupported=!1,n;var r=t.document,o=t.document,a=t.DocumentFragment,l=t.HTMLTemplateElement,c=t.Node,s=t.Element,u=t.NodeFilter,f=t.NamedNodeMap,x=void 0===f?t.NamedNodeMap||t.MozNamedAttrMap:f,Y=t.Text,X=t.Comment,$=t.DOMParser,Z=t.trustedTypes,J=s.prototype,Q=k(J,"cloneNode"),ee=k(J,"nextSibling"),te=k(J,"childNodes"),ne=k(J,"parentNode");if("function"==typeof l){var re=o.createElement("template");re.content&&re.content.ownerDocument&&(o=re.content.ownerDocument)}var oe=V(Z,r),ie=oe&&Ce?oe.createHTML(""):"",ae=o,le=ae.implementation,ce=ae.createNodeIterator,se=ae.createDocumentFragment,ue=r.importNode,fe={};try{fe=S(o).documentMode?o.documentMode:{}}catch(e){}var me={};n.isSupported="function"==typeof ne&&le&&void 0!==le.createHTMLDocument&&9!==fe;var de=z,pe=U,ge=H,he=j,ye=B,ve=W,be=P,Ae=null,Te=w({},[].concat(q(D),q(E),q(R),q(N),q(M))),xe=null,we=w({},[].concat(q(L),q(F),q(I),q(C))),Se=null,ke=null,De=!0,Ee=!0,Re=!1,_e=!1,Ne=!1,Oe=!1,Me=!1,Le=!1,Fe=!1,Ie=!0,Ce=!1,ze=!0,Ue=!0,He=!1,je={},Pe=w({},["annotation-xml","audio","colgroup","desc","foreignobject","head","iframe","math","mi","mn","mo","ms","mtext","noembed","noframes","noscript","plaintext","script","style","svg","template","thead","title","video","xmp"]),Be=null,We=w({},["audio","video","img","source","image","track"]),Ge=null,qe=w({},["alt","class","for","id","label","name","pattern","placeholder","summary","title","value","style","xmlns"]),Ke="http://www.w3.org/1998/Math/MathML",Ve="http://www.w3.org/2000/svg",Ye="http://www.w3.org/1999/xhtml",Xe=Ye,$e=!1,Ze=null,Je=o.createElement("form"),Qe=function(e){Ze&&Ze===e||(e&&"object"===(void 0===e?"undefined":G(e))||(e={}),e=S(e),Ae="ALLOWED_TAGS"in e?w({},e.ALLOWED_TAGS):Te,xe="ALLOWED_ATTR"in e?w({},e.ALLOWED_ATTR):we,Ge="ADD_URI_SAFE_ATTR"in e?w(S(qe),e.ADD_URI_SAFE_ATTR):qe,Be="ADD_DATA_URI_TAGS"in e?w(S(We),e.ADD_DATA_URI_TAGS):We,Se="FORBID_TAGS"in e?w({},e.FORBID_TAGS):{},ke="FORBID_ATTR"in e?w({},e.FORBID_ATTR):{},je="USE_PROFILES"in e&&e.USE_PROFILES,De=!1!==e.ALLOW_ARIA_ATTR,Ee=!1!==e.ALLOW_DATA_ATTR,Re=e.ALLOW_UNKNOWN_PROTOCOLS||!1,_e=e.SAFE_FOR_TEMPLATES||!1,Ne=e.WHOLE_DOCUMENT||!1,Le=e.RETURN_DOM||!1,Fe=e.RETURN_DOM_FRAGMENT||!1,Ie=!1!==e.RETURN_DOM_IMPORT,Ce=e.RETURN_TRUSTED_TYPE||!1,Me=e.FORCE_BODY||!1,ze=!1!==e.SANITIZE_DOM,Ue=!1!==e.KEEP_CONTENT,He=e.IN_PLACE||!1,be=e.ALLOWED_URI_REGEXP||be,Xe=e.NAMESPACE||Ye,_e&&(Ee=!1),Fe&&(Le=!0),je&&(Ae=w({},[].concat(q(M))),xe=[],!0===je.html&&(w(Ae,D),w(xe,L)),!0===je.svg&&(w(Ae,E),w(xe,F),w(xe,C)),!0===je.svgFilters&&(w(Ae,R),w(xe,F),w(xe,C)),!0===je.mathMl&&(w(Ae,N),w(xe,I),w(xe,C))),e.ADD_TAGS&&(Ae===Te&&(Ae=S(Ae)),w(Ae,e.ADD_TAGS)),e.ADD_ATTR&&(xe===we&&(xe=S(xe)),w(xe,e.ADD_ATTR)),e.ADD_URI_SAFE_ATTR&&w(Ge,e.ADD_URI_SAFE_ATTR),Ue&&(Ae["#text"]=!0),Ne&&w(Ae,["html","head","body"]),Ae.table&&(w(Ae,["tbody"]),delete Se.tbody),i&&i(e),Ze=e)},et=w({},["mi","mo","mn","ms","mtext"]),tt=w({},["foreignobject","desc","title","annotation-xml"]),nt=w({},E);w(nt,R),w(nt,_);var rt=w({},N);w(rt,O);var ot=function(e){var t=ne(e);t&&t.tagName||(t={namespaceURI:Ye,tagName:"template"});var n=g(e.tagName),r=g(t.tagName);if(e.namespaceURI===Ve)return t.namespaceURI===Ye?"svg"===n:t.namespaceURI===Ke?"svg"===n&&("annotation-xml"===r||et[r]):Boolean(nt[n]);if(e.namespaceURI===Ke)return t.namespaceURI===Ye?"math"===n:t.namespaceURI===Ve?"math"===n&&tt[r]:Boolean(rt[n]);if(e.namespaceURI===Ye){if(t.namespaceURI===Ve&&!tt[r])return!1;if(t.namespaceURI===Ke&&!et[r])return!1;var o=w({},["title","style","font","a","script"]);return!rt[n]&&(o[n]||!nt[n])}return!1},it=function(e){p(n.removed,{element:e});try{e.parentNode.removeChild(e)}catch(t){try{e.outerHTML=ie}catch(t){e.remove()}}},at=function(e,t){try{p(n.removed,{attribute:t.getAttributeNode(e),from:t})}catch(e){p(n.removed,{attribute:null,from:t})}if(t.removeAttribute(e),"is"===e&&!xe[e])if(Le||Fe)try{it(t)}catch(e){}else try{t.setAttribute(e,"")}catch(e){}},lt=function(e){var t=void 0,n=void 0;if(Me)e=""+e;else{var r=h(e,/^[\r\n\t ]+/);n=r&&r[0]}var i=oe?oe.createHTML(e):e;if(Xe===Ye)try{t=(new $).parseFromString(i,"text/html")}catch(e){}if(!t||!t.documentElement){t=le.createDocument(Xe,"template",null);try{t.documentElement.innerHTML=$e?"":i}catch(e){}}var a=t.body||t.documentElement;return e&&n&&a.insertBefore(o.createTextNode(n),a.childNodes[0]||null),Ne?t.documentElement:a},ct=function(e){return ce.call(e.ownerDocument||e,e,u.SHOW_ELEMENT|u.SHOW_COMMENT|u.SHOW_TEXT,null,!1)},st=function(e){return!(e instanceof Y||e instanceof X)&&!("string"==typeof e.nodeName&&"string"==typeof e.textContent&&"function"==typeof e.removeChild&&e.attributes instanceof x&&"function"==typeof e.removeAttribute&&"function"==typeof e.setAttribute&&"string"==typeof e.namespaceURI&&"function"==typeof e.insertBefore)},ut=function(e){return"object"===(void 0===c?"undefined":G(c))?e instanceof c:e&&"object"===(void 0===e?"undefined":G(e))&&"number"==typeof e.nodeType&&"string"==typeof e.nodeName},ft=function(e,t,r){me[e]&&m(me[e],(function(e){e.call(n,t,r,Ze)}))},mt=function(e){var t=void 0;if(ft("beforeSanitizeElements",e,null),st(e))return it(e),!0;if(h(e.nodeName,/[\u0080-\uFFFF]/))return it(e),!0;var r=g(e.nodeName);if(ft("uponSanitizeElement",e,{tagName:r,allowedTags:Ae}),!ut(e.firstElementChild)&&(!ut(e.content)||!ut(e.content.firstElementChild))&&A(/<[/\w]/g,e.innerHTML)&&A(/<[/\w]/g,e.textContent))return it(e),!0;if(!Ae[r]||Se[r]){if(Ue&&!Pe[r]){var o=ne(e)||e.parentNode,i=te(e)||e.childNodes;if(i&&o)for(var a=i.length-1;a>=0;--a)o.insertBefore(Q(i[a],!0),ee(e))}return it(e),!0}return e instanceof s&&!ot(e)?(it(e),!0):"noscript"!==r&&"noembed"!==r||!A(/<\/no(script|embed)/i,e.innerHTML)?(_e&&3===e.nodeType&&(t=e.textContent,t=y(t,de," "),t=y(t,pe," "),e.textContent!==t&&(p(n.removed,{element:e.cloneNode()}),e.textContent=t)),ft("afterSanitizeElements",e,null),!1):(it(e),!0)},dt=function(e,t,n){if(ze&&("id"===t||"name"===t)&&(n in o||n in Je))return!1;if(Ee&&A(ge,t));else if(De&&A(he,t));else{if(!xe[t]||ke[t])return!1;if(Ge[t]);else if(A(be,y(n,ve,"")));else if("src"!==t&&"xlink:href"!==t&&"href"!==t||"script"===e||0!==v(n,"data:")||!Be[e]){if(Re&&!A(ye,y(n,ve,"")));else if(n)return!1}else;}return!0},pt=function(e){var t=void 0,r=void 0,o=void 0,i=void 0;ft("beforeSanitizeAttributes",e,null);var a=e.attributes;if(a){var l={attrName:"",attrValue:"",keepAttr:!0,allowedAttributes:xe};for(i=a.length;i--;){var c=t=a[i],s=c.name,u=c.namespaceURI;if(r=b(t.value),o=g(s),l.attrName=o,l.attrValue=r,l.keepAttr=!0,l.forceKeepAttr=void 0,ft("uponSanitizeAttribute",e,l),r=l.attrValue,!l.forceKeepAttr&&(at(s,e),l.keepAttr))if(A(/\/>/i,r))at(s,e);else{_e&&(r=y(r,de," "),r=y(r,pe," "));var f=e.nodeName.toLowerCase();if(dt(f,o,r))try{u?e.setAttributeNS(u,s,r):e.setAttribute(s,r),d(n.removed)}catch(e){}}}ft("afterSanitizeAttributes",e,null)}},gt=function e(t){var n=void 0,r=ct(t);for(ft("beforeSanitizeShadowDOM",t,null);n=r.nextNode();)ft("uponSanitizeShadowNode",n,null),mt(n)||(n.content instanceof a&&e(n.content),pt(n));ft("afterSanitizeShadowDOM",t,null)};return n.sanitize=function(e,o){var i=void 0,l=void 0,s=void 0,u=void 0,f=void 0;if(($e=!e)&&(e="\x3c!--\x3e"),"string"!=typeof e&&!ut(e)){if("function"!=typeof e.toString)throw T("toString is not a function");if("string"!=typeof(e=e.toString()))throw T("dirty is not a string, aborting")}if(!n.isSupported){if("object"===G(t.toStaticHTML)||"function"==typeof t.toStaticHTML){if("string"==typeof e)return t.toStaticHTML(e);if(ut(e))return t.toStaticHTML(e.outerHTML)}return e}if(Oe||Qe(o),n.removed=[],"string"==typeof e&&(He=!1),He);else if(e instanceof c)1===(l=(i=lt("\x3c!----\x3e")).ownerDocument.importNode(e,!0)).nodeType&&"BODY"===l.nodeName||"HTML"===l.nodeName?i=l:i.appendChild(l);else{if(!Le&&!_e&&!Ne&&-1===e.indexOf("<"))return oe&&Ce?oe.createHTML(e):e;if(!(i=lt(e)))return Le?null:ie}i&&Me&&it(i.firstChild);for(var m=ct(He?e:i);s=m.nextNode();)3===s.nodeType&&s===u||mt(s)||(s.content instanceof a&>(s.content),pt(s),u=s);if(u=null,He)return e;if(Le){if(Fe)for(f=se.call(i.ownerDocument);i.firstChild;)f.appendChild(i.firstChild);else f=i;return Ie&&(f=ue.call(r,f,!0)),f}var d=Ne?i.outerHTML:i.innerHTML;return _e&&(d=y(d,de," "),d=y(d,pe," ")),oe&&Ce?oe.createHTML(d):d},n.setConfig=function(e){Qe(e),Oe=!0},n.clearConfig=function(){Ze=null,Oe=!1},n.isValidAttribute=function(e,t,n){Ze||Qe({});var r=g(e),o=g(t);return dt(r,o,n)},n.addHook=function(e,t){"function"==typeof t&&(me[e]=me[e]||[],p(me[e],t))},n.removeHook=function(e){me[e]&&d(me[e])},n.removeHooks=function(e){me[e]&&(me[e]=[])},n.removeAllHooks=function(){me={}},n}()}));
+//# sourceMappingURL=purify.min.js.map
\ No newline at end of file
diff --git a/manifest.json b/manifest.json
index 0f17f6a0..d07a5242 100644
--- a/manifest.json
+++ b/manifest.json
@@ -528,5 +528,5 @@
"*://*.wallkit.net/*",
"*://*.wsj.net/*"
],
- "version": "2.2.7.1"
+ "version": "2.2.7.2"
}
\ No newline at end of file