From ed7bb6a3c682d9b6d46a950b2215679bd04a943d Mon Sep 17 00:00:00 2001 From: Alexei Date: Wed, 17 Jul 2024 09:52:02 -0400 Subject: [PATCH] Optimize widget surrogate message frame check For messages from top level frames, and from nested frames that are trivially first party (same scheme and host) to the tab. --- src/js/webrequest.js | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/src/js/webrequest.js b/src/js/webrequest.js index 2b6d2a0285..e15c16cf17 100644 --- a/src/js/webrequest.js +++ b/src/js/webrequest.js @@ -1763,7 +1763,8 @@ function dispatcher(request, sender, sendResponse) { // proxies surrogate script-initiated widget replacement messages // from one content script to another case "widgetFromSurrogate": { - let tab_host = extractHostFromURL(sender.tab.url); + let tab_url = sender.tab.url, + tab_host = extractHostFromURL(tab_url); if (!badger.isPrivacyBadgerEnabled(tab_host)) { break; } @@ -1774,14 +1775,19 @@ function dispatcher(request, sender, sendResponse) { // NOTE: before removing this restriction, investigate // implications of accepting pbSurrogateMessage events // from third-party scripts in nested frames - if (!request.frameUrl.startsWith('https://cdn.embedly.com/')) { - let frame_host = extractHostFromURL(request.frameUrl); - // CNAME uncloaking - if (utils.hasOwn(badger.cnameDomains, frame_host)) { - frame_host = badger.cnameDomains[frame_host]; - } - if (!frame_host || utils.isThirdPartyDomain(frame_host, tab_host)) { - break; + if (sender.frameId > 0) { + if (!request.frameUrl.startsWith('https://cdn.embedly.com/')) { + let tab_scheme = tab_url.slice(0, tab_url.indexOf(tab_host)); + if (!request.frameUrl.startsWith(tab_scheme + tab_host)) { + let frame_host = extractHostFromURL(request.frameUrl); + // CNAME uncloaking + if (utils.hasOwn(badger.cnameDomains, frame_host)) { + frame_host = badger.cnameDomains[frame_host]; + } + if (!frame_host || utils.isThirdPartyDomain(frame_host, tab_host)) { + break; + } + } } }