#2467 closed defect (fixed)
CSS selectors aren't split up correctly after inner quotes
Reported by: | passbrains | Assignee: | sebastian |
---|---|---|---|
Priority: | P3 | Milestone: | Adblock-Plus-1.9-for-Chrome-Opera-Safari |
Module: | Platform | Keywords: | |
Cc: | sebastian, mapx, Ross | Blocked By: | |
Blocking: | Platform: | Chrome | |
Ready: | yes | Confidential: | no |
Tester: | Verified working: | no | |
Review URL(s): |
Description (last modified by Ross)
Adapted from https://www.passbrains.com/dashboard/view-ticket.php?ticket_no=ACH-181
Environment
Windows + 8 64bit + Chrome + English
ABP version 1.8.12.1423
How to reproduce
- Install ABP extension.
- Load website https://www.zopim.com/
- Click on ABP icon and choose 'Block element'. Click on zopimchat displayed in the right bottom of the screen.
- When 'Add filter(s)?' Dialog box is displayed with filter, click on 'Add'.
This is <iframe> element.
In opera, zopim chat is blocked with filters :
zopim.com##iframe[src="javascript:false"]
zopim.com##.zopim
Observed behaviour
zopimchat is not blocked.
Expected behaviour
zopimchat is blocked.
Attachments (2)
Change History (10)
Changed 5 years ago by passbrains
Changed 5 years ago by passbrains
comment:1 Changed 5 years ago by passbrains
comment:2 Changed 5 years ago by Ross
- Description modified (diff)
Actually I might have misunderstood this ticket slightly. If you manually use the filter zopim.com##iframe[src="javascript:false"] it does block it as expected in Opera after page refresh but it does NOT in Chrome.
comment:3 Changed 5 years ago by mapx
- Cc sebastian mapx added
comment:4 Changed 5 years ago by sebastian
- Cc Ross added
- Owner set to sebastian
- Ready set
This website delivers different HTML dependent on the browser. On Opera the element looks like <iframe src="javascript:false">. Hence the filter zopim.com##iframe[src="javascript:false"] is generated and works as expected.
On Chrome however, the element looks like that:
<iframe src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body{height:100%;width:100%;} *{border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box}</style></head><body onload="window.isLoaded = true"></body></html>'), document.close())">
Hence following filter is generated:
zopim.com##iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'), document.close())"]
The reason that this filter doesn't work, is a bug in the code splitting up CSS selectors to add the ::content pseudo selector for shadow DOM. The CSS selector in the filter above is currently transformed like below:
::content iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'), ::content document.close())"]
That is because the current code assumes to be outside of a quoted string, when the comma occurs, hence splitting up the selector there. But merely the inner quoted string (i.e. '<!DOCTYPE html><html>..</html>') was closed, however we are still between the outer double quotes. I realized that the state machine used here forgets about the outer quotes when parsing inner quotes, causing this issue.
comment:5 Changed 5 years ago by sebastian
- Component changed from Unknown to Platform
- Priority changed from Unknown to P3
- Summary changed from Chat is not blocked. to CSS selectors aren't split up correctly after inner quotes
comment:6 Changed 5 years ago by sebastian
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:7 Changed 5 years ago by sebastian
- Milestone set to Customizations-for-Adblock-Plus-next
- Resolution set to fixed
- Status changed from reviewing to closed
comment:8 Changed 4 years ago by sebastian
- Milestone changed from Customizations-for-Adblock-Plus-next to Adblock-Plus-1.9-for-Chrome-Opera-Safari
1 - 07 May 2015 01:09:10 posted by Ross Green
Reproduced as described.
This also occurs as described in Opera 29.0.1795.47 with ABP 1.8.12.1423. Opera doesn't recommend the filters mentioned in the initial reproduction steps and behaves as Chrome does.
ABP 1.8.12.1423
Chrome 42.0.2311.135 / Windows 8.1 x64