Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#2467 closed defect (fixed)

CSS selectors aren't split up correctly after inner quotes

Reported by: passbrains Assignee: sebastian
Priority: P3 Milestone: Adblock-Plus-1.9-for-Chrome-Opera-Safari
Module: Platform Keywords:
Cc: sebastian, mapx, Ross Blocked By:
Blocking: Platform: Chrome
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):

http://codereview.adblockplus.org/5663214012465152

Description (last modified by Ross)

Adapted from https://www.passbrains.com/dashboard/view-ticket.php?ticket_no=ACH-181

Environment

Windows + 8 64bit + Chrome + English
ABP version 1.8.12.1423

How to reproduce

  1. Install ABP extension.
  2. Load website https://www.zopim.com/
  3. Click on ABP icon and choose 'Block element'. Click on zopimchat displayed in the right bottom of the screen.
  4. When 'Add filter(s)?' Dialog box is displayed with filter,  click on 'Add'. 

This is <iframe> element.

In opera, zopim chat is blocked with filters :
zopim.com##iframe[src="javascript:false"]
zopim.com##.zopim

Observed behaviour

zopimchat is not blocked.

Expected behaviour

zopimchat is blocked.

Attachments (2)

3766_1430211584_chromeChat.png (244.2 KB) - added by passbrains 5 years ago.
3766_1430211941_chatFilter.png (181.5 KB) - added by passbrains 5 years ago.

Download all attachments as: .zip

Change History (10)

Changed 5 years ago by passbrains

Changed 5 years ago by passbrains

comment:1 Changed 5 years ago by passbrains

1 - 07 May 2015 01:09:10 posted by Ross Green
Reproduced as described.

This also occurs as described in Opera 29.0.1795.47 with ABP 1.8.12.1423. Opera doesn't recommend the filters mentioned in the initial reproduction steps and behaves as Chrome does.

ABP 1.8.12.1423
Chrome 42.0.2311.135 / Windows 8.1 x64

comment:2 Changed 5 years ago by Ross

  • Description modified (diff)

Actually I might have misunderstood this ticket slightly. If you manually use the filter zopim.com##iframe[src="javascript:false"] it does block it as expected in Opera after page refresh but it does NOT in Chrome.

comment:3 Changed 5 years ago by mapx

  • Cc sebastian mapx added

comment:4 Changed 5 years ago by sebastian

  • Cc Ross added
  • Owner set to sebastian
  • Ready set

This website delivers different HTML dependent on the browser. On Opera the element looks like <iframe src="javascript:false">. Hence the filter zopim.com##iframe[src="javascript:false"] is generated and works as expected.

On Chrome however, the element looks like that:

<iframe src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body{height:100%;width:100%;} *{border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box}</style></head><body onload="window.isLoaded = true"></body></html>'), document.close())">

Hence following filter is generated:

zopim.com##iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d  *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'), document.close())"]

The reason that this filter doesn't work, is a bug in the code splitting up CSS selectors to add the ::content pseudo selector for shadow DOM. The CSS selector in the filter above is currently transformed like below:

::content iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d  *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'),
::content document.close())"]

That is because the current code assumes to be outside of a quoted string, when the comma occurs, hence splitting up the selector there. But merely the inner quoted string (i.e. '<!DOCTYPE html><html>..</html>') was closed, however we are still between the outer double quotes. I realized that the state machine used here forgets about the outer quotes when parsing inner quotes, causing this issue.

comment:5 Changed 5 years ago by sebastian

  • Component changed from Unknown to Platform
  • Priority changed from Unknown to P3
  • Summary changed from Chat is not blocked. to CSS selectors aren't split up correctly after inner quotes

comment:6 Changed 5 years ago by sebastian

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:7 Changed 5 years ago by sebastian

  • Milestone set to Customizations-for-Adblock-Plus-next
  • Resolution set to fixed
  • Status changed from reviewing to closed

https://hg.adblockplus.org/adblockpluschrome/rev/2aedd44c6585

comment:8 Changed 4 years ago by sebastian

  • Milestone changed from Customizations-for-Adblock-Plus-next to Adblock-Plus-1.9-for-Chrome-Opera-Safari
Note: See TracTickets for help on using tickets.