Opened on 05/07/2015 at 01:09:25 AM

Closed on 05/07/2015 at 07:01:23 PM

Last modified on 06/12/2015 at 10:02:46 PM

#2467 closed defect (fixed)

CSS selectors aren't split up correctly after inner quotes

Reported by: passbrains Assignee: sebastian
Priority: P3 Milestone: Adblock-Plus-1.9-for-Chrome-Opera-Safari
Module: Platform Keywords:
Cc: sebastian, mapx, Ross Blocked By:
Blocking: Platform: Chrome
Ready: yes Confidential: no
Tester: Verified working: no
Review URL(s):

http://codereview.adblockplus.org/5663214012465152

Description (last modified by Ross)

Adapted from https://www.passbrains.com/dashboard/view-ticket.php?ticket_no=ACH-181

Environment

Windows + 8 64bit + Chrome + English
ABP version 1.8.12.1423

How to reproduce

  1. Install ABP extension.
  2. Load website https://www.zopim.com/
  3. Click on ABP icon and choose 'Block element'. Click on zopimchat displayed in the right bottom of the screen.
  4. When 'Add filter(s)?' Dialog box is displayed with filter,  click on 'Add'. 

This is <iframe> element.

In opera, zopim chat is blocked with filters :
zopim.com##iframe[src="javascript:false"]
zopim.com##.zopim

Observed behaviour

zopimchat is not blocked.

Expected behaviour

zopimchat is blocked.

Attachments (2)

3766_1430211584_chromeChat.png (244.2 KB) - added by passbrains on 05/07/2015 at 01:09:29 AM.
3766_1430211941_chatFilter.png (181.5 KB) - added by passbrains on 05/07/2015 at 01:09:30 AM.

Download all attachments as: .zip

Change History (10)

Changed on 05/07/2015 at 01:09:29 AM by passbrains

Changed on 05/07/2015 at 01:09:30 AM by passbrains

comment:1 Changed on 05/07/2015 at 01:09:33 AM by passbrains

1 - 07 May 2015 01:09:10 posted by Ross Green
Reproduced as described.

This also occurs as described in Opera 29.0.1795.47 with ABP 1.8.12.1423. Opera doesn't recommend the filters mentioned in the initial reproduction steps and behaves as Chrome does.

ABP 1.8.12.1423
Chrome 42.0.2311.135 / Windows 8.1 x64

comment:2 Changed on 05/07/2015 at 01:12:19 AM by Ross

  • Description modified (diff)

Actually I might have misunderstood this ticket slightly. If you manually use the filter zopim.com##iframe[src="javascript:false"] it does block it as expected in Opera after page refresh but it does NOT in Chrome.

comment:3 Changed on 05/07/2015 at 08:21:40 AM by mapx

  • Cc sebastian mapx added

comment:4 Changed on 05/07/2015 at 03:20:27 PM by sebastian

  • Cc Ross added
  • Owner set to sebastian
  • Ready set

This website delivers different HTML dependent on the browser. On Opera the element looks like <iframe src="javascript:false">. Hence the filter zopim.com##iframe[src="javascript:false"] is generated and works as expected.

On Chrome however, the element looks like that:

<iframe src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body{height:100%;width:100%;} *{border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box}</style></head><body onload="window.isLoaded = true"></body></html>'), document.close())">

Hence following filter is generated:

zopim.com##iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d  *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'), document.close())"]

The reason that this filter doesn't work, is a bug in the code splitting up CSS selectors to add the ::content pseudo selector for shadow DOM. The CSS selector in the filter above is currently transformed like below:

::content iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d  *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'),
::content document.close())"]

That is because the current code assumes to be outside of a quoted string, when the comma occurs, hence splitting up the selector there. But merely the inner quoted string (i.e. '<!DOCTYPE html><html>..</html>') was closed, however we are still between the outer double quotes. I realized that the state machine used here forgets about the outer quotes when parsing inner quotes, causing this issue.

comment:5 Changed on 05/07/2015 at 03:23:40 PM by sebastian

  • Component changed from Unknown to Platform
  • Priority changed from Unknown to P3
  • Summary changed from Chat is not blocked. to CSS selectors aren't split up correctly after inner quotes

comment:6 Changed on 05/07/2015 at 03:25:48 PM by sebastian

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:7 Changed on 05/07/2015 at 07:01:23 PM by sebastian

  • Milestone set to Customizations-for-Adblock-Plus-next
  • Resolution set to fixed
  • Status changed from reviewing to closed

https://hg.adblockplus.org/adblockpluschrome/rev/2aedd44c6585

comment:8 Changed on 06/12/2015 at 10:02:46 PM by sebastian

  • Milestone changed from Customizations-for-Adblock-Plus-next to Adblock-Plus-1.9-for-Chrome-Opera-Safari

Add Comment

Modify Ticket

Change Properties
Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from sebastian.
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.