Opened on 05/07/2015 at 01:09:25 AM
Closed on 05/07/2015 at 07:01:23 PM
Last modified on 06/12/2015 at 10:02:46 PM
#2467 closed defect (fixed)
CSS selectors aren't split up correctly after inner quotes
Reported by: | passbrains | Assignee: | sebastian |
---|---|---|---|
Priority: | P3 | Milestone: | Adblock-Plus-1.9-for-Chrome-Opera-Safari |
Module: | Platform | Keywords: | |
Cc: | sebastian, mapx, Ross | Blocked By: | |
Blocking: | Platform: | Chrome | |
Ready: | yes | Confidential: | no |
Tester: | Verified working: | no | |
Review URL(s): |
Description (last modified by Ross)
Adapted from https://www.passbrains.com/dashboard/view-ticket.php?ticket_no=ACH-181
Environment
Windows + 8 64bit + Chrome + English
ABP version 1.8.12.1423
How to reproduce
- Install ABP extension.
- Load website https://www.zopim.com/
- Click on ABP icon and choose 'Block element'. Click on zopimchat displayed in the right bottom of the screen.
- When 'Add filter(s)?' Dialog box is displayed with filter, click on 'Add'.
This is <iframe> element.
In opera, zopim chat is blocked with filters :
zopim.com##iframe[src="javascript:false"]
zopim.com##.zopim
Observed behaviour
zopimchat is not blocked.
Expected behaviour
zopimchat is blocked.
Attachments (2)
Change History (10)
Changed on 05/07/2015 at 01:09:29 AM by passbrains
Changed on 05/07/2015 at 01:09:30 AM by passbrains
comment:1 Changed on 05/07/2015 at 01:09:33 AM by passbrains
comment:2 Changed on 05/07/2015 at 01:12:19 AM by Ross
- Description modified (diff)
Actually I might have misunderstood this ticket slightly. If you manually use the filter zopim.com##iframe[src="javascript:false"] it does block it as expected in Opera after page refresh but it does NOT in Chrome.
comment:3 Changed on 05/07/2015 at 08:21:40 AM by mapx
- Cc sebastian mapx added
comment:4 Changed on 05/07/2015 at 03:20:27 PM by sebastian
- Cc Ross added
- Owner set to sebastian
- Ready set
This website delivers different HTML dependent on the browser. On Opera the element looks like <iframe src="javascript:false">. Hence the filter zopim.com##iframe[src="javascript:false"] is generated and works as expected.
On Chrome however, the element looks like that:
<iframe src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body{height:100%;width:100%;} *{border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box}</style></head><body onload="window.isLoaded = true"></body></html>'), document.close())">
Hence following filter is generated:
zopim.com##iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'), document.close())"]
The reason that this filter doesn't work, is a bug in the code splitting up CSS selectors to add the ::content pseudo selector for shadow DOM. The CSS selector in the filter above is currently transformed like below:
::content iframe[src="javascript:void(document.write('<!DOCTYPE html><html><head><style>html,body\7b height:100%;width:100%;\7d *\7b border:0;padding:0;margin:0;box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box\7d </style></head><body onload=\"window.isLoaded = true\"></body></html>'), ::content document.close())"]
That is because the current code assumes to be outside of a quoted string, when the comma occurs, hence splitting up the selector there. But merely the inner quoted string (i.e. '<!DOCTYPE html><html>..</html>') was closed, however we are still between the outer double quotes. I realized that the state machine used here forgets about the outer quotes when parsing inner quotes, causing this issue.
comment:5 Changed on 05/07/2015 at 03:23:40 PM by sebastian
- Component changed from Unknown to Platform
- Priority changed from Unknown to P3
- Summary changed from Chat is not blocked. to CSS selectors aren't split up correctly after inner quotes
comment:6 Changed on 05/07/2015 at 03:25:48 PM by sebastian
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:7 Changed on 05/07/2015 at 07:01:23 PM by sebastian
- Milestone set to Customizations-for-Adblock-Plus-next
- Resolution set to fixed
- Status changed from reviewing to closed
comment:8 Changed on 06/12/2015 at 10:02:46 PM by sebastian
- Milestone changed from Customizations-for-Adblock-Plus-next to Adblock-Plus-1.9-for-Chrome-Opera-Safari
1 - 07 May 2015 01:09:10 posted by Ross Green
Reproduced as described.
This also occurs as described in Opera 29.0.1795.47 with ABP 1.8.12.1423. Opera doesn't recommend the filters mentioned in the initial reproduction steps and behaves as Chrome does.
ABP 1.8.12.1423
Chrome 42.0.2311.135 / Windows 8.1 x64