Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#3699 closed change (fixed)

Patch DOM API in order to prevent disabling the injected stylesheet

Reported by: mapx Assignee: sebastian
Priority: P3 Milestone: Adblock-Plus-1.12-for-Chrome-Opera-Safari
Module: Platform Keywords:
Cc: kzar, greiner, sebastian Blocked By:
Blocking: Platform: Chrome
Ready: yes Confidential: no
Tester: Ross Verified working: yes
Review URL(s):

https://codereview.adblockplus.org/29338588

Description (last modified by sebastian)

Background

Some websites (e.g. extremetech.com) currently circumvent element hiding by messing (usually disabling) the style sheet we inject in order to hide ads.

We already detect when the <style> is removed from the DOM, in which case we reinject the rules in the last stylesheet by the page itself (#1677). However, MutationObserver or other DOM APIs don't allow for detecting when the stylesheet gets disabled.

But with some effort it's possible to monkey-patch the DOM API in order to intercept code messing with our style sheet.

What to change

Patch the DOM API, ignoring calls that would disable stylesheets or remove their rules.

Change History (14)

comment:1 Changed 3 years ago by mapx

  • Description modified (diff)

comment:2 Changed 3 years ago by greiner

I'm currently looking into it. There's definitely a circumvention script by zdbb.net running on the page that tries to mess with us.

However, blocking tblwd_b.js seems so to work as a temporary solution.

comment:3 Changed 3 years ago by mapx

no change adding

||extremetech.com/czc/jst/tblwd_b.js

You have to wait other 10 seconds and the second (bigger) banner will appear.

comment:4 follow-up: Changed 3 years ago by mapx

"the site is removing ABP's/AdBlock's injected CSS rules, and also disable their injected stylesheets though the StyleSheet.disabled property."

from
https://forums.lanik.us/viewtopic.php?p=89222&sid=f65a416801d5437863eaa89d34aaec15#p89222

comment:5 in reply to: ↑ 4 Changed 3 years ago by sebastian

  • Description modified (diff)
  • Owner set to sebastian
  • Priority changed from Unknown to P3
  • Ready set
  • Summary changed from extremetech.com css rules / style disabled in chrome ? to Patch DOM API in order to prevent disabling the injected stylesheet
  • Type changed from defect to change

Replying to mapx:

I can see (at the top of the page, after the shadow section) using inspect:

style {                 user agent stylesheet

    display: none;
}

Does this mean can't be injected user css rules / stylesheets ?

No, that just means that <style> themselves are generally not visible.

Replying to mapx:

"the site is removing ABP's/AdBlock's injected CSS rules, and also disable their injected stylesheets though the StyleSheet.disabled property."

I can confirm that they disable it. It doesn't seem that they remove it.

Anyway, I think I found a reliable way to tackle that kind of circumvention, it's quite ugly though, see the updated issue description. But given that the practice of messing with our stylesheet becomes increasingly popular, I guess we have to do that.

comment:6 Changed 3 years ago by sebastian

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:7 Changed 3 years ago by sebastian

  • Description modified (diff)

comment:8 Changed 3 years ago by abpbot

A commit referencing this issue has landed:
https://hg.adblockplus.org/adblockpluschrome/rev/c65ac6352946

comment:9 Changed 3 years ago by sebastian

  • Milestone set to Adblock-Plus-for-Chrome-Opera-Safari-next
  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:10 Changed 3 years ago by mapx

I tested this page:
http://brb.to/video/serials/i3UEI3z2hoNl73hk0fkTB3q-borodach.html

with 1.11 (or before 1.11.0.1573) the page is responsive, normal CPU.

with the last 1.11.0.1576, the page becomes unresponsive, high CPU.

Last edited 3 years ago by mapx (previous) (diff)

comment:11 Changed 3 years ago by sebastian

If I remove the code that prevents to "disable" our stylesheet that page load normally, but well the stylesheet can be disabled again. Interestingly, even if I fake HTMLStyleElement.disabled and CSSStyleSheet.disabled in a way that it can still be set to true and return that value as well, but without having any effect, the page still gets CPU usage up to 100%. So in other words, there is nothing we can do to prevent that, while preventing websites from disabling our stylesheet at the same time.

comment:12 Changed 3 years ago by mapx

it's one of these scripts which does all this mess:
asr.dotua.org/fgh.js?*

comment:13 Changed 3 years ago by mapx

anyway (it's only for testing, I don't visit the site)

these filters are working (no high CPU)

brb.to##.l-body-branding-link
brb.to##img[src^="data:image"]
brb.to##[href^="http://asr.dotua.org"]
brb.to##[class*="-universalsmall"]
@@||brb.to^$genericblock
||admixer.net^$image,domain=brb.to
@@||brb.to^$generichide

comment:14 Changed 3 years ago by Ross

  • Tester changed from Unknown to Ross
  • Verified working set

Element hiding no longer looks circumvented on extremetech.com.

ABP 1.11.0.1597
Chrome 32 / 44 / 48 / Windows 8
Chrome 44 / Ubuntu 14.04
Chrome 44 / OS X 10.11

Note: See TracTickets for help on using tickets.