#3699 closed change (fixed)
Patch DOM API in order to prevent disabling the injected stylesheet
Reported by: | mapx | Assignee: | sebastian |
---|---|---|---|
Priority: | P3 | Milestone: | Adblock-Plus-1.12-for-Chrome-Opera-Safari |
Module: | Platform | Keywords: | |
Cc: | kzar, greiner, sebastian | Blocked By: | |
Blocking: | Platform: | Chrome | |
Ready: | yes | Confidential: | no |
Tester: | Ross | Verified working: | yes |
Review URL(s): |
Description (last modified by sebastian)
Background
Some websites (e.g. extremetech.com) currently circumvent element hiding by messing (usually disabling) the style sheet we inject in order to hide ads.
We already detect when the <style> is removed from the DOM, in which case we reinject the rules in the last stylesheet by the page itself (#1677). However, MutationObserver or other DOM APIs don't allow for detecting when the stylesheet gets disabled.
But with some effort it's possible to monkey-patch the DOM API in order to intercept code messing with our style sheet.
What to change
Patch the DOM API, ignoring calls that would disable stylesheets or remove their rules.
Change History (14)
comment:1 Changed 4 years ago by mapx
- Description modified (diff)
comment:2 Changed 4 years ago by greiner
comment:3 Changed 4 years ago by mapx
no change adding
||extremetech.com/czc/jst/tblwd_b.js
You have to wait other 10 seconds and the second (bigger) banner will appear.
comment:4 follow-up: ↓ 5 Changed 4 years ago by mapx
"the site is removing ABP's/AdBlock's injected CSS rules, and also disable their injected stylesheets though the StyleSheet.disabled property."
from
https://forums.lanik.us/viewtopic.php?p=89222&sid=f65a416801d5437863eaa89d34aaec15#p89222
comment:5 in reply to: ↑ 4 Changed 4 years ago by sebastian
- Description modified (diff)
- Owner set to sebastian
- Priority changed from Unknown to P3
- Ready set
- Summary changed from extremetech.com css rules / style disabled in chrome ? to Patch DOM API in order to prevent disabling the injected stylesheet
- Type changed from defect to change
Replying to mapx:
I can see (at the top of the page, after the shadow section) using inspect:
style { user agent stylesheet display: none; }Does this mean can't be injected user css rules / stylesheets ?
No, that just means that <style> themselves are generally not visible.
Replying to mapx:
"the site is removing ABP's/AdBlock's injected CSS rules, and also disable their injected stylesheets though the StyleSheet.disabled property."
I can confirm that they disable it. It doesn't seem that they remove it.
Anyway, I think I found a reliable way to tackle that kind of circumvention, it's quite ugly though, see the updated issue description. But given that the practice of messing with our stylesheet becomes increasingly popular, I guess we have to do that.
comment:6 Changed 4 years ago by sebastian
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:7 Changed 4 years ago by sebastian
- Description modified (diff)
comment:8 Changed 4 years ago by abpbot
A commit referencing this issue has landed:
https://hg.adblockplus.org/adblockpluschrome/rev/c65ac6352946
comment:9 Changed 4 years ago by sebastian
- Milestone set to Adblock-Plus-for-Chrome-Opera-Safari-next
- Resolution set to fixed
- Status changed from reviewing to closed
comment:10 Changed 4 years ago by mapx
I tested this page:
http://brb.to/video/serials/i3UEI3z2hoNl73hk0fkTB3q-borodach.html
with 1.11 (or before 1.11.0.1573) the page is responsive, normal CPU.
with the last 1.11.0.1576, the page becomes unresponsive, high CPU.
comment:11 Changed 4 years ago by sebastian
If I remove the code that prevents to "disable" our stylesheet that page load normally, but well the stylesheet can be disabled again. Interestingly, even if I fake HTMLStyleElement.disabled and CSSStyleSheet.disabled in a way that it can still be set to true and return that value as well, but without having any effect, the page still gets CPU usage up to 100%. So in other words, there is nothing we can do to prevent that, while preventing websites from disabling our stylesheet at the same time.
comment:12 Changed 4 years ago by mapx
it's one of these scripts which does all this mess:
asr.dotua.org/fgh.js?*
comment:13 Changed 4 years ago by mapx
anyway (it's only for testing, I don't visit the site)
these filters are working (no high CPU)
brb.to##.l-body-branding-link brb.to##img[src^="data:image"] brb.to##[href^="http://asr.dotua.org"] brb.to##[class*="-universalsmall"] @@||brb.to^$genericblock ||admixer.net^$image,domain=brb.to @@||brb.to^$generichide
comment:14 Changed 4 years ago by Ross
- Tester changed from Unknown to Ross
- Verified working set
Element hiding no longer looks circumvented on extremetech.com.
ABP 1.11.0.1597
Chrome 32 / 44 / 48 / Windows 8
Chrome 44 / Ubuntu 14.04
Chrome 44 / OS X 10.11
I'm currently looking into it. There's definitely a circumvention script by zdbb.net running on the page that tries to mess with us.
However, blocking tblwd_b.js seems so to work as a temporary solution.