Opened 3 years ago

Last modified 3 years ago

#4866 closed defect

Possible regression in dev-version of ABP for Chrome on sibnet.ru — at Version 12

Reported by: Lain_13 Assignee:
Priority: P1 Milestone: Adblock-Plus-1.13-for-Chrome-Opera
Module: Platform Keywords:
Cc: kzar, mapx, sebastian, trev, Ross, rraceanu Blocked By:
Blocking: Platform: Chrome
Ready: yes Confidential: no
Tester: Ross Verified working: yes
Review URL(s):

https://codereview.adblockplus.org/29377728/

Description (last modified by kzar)

Environment

Adblock Plus development build 1.12.4.1725
Google Chrome 56.0.2924.87 (Official Build) (64-bit)

Issue doesn't reproduce on:
Adblock Plus 1.12.4

How to reproduce

  1. Add RU AdList filters.
  2. Add whitelist (to disable hiding filters):
    #@#.da_adp_teaser
    #@#.directadvert-block
    sibnet.ru#@#.header__topline
    
  3. Open http://sibnet.ru and wait 1 second

Observed behaviour

Ads appears at the top of the page.

Expected behaviour

Ads blocked.

Extra

I've attached partially de-obfuscated code which they use to show these ads.

Change History (13)

Changed 3 years ago by Lain_13

Partially deobfuscated sibnet.ru code

comment:1 Changed 3 years ago by mapx

  • Cc kzar mapx added

comment:2 Changed 3 years ago by Lain_13

BTW, with stable ABP I see 2 error messages:

www.sibnet.ru/:205 Refused to create a worker from 'blob:http://www.sibnet.ru/0eaad1cc-4776-4fbd-b9d1-ec0ce86e8f1f' because it violates the following Content Security Policy directive: "child-src http: https:".

_0x7203x16.(anonymous function) @ www.sibnet.ru/:205
www.sibnet.ru/:205 Uncaught DOMException: Failed to construct 'SharedWorker': Access to the script at 'blob:http://www.sibnet.ru/0eaad1cc-4776-4fbd-b9d1-ec0ce86e8f1f' is denied by the document's Content Security Policy.
    at HTMLScriptElement._0x7203x16.(anonymous function) (http://www.sibnet.ru/:205:5774)

They doesn't appear with dev version. WS connection doesn't appear either, though. Probably due to being initiated from a SharedWorked which doesn't belong to any specific page.

comment:3 Changed 3 years ago by kzar

  • Cc sebastian added
  • Component changed from Unknown to Platform
  • Description modified (diff)

I can't reproduce this as described with Chrome Version 56.0.2924.87 (64-bit) and Adblock Plus built from current master. Are there any steps to reproduce that I'm missing?

(Sounds like it might have been either caused by the change in #4770, or a duplicate of #4807 which is still waiting review.)

comment:4 follow-up: Changed 3 years ago by Lain_13

Try to use RuAdList+EasyList in case you used RU AdList only. I expected it to be there by default.

According to changelog #4807 is not yet included in the dev build 1.12.4.1725. #4770 looks like a likely culprit to me. Especially because child-src were dropped (even though it still works) frame-src doesn't cover workers and worker-src isn't supported yet and wasn't implemented. It clearly leaves workers free from being blocked by CSP.

Not sure why you can't reproduce it, though. As I understand CSP in #4807 is only applied to actual scripts loaded from the web. Am I wrong and it's applied to blobs as well? In that case it's the reason why connection is blocked in the master build and we won't need worker-src support at all and can leave #4770 as-is.

BTW, I'd really like to see #4807 in the public dev builds.

Last edited 3 years ago by Lain_13 (previous) (diff)

comment:5 in reply to: ↑ 4 Changed 3 years ago by kzar

Replying to Lain_13:

Try to use RuAdList+EasyList in case you used RU AdList only. I expected it to be there > by default.

Yes, I'm using that. Still not able to reproduce this problem however :/

BTW, I'd really like to see #4807 in the public dev builds.

Yea me too, but it's currently blocked by review unfortunately.

comment:6 follow-up: Changed 3 years ago by Lain_13

I think to reproduce you have to use the same build as I am. I mean publicly available dev build. As I understand your build includes #4807 and something else.

I've tried to apply change done in #4807 locally, but it doesn't seem to work here even though it works fine at pesnik.su. Well, looks like this CSP isn't applied to blobs after all and have nothing to do with the regression I experience.

Last edited 3 years ago by Lain_13 (previous) (diff)

comment:7 Changed 3 years ago by Lain_13

Dimisa reported similar issue to uBO since it also was affected and gorhill fixed it somehow: https://github.com/gorhill/uBlock/commit/a742f09dd4ba37d748c962bed171ddd84bf046ea
Not sure if it would be helpful in any way in this case.

comment:8 in reply to: ↑ 6 Changed 3 years ago by kzar

Replying to Lain_13:

As I understand your build includes #4807 and something else.

No it doesn't.

I'll try again to reproduce this when I get a chance but so far I'm still not able to.

comment:9 Changed 3 years ago by Lain_13

I've tested this on latest version of Vivaldi browser: 1.7.735.46 (Stable channel) (32-bit)
without any additional extensions and/or user scripts to make sure it isn't due to some interference from a third-party extension or my script. I got exactly the same results. With stable ABP versions ads are blocked. With dev-build - shared workers created and ads are shown.

comment:10 Changed 3 years ago by kzar

I still can't reproduce this problem. Does it still happen for you with 1.12.4.1738? If so are the steps in the description correct?

comment:11 Changed 3 years ago by Lain_13

Hm... Strange, I'm sure I've posted proper set of filters before, but now I see 1 of filters is different on my side. Could you please check with sibnet.ru#@#.header__topline instead of sibnet.ru#@##right_place_wrapper?

comment:12 Changed 3 years ago by kzar

  • Description modified (diff)
Note: See TracTickets for help on using tickets.