Opened on 09/16/2018 at 02:02:17 PM

Closed on 09/26/2018 at 02:19:53 PM

Last modified on 03/07/2019 at 10:05:14 AM

#6953 closed defect (fixed)

Domain-based whitelisting does not work in data URI frames

Reported by: mjethani Assignee: mjethani
Priority: P3 Milestone: Adblock-Plus-3.5-for-Chrome-Opera-Firefox
Module: Platform Keywords:
Cc: sebastian, kzar Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: yes
Review URL(s):

https://codereview.adblockplus.org/29882555/

Description (last modified by mjethani)

Environment

ABP 3.3.2 on Chrome

How to reproduce

Load the following web page in the browser:

<img src="https://imgs.xkcd.com/comics/word_puzzles.png">

<script>
document.addEventListener("DOMContentLoaded", () =>
{
  let f = document.createElement("iframe");
  f.src = "data:text/html;base64,PGltZyBzcmM9Imh0dHBzOi8vaW1ncy54a2NkLmNvbS9jb21pY3Mvd29yZF9wdXp6bGVzLnBuZyI+Cg==";
  //f.srcdoc = '<img src="https://imgs.xkcd.com/comics/word_puzzles.png">';
  document.body.appendChild(f);
});
</script>

Now add the filters xkcd and @@$document,domain=localhost (change localhost to the domain the page is loaded from) and reload the page.

Observed behaviour

The image is loaded in the top frame but not in the subframe.

Expected behaviour

The image should be loaded in both the top frame and the subframe.

Additional notes

Anonymous frames using a data: URI combined with sitekeys is a technique I am investigating for some types of whitelisting. This needs to work correctly.

The issue is that, just like about: frames, the onComitted for data: frames happens too late, so the frame object for the image request is not available at the time when checkWhitelisted is called. Upon further investigation, the real issue is that onComitted doesn't even get the parent frame's ID, and onHeadersReceived is not fired for about: and data: frames.

Hints for testers

Whitelisting as described in the "How to reproduce" section should work for both about: and data: frames. For testing about: frames, uncomment the //f.srcdoc = line and comment out the previous line.

Attachments (0)

Change History (8)

comment:1 Changed on 09/16/2018 at 02:02:40 PM by mjethani

  • Cc sebastian kzar added

comment:2 Changed on 09/16/2018 at 02:11:41 PM by mjethani

  • Review URL(s) modified (diff)

comment:3 Changed on 09/26/2018 at 01:08:55 PM by sebastian

  • Priority changed from Unknown to P3
  • Ready set

comment:4 Changed on 09/26/2018 at 02:17:35 PM by abpbot

A commit referencing this issue has landed:
Issue 6953 - Update frame structure for data URI frames

comment:5 Changed on 09/26/2018 at 02:19:53 PM by mjethani

  • Milestone set to Adblock-Plus-for-Chrome-Opera-Firefox-next
  • Resolution set to fixed
  • Status changed from new to closed

comment:6 Changed on 09/26/2018 at 02:21:30 PM by mjethani

  • Description modified (diff)

comment:7 Changed on 09/26/2018 at 02:24:31 PM by mjethani

  • Description modified (diff)

comment:8 Changed on 03/07/2019 at 10:05:14 AM by ukacar

  • Verified working set

Add Comment

Modify Ticket

Change Properties
Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from mjethani.
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.