Place higher trust on surrogates?

Bug reports and enhancement requests
Post Reply
blowtorch
Posts: 4
Joined: Fri Dec 25, 2015 7:31 am

Place higher trust on surrogates?

Post by blowtorch »

Hello there.

More and more I find myself writing surrogates scripts [1] that replicate part of the JavaScript functionality in untrusted sites [2]. Recently I found a case in which I need to make XHR requests from the surrogate and discovered that they don't work: NoScript blocks them.

I looked a bit into the code and so far my rough understanding is that this behaviour depends on:
  • the value of the "forbidXHR" preference;
  • whether the code making the XHR comes from a "special" scheme (such as "chrome:");
  • whether the relevant locations (e.g. source and target) are whitelisted by the user.
I'm using the default value for "forbidXHR" (1), and I want to keep it that way. Though I haven't yet checked in the debugger, it seems that the XHR requests I make in the surrogate are given the same scheme as the current location (?). Finally, I do not want to whitelist neither source nor target.

Is there any way to have surrogate XHRs succeed in this situation?

Generally speaking, I want NoScript to distinguish "my" code from that of other people, and be able to place different levels of trust on them (some degree of trust for my code and complete distrust for other people's code). [3]

Thanks!

[1] All my surrogates are of the "no-script" kind (that is, "sources" is prefixed with "!").

[2] By "untrusted" I just mean not whitelisted by NoScript. I'm not talking about the "Mark as untrusted" feature of NoScript.

[3] If you are wondering now why don't I use something like Greasemonkey instead of NoScript surrogates, well, is because some of these scripts are supposed to run in an environment where NoScript is already part of the trusted code base, while Greasemonkey is not.
Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: Place higher trust on surrogates?

Post by barbaz »

+1 to your request, if there is a way to implement it safely.

Moving to NoScript Development because this is a RFE.


EDIT In implementing this RFE, if it is done I think it would be best if there is an ability to create a per-surrogate boolean about:config boolean pref and set to true (defaults to false if unset) to control whether specific surrogate has the ability to fire XHR regardless, etc. - like, say, noscript.surrogate.<surrogate_name>.privileged
Then this stuff won't be available where it's not needed
EDIT2 I also think that this should *not* ever be available to surrogates that run on script-allowed pages, otherwise there is potential for a poorly-coded surrogate to become a gaping security hole. Your use case anyway involves only ! surrogates, and limiting the ability to allow extra privileges to only ! surrogates seems reasonable and smart to me.
*Always* check the changelogs BEFORE updating that important software!
-
blowtorch
Posts: 4
Joined: Fri Dec 25, 2015 7:31 am

Re: Place higher trust on surrogates?

Post by blowtorch »

Hi barbaz.
barbaz wrote:this is a RFE
I guess your answer to my question is "currently not possible", then?
Mozilla/5.0 (Windows NT 6.1; rv:38.0) Gecko/20100101 Firefox/38.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: Place higher trust on surrogates?

Post by barbaz »

Right, I don't think it's currently exists for surrogates. I don't know whether it'd currently work in bookmarklets though, but even if so, it's pretty hard (if even possible) to click a bookmarklet with timing such that it'll run exactly on DOMContentLoaded... Image
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply