iframe.contentWindow surrogate

Proposals for new surrogate scripts, updates/bug fixes to existing ones, tips and tricks to work around the lazy web.
Post Reply
fatboy
Junior Member
Posts: 47
Joined: Fri Jul 25, 2014 6:56 am
Contact:

iframe.contentWindow surrogate

Post by fatboy » Mon Nov 09, 2015 8:51 pm

On the basis of the sample code and FireGloves made a surrogate:

Code: Select all

replacement
Object.defineProperty(window, "screen", {enumerable:true, get:function(){return {width: 1280, height: 800, availWidth: 1280, availHeight: 800, colorDepth: 24, pixelDepth: 24, top: 0, left: 0, availTop:0, availLeft: 0}}, set:function(){}});
sources: @*

It works. But if on the page https://www.browserleaks.com/javascript click on the button "iframe.contentWindow" appears real screen (with FireGloves this button is not pressed, with Random Agent Spoofer displayed the real screen, with Tor displayed 0x0 (UPD: even if privacy.resistFingerprinting;false)).
Made a surrogate:

Code: Select all

replacement
Object.defineProperty(window.HTMLIFrameElement.prototype, "contentWindow", {get: function() {}});
sources: @ * or !@ * same result.

It works, but not the content is displayed or not the buttons are pressed on the pages, which uses maps, such as:
maps.yandex.com, warfly.ru, google.com/maps and others. Is it possible to alter the surrogate to not have to make exceptions for sites such as these?
Here are the codes FireGloves and Tor: http://pastebin.com/v5h6JJBQ http://pastebin.com/yDimVJ6b http://pastebin.com/P7pZUAJR
Maybe they will help.
Last edited by fatboy on Thu Nov 12, 2015 8:03 pm, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 SeaMonkey/2.21 NS 2.6.9.39

barbaz
Senior Member
Posts: 9096
Joined: Sat Aug 03, 2013 5:45 pm

Re: iframe.contentWindow surrogate

Post by barbaz » Thu Nov 12, 2015 4:50 pm

Can you please post your sources value(s)?
What is the iframe's URL?
*Always* check the changelogs BEFORE updating that important software!
-

fatboy
Junior Member
Posts: 47
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: iframe.contentWindow surrogate

Post by fatboy » Thu Nov 12, 2015 8:25 pm

> ...sources value(s)?
Added.

> What is the iframe's URL?
For example: https://maps.yandex.com/. Need to allow: https://maps.yandex.com, https://api-maps.yandex.ru, https://yastatic.net.
There are several buttons: Layers, Routes and so forth. None is pressed.
Error console:

Code: Select all

Error: TypeError: this._iframe[0].contentWindow is undefined
Source File: https://yastatic.net/maps-beta/2.31.9/build/index/_index.en.js
Line: 4
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 SeaMonkey/2.21 NS 2.6.9.39

barbaz
Senior Member
Posts: 9096
Joined: Sat Aug 03, 2013 5:45 pm

Re: iframe.contentWindow surrogate

Post by barbaz » Thu Nov 12, 2015 11:43 pm

I'm not sure * is a valid sources value.
Try @^https?:// or

Code: Select all

@^(?!chrome)[0-9A-Za-z-]+://
*Always* check the changelogs BEFORE updating that important software!
-

fatboy
Junior Member
Posts: 47
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: iframe.contentWindow surrogate

Post by fatboy » Fri Nov 13, 2015 9:45 am

> I'm not sure * is a valid sources value.
https://forums.informaction.com/viewtopic.php?p=12319#p12319
@^https?:// already tried before. @^(?!chrome)[0-9A-Za-z-]+:// works too, thank you. It seems to me that the case "replacement". Probably I badly explained. Surrogate works: if on the browserleaks.com click on the button "iframe.contentWindow" appears 1280x800, as I indicated in window.screen. But I wish he didn't harm the maps.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 SeaMonkey/2.21 NS 2.6.9.39

barbaz
Senior Member
Posts: 9096
Joined: Sat Aug 03, 2013 5:45 pm

Re: iframe.contentWindow surrogate

Post by barbaz » Fri Nov 13, 2015 2:13 pm

You are blocking the entire contentWindow property when you only want to spoof screen... that's like using a sledgehammer instead of a needle.

If you want to make the maps site work you can probably specify a noscript.surrogate.<name>.exceptions pref, or tweak the surrogate (or sources regex) to exclude whatever the maps site requires.
Other possibility is to make the iframe contentWindow property return the top-level window, but it may break things in a different way.


I still think it's weird that you aren't getting the surrogate to apply to iframes. I will look into this in more detail later.
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply