Page 2 of 2
Re: Using nscl patchWorkers in Firefox
Posted: Thu Jan 20, 2022 9:16 am
by skriptimaahinen
Pardon my absence.
Looking at barbazs problem
viewtopic.php?f=27&t=26485#p104794
I see that window.frames is not a list of frame elements but list of content windows, which is NOT patched by modifyWindow!
So adding:
Code: Select all
function modifyWindowFramesList(win) {
let descriptor = Object.getOwnPropertyDescriptor(win, "frames");
let origGetter = descriptor.get;
function frames() {
let frames = origGetter.call(this);
for (let i = 0; i < frames.length; i++) {
let frameWin = frames[i];
if (frameWin && frameWin instanceof Window) modifyWindow(frameWin);
}
return frames;
}
descriptor.get = exportFunction(frames, win, {defineAs: `get frames`});
Object.defineProperty(win, "frames", descriptor);
}
and also not forgetting to call it from modifyWindow should do the trick.
Re: Using nscl patchWorkers in Firefox
Posted: Thu Jan 20, 2022 10:25 am
by Giorgio Maone
skriptimaahinen wrote: ↑Thu Jan 20, 2022 9:16 am
and also not forgetting to call it from modifyWindow should do the trick.
Thanks for trying to help, but unfortunately you can access those windows also by just indexing the window object itself (like window[0]): the frames property is just a reference to the window object.
It's a very hairy issue, but as I said
https://github.com/hackademix/nscl/commit/93cf0fc should have done the trick (please let me know if you actually see something off there too).
Re: Using nscl patchWorkers in Firefox
Posted: Thu Jan 20, 2022 11:43 am
by skriptimaahinen
Dang. Missed that completely. That is quite a furball indeed.
Initial testing shows no problems with your approach.
Re: Using nscl patchWorkers in Firefox
Posted: Fri Feb 04, 2022 6:42 pm
by barbaz
barbaz wrote: ↑Mon Jan 17, 2022 6:11 pm
Unfortunately there is still another way to bypass patchWorkers, and I have no idea what it is
The extension I'm making is a UA spoofer, but according to CreepJS main test
viewtopic.php?f=18&t=26434 I'm still leaking the real UA in workers. It only happens on the main test page. On their worker-only test page my extension is working as expected.
How is it getting the real UA? Is the bug in my extension or nscl?
(Testing this does not require allowing the 3rd party sites CreepJS calls. The problem shows up just using the pure JS side of the tests.)
Went to test this again with latest nscl, but some nscl change has resulted in patchWorkers completely breaking CreepJS, with different errors each page?
Tried to go through & find the culprit nscl revision, but got wildly inconsistent results
Re: Using nscl patchWorkers in Firefox
Posted: Fri Feb 11, 2022 1:12 am
by barbaz
Checked again. CreepJS worker test page is working now. Main test page is still broken though.
This would seem to be a nscl bug, and not a new one. More likely it was just exposed by a CreepJS change. Because now it's definitely there with previously known-working versions of nscl.
I would suspect the bug is in nscl because it can be reproduced with even this minimal extension in Firefox 97 -
manifest.json
Code: Select all
{
"manifest_version": 2,
"name": "nscl patchWorker test",
"version": "1",
"permissions": [
"<all_urls>",
"webRequest",
"webRequestBlocking",
"webNavigation",
"storage",
"notifications",
"tabs"
],
"background": {
"scripts": [
"nscl/service/patchWorkers.js",
"bg.js"
]
},
"applications": {
"gecko": {
"strict_min_version": "74.0a1",
"id": "{4cdd3d04-c968-45cb-b94f-2bbf482ccfdb}"
}
}
}
bg.js
Code: Select all
browser.contentScripts.register({
allFrames: true,
matchAboutBlank: true,
matches: ['<all_urls>'],
runAt: 'document_start',
js: [{
file: 'nscl/common/uuid.js',
}, {
file: 'nscl/content/patchWindow.js',
}, {
file: 'nscl/content/patchWorkers.js',
}, {
code: 'patchWorkers(function(){});',
}],
});
Re: Using nscl patchWorkers in Firefox
Posted: Tue Mar 01, 2022 11:43 pm
by barbaz
bump
I think this maybe caused by something done on the page side, not the worker side. I added a toggle switch to my extension to disable patching worker scopes. If this functionality is enabled, the CreepJS page is broken. But if I disable the worker patching and reload the page, it works as expected, but the worker is patched!
Re: Using nscl patchWorkers in Firefox
Posted: Sun Apr 30, 2023 8:15 pm
by barbaz
Most of the issues brought up here seems to be resolved now.
However, current state is back to this -
barbaz wrote: ↑Mon Jan 17, 2022 6:11 pm
Unfortunately there is still another way to bypass patchWorkers, and I have no idea what it is
The extension I'm making is a UA spoofer, but according to CreepJS main test
viewtopic.php?f=18&t=26434 I'm still leaking the real UA in workers. It only happens on the main test page. On their worker-only test page my extension is working as expected.
How is it getting the real UA? Is the bug in my extension or nscl?
(Testing this does not require allowing the 3rd party sites CreepJS calls. The problem shows up just using the pure JS side of the tests.)
Adding a console.log call in the patch code, the log message doesn't happen on the main test page, while it does get logged as expected on the worker test page. It looks as if the worker on the main test page is simply not getting patched
