Skip to content

Commit

Permalink
Use safe versions of Math.floor/Math.random in scriptlets
Browse files Browse the repository at this point in the history
  • Loading branch information
gorhill committed Oct 9, 2023
1 parent ad75b1b commit 780383f
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions assets/resources/scriptlets.js
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,8 @@ function safeSelf() {
const self = globalThis;
const safe = {
'Error': self.Error,
'Math_floor': Math.floor,
'Math_random': Math.random,
'Object_defineProperty': Object.defineProperty.bind(Object),
'RegExp': self.RegExp,
'RegExp_test': self.RegExp.prototype.test,
Expand Down Expand Up @@ -133,11 +135,15 @@ function safeSelf() {
builtinScriptlets.push({
name: 'get-exception-token.fn',
fn: getExceptionToken,
dependencies: [
'safe-self.fn',
],
});
function getExceptionToken() {
const safe = safeSelf();
const token =
String.fromCharCode(Date.now() % 26 + 97) +
Math.floor(Math.random() * 982451653 + 982451653).toString(36);
safe.Math_floor(safe.Math_random() * 982451653 + 982451653).toString(36);
const oe = self.onerror;
self.onerror = function(msg, ...args) {
if ( typeof msg === 'string' && msg.includes(token) ) { return true; }
Expand Down Expand Up @@ -2207,7 +2213,7 @@ function noXhrIf(
const warOrigin = scriptletGlobals.get('warOrigin');
const generateRandomString = len => {
let s = '';
do { s += Math.random().toString(36).slice(2); }
do { s += safe.Math_random().toString(36).slice(2); }
while ( s.length < 10 );
return s.slice(0, len);
};
Expand Down

0 comments on commit 780383f

Please sign in to comment.