🐛 修复window穿透问题 #273

scriptscat · Apr 29, 2024 · 577f7e5 · 577f7e5
1 parent b93be76
commit 577f7e5
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 18 deletions.
diff --git a/src/runtime/content/exec_script.test.ts b/src/runtime/content/exec_script.test.ts
@@ -46,7 +46,7 @@ describe("GM_info", () => {
     expect(ret.version).toEqual(ExtVersion);
     expect(ret.script.version).toEqual("1.0.0");
   });
-  it("sandbox", async() => {
+  it("sandbox", async () => {
     scriptRes2.code = "return GM_info";
     sandboxExec.scriptFunc = compileScript(compileScriptCode(scriptRes2));
     const ret = await sandboxExec.exec();
@@ -63,6 +63,10 @@ describe("unsafeWindow", () => {
     sandboxExec.scriptFunc = compileScript(compileScriptCode(scriptRes2));
     const ret = await sandboxExec.exec();
     expect(ret).toEqual("ok");
+    scriptRes2.code = "return window.testUnsafeWindow";
+    sandboxExec.scriptFunc = compileScript(compileScriptCode(scriptRes2));
+    const ret2 = await sandboxExec.exec();
+    expect(ret2).toEqual(undefined);
   });
 });
 

diff --git a/src/runtime/content/utils.test.ts b/src/runtime/content/utils.test.ts
@@ -8,6 +8,7 @@ describe("proxy context", () => {
     eval: () => {
       console.log("eval");
     },
+    addEventListener: () => {},
   };
   init.set("onload", true);
   init.set("gbok", true);
@@ -22,8 +23,7 @@ describe("proxy context", () => {
   it("set window null", () => {
     _this["onload"] = "ok";
     expect(_this["onload"]).toEqual("ok");
-    expect(context["onload"]).toEqual(undefined);
-    expect(global["onload"]).toEqual("ok");
+    expect(global["onload"]).toEqual(null);
   });
 
   it("update", () => {
@@ -36,14 +36,22 @@ describe("proxy context", () => {
   });
 
   it("访问global的对象", () => {
-    expect(_this["gbok"]).toEqual("gbok");
+    expect(_this["gbok"]).toBeUndefined();
   });
 
   it("禁止修改window", () => {
     expect(() => (_this["window"] = "ok")).toThrow();
   });
 });
 
+// 只允许访问onxxxxx
+describe("window", () => {
+  const _this = proxyContext({ onanimationstart: null }, {});
+  it("window", () => {
+    expect(_this.onanimationstart).toBeNull();
+  });
+});
+
 describe("兼容问题", () => {
   const _this = proxyContext({}, {});
   // https://github.com/xcanwin/KeepChatGPT 环境隔离得不够干净导致的

diff --git a/src/runtime/content/utils.ts b/src/runtime/content/utils.ts
@@ -208,14 +208,12 @@ export function proxyContext(
         case "self":
         case "globalThis":
           // eslint-disable-next-line @typescript-eslint/no-unsafe-return
-          return special.global || proxy;
+          return proxy;
         case "top":
         case "parent":
           if (global[name] === global.self) {
-            // eslint-disable-next-line @typescript-eslint/no-unsafe-return
             return special.global || proxy;
           }
-          // eslint-disable-next-line @typescript-eslint/no-unsafe-return
           return global.top;
         default:
           break;
@@ -241,14 +239,17 @@ export function proxyContext(
             }
             return special[name];
           }
-          if (global[name] !== undefined) {
-            if (
-              typeof global[name] === "function" &&
-              !(<{ prototype: any }>global[name]).prototype
-            ) {
-              return (<{ bind: any }>global[name]).bind(global);
+          // 只处理onxxxx的事件
+          if (has(global, name)) {
+            if (name.startsWith("on")) {
+              if (
+                typeof global[name] === "function" &&
+                !(<{ prototype: any }>global[name]).prototype
+              ) {
+                return (<{ bind: any }>global[name]).bind(global);
+              }
+              return global[name];
             }
-            return global[name];
           }
         } else if (name === Symbol.unscopables) {
           return unscopables;
@@ -288,8 +289,11 @@ export function proxyContext(
           if (has(special, name)) {
             return true;
           }
+          // 只处理onxxxx的事件
           if (has(global[name], name)) {
-            return true;
+            if (name.startsWith("on")) {
+              return true;
+            }
           }
         } else if (typeof name === "symbol") {
           return has(thisContext, name);
@@ -306,7 +310,7 @@ export function proxyContext(
         default:
       }
       if (has(special, name)) {
-        thisContext[name] = val;
+        special[name] = val;
         return true;
       }
       if (init.has(name)) {
@@ -315,8 +319,12 @@ export function proxyContext(
         if (des && des.get && !des.set && des.configurable) {
           return true;
         }
-        thisContext[name] = val;
-        return true;
+        // 只处理onxxxx的事件
+        if (has(global, name) && name.startsWith("on")) {
+          global.addEventListener(name.slice(2), val);
+          thisContext[name] = val;
+          return true;
+        }
       }
       // @ts-ignore
       thisContext[name] = val;