Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cosmetic rules #168

Merged
merged 10 commits into from
Dec 20, 2024
Merged

Cosmetic rules #168

merged 10 commits into from
Dec 20, 2024

Conversation

AitakattaSora
Copy link
Collaborator

No description provided.

@AitakattaSora AitakattaSora changed the title Draft: Add cosmetic rules store with tests Draft: Cosmetic rules Dec 1, 2024
@AitakattaSora AitakattaSora changed the title Draft: Cosmetic rules Cosmetic rules Dec 2, 2024
anfragment
anfragment requested changes Dec 2, 2024
View reviewed changes
internal/cosmetic/addrule.go Outdated Show resolved Hide resolved
internal/cosmetic/injector.go Outdated Show resolved Hide resolved
internal/cosmetic/injector.go Outdated Show resolved Hide resolved
@anfragment
Copy link
Owner

I gave this some thought, and the selector validation that we're currently using (checking for a </style> substring) is insufficient to prevent a range of XSS attacks we might be vulnerable to. Here's a conversation I had with ChatGPT on this, which I believe could be a good starting point.

I'm interested to hear your thoughts on this, @AitakattaSora.

@anfragment anfragment added the in progress Actively under development label Dec 5, 2024
@anfragment
Copy link
Owner

anfragment commented Dec 17, 2024
edited by AitakattaSora
Loading

  • Multiple selectors in a single rule
  • Use htmlrewrite for contents replacement

anfragment
anfragment requested changes Dec 20, 2024
View reviewed changes
internal/cosmetic/addrule.go Outdated Show resolved Hide resolved
internal/cosmetic/injector.go Outdated Show resolved Hide resolved
internal/cosmetic/injector.go Outdated Show resolved Hide resolved
internal/cosmetic/sanitizer.go Outdated Show resolved Hide resolved
internal/cosmetic/sanitizer.go Outdated Show resolved Hide resolved
internal/cosmetic/sanitizer.go Outdated Show resolved Hide resolved
@AitakattaSora
Copy link
Collaborator Author

@anfragment Thank you for your feedback. I have reviewed your comments and implemented the necessary fixes. Additionally, I removed unnecessary comments and renamed the function that checks for dangerous sequences in the selector.

@anfragment anfragment merged commit 3761c04 into master Dec 20, 2024
15 checks passed
@anfragment anfragment deleted the 160-cosmetic-rules branch January 6, 2025 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anfragment anfragment Awaiting requested review from anfragment

Assignees
No one assigned
Labels
in progress Actively under development
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AitakattaSora @anfragment