Open AdamWr opened 10 months ago
Currently it's too easy to disable trusted-replace-xhr-response and prevent-xhr by adding <xhr>.shouldBePrevented = false;
trusted-replace-xhr-response
prevent-xhr
<xhr>.shouldBePrevented = false;
Steps to reproduce:
example.org#%#//scriptlet('trusted-replace-xhr-response', '*', 'TEST', '/')
(() => { function reqListener() { alert(this.responseText); } const xhr = new XMLHttpRequest(); xhr.addEventListener("load", reqListener); xhr.open("GET", "/"); xhr.shouldBePrevented = false; xhr.send(); })();
If scriptlet works correctly there should be an alert with TEST message, but xhr.shouldBePrevented = false; disables scriptlet and content is not replaced.
TEST
xhr.shouldBePrevented = false;
I guess that adding random part to: https://github.com/AdguardTeam/Scriptlets/blob/bad388d94ab265ffd61d23b26a8637721fabfc1e/src/scriptlets/trusted-replace-xhr-response.js#L123 something like thisArg.shouldBePrevented_<random> should fixes it.
thisArg.shouldBePrevented_<random>
Currently it's too easy to disable
trusted-replace-xhr-response
andprevent-xhr
by adding<xhr>.shouldBePrevented = false;
Steps to reproduce:
If scriptlet works correctly there should be an alert with
TEST
message, butxhr.shouldBePrevented = false;
disables scriptlet and content is not replaced.I guess that adding random part to: https://github.com/AdguardTeam/Scriptlets/blob/bad388d94ab265ffd61d23b26a8637721fabfc1e/src/scriptlets/trusted-replace-xhr-response.js#L123 something like
thisArg.shouldBePrevented_<random>
should fixes it.