search

gorhill / uBO-Extra

A companion extension to uBlock Origin
GNU General Public License v3.0
654 stars 42 forks source link

Not blocked websockets (worker) #19

Closed dimisa-RUAdList closed 7 years ago

dimisa-RUAdList commented 7 years ago

Google Chrome 55.0.2883.87 m (64-bit) uBlock Origin 1.10.4 uBlock Origin Extra 2.8 uBlock filters‎ EasyList RU AdList

http://pesnik.su/ It occurs very often. This method is used advertising network Mixadvert. They loaded the script in a worker with a domain. conn = new WebSocket("ws://n1.mixadvert.com:3000/1745"); conn.onmessage = function (evt) { postMessage(evt.data); conn.close();}

gorhill commented 7 years ago

The fix must be made in uBO: it's a matter of injecting the websocket-blocking content security policy into the headers for javascript resources where needed. Javascript resources used for worker purpose must be seen as document and as such they must also be a target of filters such as *$websocket.

uBlock-user commented 7 years ago

another similar case - > websockets not blocked here either - http://zfilm-hd.net/

Ads are fetched - https://i.gyazo.com/910254cc6789b69ff70f252770113b3b.png

gorhill commented 7 years ago

That is not a uBO-Extra issue, that's a plain filter issue: *$websocket,domain=zfilm-hd.net. Report to RU AdList (fyi @dimisa-RUAdList)

dimisa-RUAdList commented 7 years ago

Such a filter (*$websocket,domain=zfilm-hd.net) in RU AdList already registered and for a long time. The problem - the same as on pesnik.su

To do so: https://hg.adblockplus.org/ruadlist/rev/b67319e220b9#l1.12

gorhill commented 7 years ago

The problem - the same as on pesnik.su

Ok I see.

@uBlock-user Sorry I was confused and forgot the context of the thread and the fix to uBO, I tried *$websocket,domain=zfilm-hd.net and did not get the ads -- so at least this confirms the fix works.

uBlock-user commented 7 years ago

@gorhill No worries and thanks for the quick fix as always.

dimisa-RUAdList commented 7 years ago

By the way, the fix will be useful not only for Google Chrome, but and for Firefox.

gorhill commented 7 years ago

@dimisa-RUAdList I can't reproduce the case in the opening comment. Do you know of another such case where workers are used to bypass blockers?

dimisa-RUAdList commented 7 years ago

I have not seen this for a long time. At the moment, the extension code (uBlock Origin) is enough to handle the rules from the subscription RU AdList (+EasyList). Including in Firefox.