Closed ghajini closed 6 days ago
The code responsible for the popup is in the first lines in https://streamsilk.com/build/assets/download-BFOXNMjL.js
This works here:
streamsilk.com##+js(set, HTMLElement.prototype.click, noopFunc)
I think we can limit to anchor elements only
streamsilk.com##+js(set, HTMLAnchorElement.prototype.click, noopFunc)
both of them work, but limiting to anchor elements is good.also site is self broken i guess, timer never ends.
also is issue can be fixed with such idea https://github.com/AdguardTeam/Scriptlets/issues/449
Yeah, that's what I was thinking too. Currently I can't think of other solutions based on current methods that can defuse element click()
but with fine-grained choice of elements.
@gorhill Sorry, could you take a look?
another examples we have are hydrax players
https://github.com/gorhill/uBlock/commit/95b0ce5e3a64d966924dd701d1e336402d586b25. This should work:
streamsilk.com##+js(trusted-override-element-method, HTMLAnchorElement.prototype.click, a[target="_blank"][style])
https://toonstream.co/episode/pokemon-journeys-the-series-23x2/
server 2
i test on firefox abysscdn.com##+js(trusted-override-element-method, HTMLAnchorElement.prototype.click, a[target="_blank"])
work
how to see which specific elements it has overrided(if its possible)?
how to see which specific elements it has overrided(if its possible)?
The only way I can think of is to output the element at the console. Maybe this could be done when verbose mode is enabled?
Another way is to add debug
as possible value for disposition
, and this would trigger a debugger;
statement in the scriptlet, then from there you can look at the page's code triggering the click.
Problem with either approach is that the page detect dev tools being opened. The issue with the verbose mode approach is that the element is removed immediately from the DOM upon return.
i don't see
You will never see elements themselves in the logger, elements or element references are not serializable, they can't be transported across documents. We can output an element to the browser dev console, and from there the browser tools will let you find it in the DOM. In any case, the element is removed from the DOM immediately by the page code, so it's not very useful. Triggering a breakpoint in the code when the override occurs is a better approach, because it will let you examine the element while it still is in the DOM.
Anyway, how do I trigger the filter on that site? I don't get a report that the method was overridden.
Next build you can try abysscdn.com##+js(trusted-override-element-method, HTMLAnchorElement.prototype.click, a[target="_blank"], debug)
with logger opened to trigger a breakpoint in the scriptlet. The element should still be part of the DOM, and you can examine the caller's code to see what they are doing.
abysscdn.com#@#+js(aost, HTMLElement.prototype.click, _0x)
https://toonstream.co/episode/pokemon-journeys-the-series-23x2/
With the new debug
disposition value, I could break into the scriptlet code at override time. Had to use Anti Anti Debug extension. To my surprise, the a
element is not part of the DOM, I thought this was a requirement for the click()
method to work. Anyway, when the breakpoint triggers, you can inspect the element properties and the caller's code:
streamsilk.com##+js(disable-newtab-links)
works fine without having any need for a new scriptlet.
Forgot about disable-newtab-links
but anyway this one acts on all click
events, including legitimate (isTrusted
is true
) ones by the user, while specifically trapping click()
targets non-trusted clicks, and the new scriptlet also allows to narrow down further using a selector, and is more logger friendly.
but anyway this one acts on all click events
Can't you make it specific to certain elements or urls ? like we have for nowoif
, I feel this old scriptlet is perfect for this case.
Why invest time on this unless there are actual cases to solve?
This could resolve this case without having to resort to a new scriptlet, but it's your choice though.
abysscdn.com##+js(disable-newtab-links)
does not work, need to specifically trap click()
.
i added abysscdn.com##+js(trusted-override-element-method, HTMLAnchorElement.prototype.click, a[target="_blank"], debug)
with ubo logger open & dev tools, i don't see debugger statement being invoked.
i have added ubo filters annoyances to foil antidevtool
iam on firefox stable 131 ,ubo 1.60.1b7
this was part of code responsible for popups
0x305: _0x473fc2 => {
var _0x4ec335 = -0x1;
var _0x1b4c33 = null;
function _0x2c6597() {
if (_0x1b4c33) {
var _0x685c92 = document.createElement('a');
_0x685c92.setAttribute("href", _0x1b4c33);
_0x685c92.setAttribute('target', "_blank");
_0x685c92.click();
document.onclick = null;
document.ontouchend = null;
}
}
_0x473fc2.exports = (_0x6005aa = false, _0x58ae87 = []) => {
if (!_0x6005aa && _0x58ae87?.["length"]) {
_0x1b4c33 = _0x58ae87[++_0x4ec335 % _0x58ae87.length];
if (/iPhone|iPad|iPod|Mac OS/i.test(navigator.userAgent)) {
document.onclick = _0x2c6597;
if ("ontouchstart" in window || "onmsgesturechange" in window) {
document.ontouchend = _0x2c6597;
}
} else {
_0x2c6597();
}
}
};
},
I just reproduced successfully. Did you enable debugger
statement in dev tools?
My steps in a new browser profile:
abysscdn.com#@#+js(aost, HTMLElement.prototype.click, _0x)
abysscdn.com##+js(trusted-override-element-method, HTMLAnchorElement.prototype.click, a[target="_blank"], debug)
https://toonstream.co/episode/pokemon-journeys-the-series-23x2/
in a new tabok some firefox hang problem on my end, i could see debugger statement on opera👍
Can nowoif
also have a debug
value?
I could add a special case for the url parameter:
##+js(nowoif, debug)
Which would trigger a debugger;
statement for all calls to window.open()
without preventing them. Would that work?
Yes, that should work. I was thinking of using it on https://filemoon.sx/e/dpgw5dfyk8p8
(There's no popup on Firefox because of injected CSP).
Prerequisites
URL address of the web page
https://streamsilk.com/d/66fef1e5f0d37
Category
popups
Description
clicking 480/720 generates new popup window which is closed due to matching EL filter
Other extensions used
none
Screenshot(s)
Screenshot(s)
![Screenshot_20241004-013110-381](https://github.com/user-attachments/assets/18d404de-bba9-49df-a291-e9eb509029d0)Configuration