in src/js/contentUtils.js [250:397]
export function storeFoundJS(scriptNodeMaybe, scriptList) {
// check if it's the manifest node
if (
scriptNodeMaybe.id === 'binary-transparency-manifest' ||
scriptNodeMaybe.getAttribute('name') === 'binary-transparency-manifest'
) {
let rawManifest = '';
try {
rawManifest = JSON.parse(scriptNodeMaybe.innerHTML);
} catch (manifestParseError) {
currentState = ICON_STATE.INVALID_SOFT;
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.UPDATE_ICON,
icon: ICON_STATE.INVALID_SOFT,
});
return;
}
let leaves = rawManifest.leaves;
let otherHashes = '';
let otherType = '';
let roothash = rawManifest.root;
let version = rawManifest.version;
if ([ORIGIN_TYPE.FACEBOOK].includes(currentOrigin)) {
leaves = rawManifest.manifest;
otherHashes = rawManifest.manifest_hashes;
otherType = scriptNodeMaybe.getAttribute('data-manifest-type');
roothash = otherHashes.combined_hash;
version = scriptNodeMaybe.getAttribute('data-manifest-rev');
if (currentFilterType != '') {
currentFilterType = 'BOTH';
}
if (currentFilterType === '') {
currentFilterType = otherType;
}
}
// now that we know the actual version of the scripts, transfer the ones we know about.
if (foundScripts.has('')) {
foundScripts.set(version, foundScripts.get(''));
foundScripts.delete('');
}
chrome.runtime.sendMessage(
{
type: MESSAGE_TYPE.LOAD_MANIFEST,
leaves: leaves,
origin: currentOrigin,
otherHashes: otherHashes,
otherType: otherType,
rootHash: roothash,
workaround: scriptNodeMaybe.innerHTML,
version: version,
},
response => {
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.DEBUG,
log:
'manifest load response is ' + response
? JSON.stringify(response).substring(0, 500)
: '',
});
// then start processing of it's JS
if (response.valid) {
if (manifestTimeoutID !== '') {
clearTimeout(manifestTimeoutID);
manifestTimeoutID = '';
}
window.setTimeout(() => processFoundJS(currentOrigin, version), 0);
} else {
if (
['ENDPOINT_FAILURE', 'UNKNOWN_ENDPOINT_ISSUE'].includes(
response.reason
)
) {
currentState = ICON_STATE.WARNING_TIMEOUT;
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.UPDATE_ICON,
icon: ICON_STATE.WARNING_TIMEOUT,
});
return;
}
currentState = ICON_STATE.INVALID_SOFT;
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.UPDATE_ICON,
icon: ICON_STATE.INVALID_SOFT,
});
}
}
);
}
if (scriptNodeMaybe.getAttribute('type') === 'application/json') {
try {
JSON.parse(scriptNodeMaybe.textContent);
} catch (parseError) {
currentState = ICON_STATE.INVALID_SOFT;
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.UPDATE_ICON,
icon: ICON_STATE.INVALID_SOFT,
});
}
return;
}
if (
scriptNodeMaybe.src != null &&
scriptNodeMaybe.src !== '' &&
scriptNodeMaybe.src.indexOf('blob:') === 0
) {
// TODO: try to process the blob. For now, flag as warning.
currentState = ICON_STATE.INVALID_SOFT;
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.UPDATE_ICON,
icon: ICON_STATE.INVALID_SOFT,
});
return;
}
// need to get the src of the JS
if (scriptNodeMaybe.src != null && scriptNodeMaybe.src !== '') {
if (scriptList.size === 1) {
scriptList.get(scriptList.keys().next().value).push({
type: MESSAGE_TYPE.JS_WITH_SRC,
src: scriptNodeMaybe.src,
otherType: '', // TODO: read from DOM when available
});
}
} else {
// no src, access innerHTML for the code
const hashLookupAttribute =
scriptNodeMaybe.attributes['data-binary-transparency-hash-key'];
const hashLookupKey = hashLookupAttribute && hashLookupAttribute.value;
if (scriptList.size === 1) {
scriptList.get(scriptList.keys().next().value).push({
type: MESSAGE_TYPE.RAW_JS,
rawjs: scriptNodeMaybe.innerHTML,
lookupKey: hashLookupKey,
otherType: '', // TODO: read from DOM when available
});
}
}
if (currentState == ICON_STATE.VALID) {
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.UPDATE_ICON,
icon: ICON_STATE.PROCESSING,
});
}
}