dotlambda
diff --git a/‎chromium/background.js‎
Lines changed: 78 additions & 93 deletions b/‎chromium/background.js‎
Lines changed: 78 additions & 93 deletions
diff --git a/‎chromium/manifest.json‎
Lines changed: 3 additions & 2 deletions b/‎chromium/manifest.json‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎chromium/popup.html‎
Lines changed: 26 additions & 1 deletion b/‎chromium/popup.html‎
Lines changed: 26 additions & 1 deletion
diff --git a/‎chromium/popup.js‎
Lines changed: 61 additions & 4 deletions b/‎chromium/popup.js‎
Lines changed: 61 additions & 4 deletions
@@ -1,3 +1,4 @@
+var USER_RULE_KEY = 'userRules';
 // Records which tabId's are active in the HTTPS Switch Planner (see
 // devtools-panel.js).
 var switchPlannerEnabledFor = {};
@@ -7,9 +8,26 @@ var switchPlannerEnabledFor = {};
 // rw / nrw stand for "rewritten" versus "not rewritten"
 var switchPlannerInfo = {};
 
+var getStoredUserRules = function() {
+  var oldUserRuleString = localStorage.getItem(USER_RULE_KEY);
+  var oldUserRules = [];
+  if (oldUserRuleString) {
+    oldUserRules = JSON.parse(oldUserRuleString);
+  }
+  return oldUserRules;
+};
 var all_rules = new RuleSets();
 var wr = chrome.webRequest;
+var loadStoredUserRules = function() {
+  var rules = getStoredUserRules();
+  var i;
+  for (i = 0; i < rules.length; ++i) {
+    all_rules.addUserRule(rules[i]);
+  }
+  log('INFO', 'loaded ' + i + ' stored user rules');
+};
 
+loadStoredUserRules();
 /*
 for (var v in localStorage) {
   log(DBUG, "localStorage["+v+"]: "+localStorage[v]);
@@ -22,20 +40,23 @@ for (r in rs) {
 }
 */
 
-// Add the HTTPS Everywhere icon to the URL address bar.
-// TODO: Switch from pageAction to browserAction?
-function displayPageAction(tabId) {
-  if (tabId !== -1) {
-    chrome.tabs.get(tabId, function(tab) {
-      if(typeof(tab) === "undefined") {
-        log(DBUG, "Not a real tab. Skipping showing pageAction.");
-      }
-      else {
-        chrome.pageAction.show(tabId);
-      }
-    });
+
+var addNewRule = function(params, cb) {
+  if (all_rules.addUserRule(params)) {
+    // If we successfully added the user rule, save it in local 
+    // storage so it's automatically applied when the extension is 
+    // reloaded.
+    var oldUserRules = getStoredUserRules();
+    // TODO: there's a race condition here, if this code is ever executed from multiple 
+    // client windows in different event loops.
+    oldUserRules.push(params);
+    // TODO: can we exceed the max size for storage?
+    localStorage.setItem(USER_RULE_KEY, JSON.stringify(oldUserRules));
+    cb(true);
+  } else {
+    cb(false);
   }
-}
+};
 
 function AppliedRulesets() {
   this.active_tab_rules = {};
@@ -115,21 +136,13 @@ function onBeforeRequest(details) {
   // If no rulesets could apply, let's get out of here!
   if (rs.length === 0) { return; }
 
-  if (details.requestId in redirectCounter) {
-    redirectCounter[details.requestId] += 1;
-    log(DBUG, "Got redirect id "+details.requestId+
-        ": "+redirectCounter[details.requestId]);
-
-    if (redirectCounter[details.requestId] > 9) {
-        log(NOTE, "Redirect counter hit for "+canonical_url);
-        urlBlacklist[canonical_url] = true;
-        var hostname = uri.hostname();
-        domainBlacklist[hostname] = true;
-        log(WARN, "Domain blacklisted " + hostname);
-        return;
-    }
-  } else {
-    redirectCounter[details.requestId] = 0;
+  if (redirectCounter[details.requestId] >= 8) {
+    log(NOTE, "Redirect counter hit for " + canonical_url);
+    urlBlacklist[canonical_url] = true;
+    var hostname = uri.hostname();
+    domainBlacklist[hostname] = true;
+    log(WARN, "Domain blacklisted " + hostname);
+    return null;
   }
 
   var newuristr = null;
@@ -321,103 +334,75 @@ function switchPlannerDetailsHtmlSection(tab_id, rewritten) {
 function onCookieChanged(changeInfo) {
   if (!changeInfo.removed && !changeInfo.cookie.secure) {
     if (all_rules.shouldSecureCookie(changeInfo.cookie, false)) {
-      var cookie = {name:changeInfo.cookie.name,value:changeInfo.cookie.value,
-                    domain:changeInfo.cookie.domain,path:changeInfo.cookie.path,
+      var cookie = {name:changeInfo.cookie.name,
+                    value:changeInfo.cookie.value,
+                    path:changeInfo.cookie.path,
                     httpOnly:changeInfo.cookie.httpOnly,
                     expirationDate:changeInfo.cookie.expirationDate,
-                    storeId:changeInfo.cookie.storeId};
-      cookie.secure = true;
-      // FIXME: What is with this url noise? are we just supposed to lie?
-      if (cookie.domain[0] == ".") {
-        cookie.url = "https://www"+cookie.domain+cookie.path;
+                    storeId:changeInfo.cookie.storeId,
+                    secure: true};
+
+      // Host-only cookies don't set the domain field.
+      if (!changeInfo.cookie.hostOnly) {
+          cookie.domain = changeInfo.cookie.domain;
+      }
+
+      // The cookie API is magical -- we must recreate the URL from the domain and path.
+      if (changeInfo.cookie.domain[0] == ".") {
+          cookie.url = "https://www" + changeInfo.cookie.domain + cookie.path;
       } else {
-        cookie.url = "https://"+cookie.domain+cookie.path;
+          cookie.url = "https://" + changeInfo.cookie.domain + cookie.path;
       }
       // We get repeated events for some cookies because sites change their
       // value repeatedly and remove the "secure" flag.
       log(DBUG,
-       "Securing cookie "+cookie.name+" for "+cookie.domain+", was secure="+changeInfo.cookie.secure);
+       "Securing cookie " + cookie.name + " for " + changeInfo.cookie.domain + ", was secure=" + changeInfo.cookie.secure);
       chrome.cookies.set(cookie);
     }
   }
 }
 
-// This event is needed due to the potential race between cookie permissions
-// update and cookie transmission (because the cookie API is non-blocking).
-// Without this function, an aggressive attacker could race to steal a not-yet-secured
-// cookie if they controlled & could redirect the user to a non-SSL subdomain.
-// WARNING: This is a very hot function.
-function onBeforeSendHeaders(details) {
-  // TODO: Verify this with wireshark
-  for (var h in details.requestHeaders) {
-    if (details.requestHeaders[h].name == "Cookie") {
-      // Per RFC 6265, Chrome sends only ONE cookie header, period.
-      var uri = new URI(details.url);
-      var host = uri.hostname();
-
-      var newCookies = [];
-      var cookies = details.requestHeaders[h].value.split(";");
-
-      for (var c in cookies) {
-        // Create a fake "nsICookie2"-ish object to pass in to our rule API:
-        var fake = {domain:host, name:cookies[c].split("=")[0]};
-        // XXX I have no idea whether the knownHttp parameter should be true
-        // or false here.  We're supposedly inside a race condition or
-        // something, right?
-        var ruleset = all_rules.shouldSecureCookie(fake, false);
-        if (ruleset) {
-          activeRulesets.addRulesetToTab(details.tabId, ruleset);
-          log(INFO, "Woah, we lost the race on updating a cookie: "+details.requestHeaders[h].value);
+function onBeforeRedirect(details) {
+    // Catch HTTPs -> HTTP redirect loops, ignoring about:blank, HTTPS 302s, etc.
+    if (details.redirectUrl.substring(0, 7) === "http://") {
+        if (details.requestId in redirectCounter) {
+            redirectCounter[details.requestId] += 1;
+            log(DBUG, "Got redirect id "+details.requestId+
+                ": "+redirectCounter[details.requestId]);
         } else {
-          newCookies.push(cookies[c]);
+            redirectCounter[details.requestId] = 1;
         }
-      }
-      details.requestHeaders[h].value = newCookies.join(";");
-      log(DBUG, "Got new cookie header: "+details.requestHeaders[h].value);
-
-      // We've seen the one cookie header, so let's get out of here!
-      break;
     }
-  }
-
-  return {requestHeaders:details.requestHeaders};
-}
-
-function onResponseStarted(details) {
-
-  // redirect counter workaround
-  // TODO: Remove this code if they ever give us a real counter
-  if (details.requestId in redirectCounter) {
-    delete redirectCounter[details.requestId];
-  }
 }
 
 wr.onBeforeRequest.addListener(onBeforeRequest, {urls: ["https://*/*", "http://*/*"]}, ["blocking"]);
 
-// This watches cookies sent via HTTP.
-// We do *not* watch HTTPS cookies -- they're already being sent over HTTPS -- yay!
-wr.onBeforeSendHeaders.addListener(onBeforeSendHeaders, {urls: ["http://*/*"]},
-                                   ["requestHeaders", "blocking"]);
-
-wr.onResponseStarted.addListener(onResponseStarted,
-                                 {urls: ["https://*/*", "http://*/*"]});
+// Try to catch redirect loops on URLs we've redirected to HTTPS.
+wr.onBeforeRedirect.addListener(onBeforeRedirect, {urls: ["https://*/*"]});
 
 
 // Add the small HTTPS Everywhere icon in the address bar.
 // Note: We can't use any other hook (onCreated, onActivated, etc.) because Chrome resets the
 // pageActions on URL change. We should strongly consider switching from pageAction to browserAction.
 chrome.tabs.onUpdated.addListener(function(tabId, changeInfo, tab) {
-    displayPageAction(tabId);
+    if (changeInfo.status === "loading") {
+        chrome.pageAction.show(tabId);
+    }
 });
 
 // Pre-rendered tabs / instant experiments sometimes skip onUpdated.
 // See http://crbug.com/109557
 chrome.tabs.onReplaced.addListener(function(addedTabId, removedTabId) {
-    displayPageAction(addedTabId);
+    chrome.tabs.get(addedTabId, function(tab) {
+        if(typeof(tab) === "undefined") {
+            log(DBUG, "Not a real tab. Skipping showing pageAction.");
+        } else {
+            chrome.pageAction.show(addedTabId);
+        }
+    });
 });
 
-// Listen for cookies set/updated and secure them if applicable. This function is async/nonblocking,
-// so we also use onBeforeSendHeaders to prevent a small window where cookies could be stolen.
+// Listen for cookies set/updated and secure them if applicable. This function is async/nonblocking.
 chrome.cookies.onChanged.addListener(onCookieChanged);
 
 function disableSwitchPlannerFor(tabId) {
 
@@ -21,6 +21,7 @@
         "16": "icon16.png", 
         "48": "icon48.png"
     }, 
+    "incognito": "split",
     "manifest_version": 2, 
     "minimum_chrome_version": "18", 
     "name": "__MSG_about_ext_name__", 
@@ -37,5 +38,5 @@
         "<all_urls>"
     ], 
     "update_url": "https://www.eff.org/files/https-everywhere-chrome-updates.xml", 
-    "version": "2014.1.17"
-}
+    "version": "2014.4.16"
+}
@@ -5,13 +5,38 @@
 <link href="chrome-resources/css/chrome_shared.css" rel="stylesheet" type="text/css"/>
 
 <link href="popup.css" rel="stylesheet" type="text/css"/>
+<script src="jquery.min.js"></script>
+<script src="URI.js"></script>
 <script src="popup.js"></script>
+
 </head>
 
 <body>
 <header>
   <h1 i18n="about_ext_name"></h1>
 </header>
+<section>
+  <a href="#" id="add-rule-link">Add this site</a>
+  <div id="add-new-rule-div" style="display:none">
+    <h3> Add a new rule</h3>
+    <p>Always use https for this host.
+    <label for="new-rule-host">Host:</label> <br><input size="50" id="new-rule-host" type="text" disabled><br>
+
+    <div id="new-rule-regular-text">
+      <p><a href="#" id="new-rule-show-advanced-link">Show advanced</a>
+    </div>
+    <div id="new-rule-advanced" style="display:none;">
+      <p><a href="#" id="new-rule-hide-advanced-link">Hide advanced</a>
+      <p>
+      <label for="new-rule-name">Rule name</label><br><input size="50" id="new-rule-name" type="text"><br>
+      <label for="new-rule-regex">Matching regex</label> <br><input size="50" id="new-rule-regex" type="text"><br>
+      <label for="new-rule-redirect">Redirect to</label> <br><input size="50" id="new-rule-redirect" type="text"><br>
+    </div>
+
+    <button id="add-new-rule-button">Add new Rule</button><br>
+    <button id="cancel-new-rule">Cancel</button>
+  </div>
+</section>
 <section id="StableRules" class="rules">
   <h3 i18n="chrome_stable_rules"></h3>
   <p class="description" i18n="chrome_stable_rules_description"></p>
@@ -22,7 +47,7 @@ <h3 i18n="chrome_experimental_rules"></h3>
 </section>
 <footer>
   <a id="whatIsThis" href="https://www.eff.org/https-everywhere" target="_blank" tabindex="-1" i18n="chrome_what_is_this">blah</a>
-  <!-- <a href="" title="HTTPS Everywhere Options">Options</a> --->
+  <!-- <a href="" title="HTTPS Everywhere Options">Options</a> -->
 </footer>
 
 </body>
@@ -3,6 +3,10 @@ var stableRules = null;
 var unstableRules = null;
 var hostReg = /.*\/\/[^$/]*\//;
 
+function e(id) {
+  return document.getElementById(id);
+}
+
 function toggleRuleLine(checkbox, ruleset) {
   ruleset.active = checkbox.checked;
 
@@ -81,12 +85,65 @@ document.addEventListener("DOMContentLoaded", function () {
   chrome.tabs.getSelected(null, gotTab);
 
   // auto-translate all elements with i18n attributes
-  var e = document.querySelectorAll("[i18n]");
-  for (var i=0; i < e.length; i++) {
-    e[i].innerHTML = chrome.i18n.getMessage(e[i].getAttribute("i18n"));
+  var elem = document.querySelectorAll("[i18n]");
+  for (var i=0; i < elem.length; i++) {
+    elem[i].innerHTML = chrome.i18n.getMessage(elem[i].getAttribute("i18n"));
   }
 
   // other translations
-  document.getElementById("whatIsThis").setAttribute("title", chrome.i18n.getMessage("chrome_what_is_this_title"));
+  e("whatIsThis").setAttribute("title", chrome.i18n.getMessage("chrome_what_is_this_title"));
+  e("add-rule-link").addEventListener("click", addManualRule);
 });
 
+
+var escapeForRegex = function( value ) {
+  return value.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g, "\\$&");
+};
+
+function hide(elem) {
+  elem.style.display = "none";
+}
+
+function show(elem) {
+  elem.style.display = "block";
+}
+
+function addManualRule() {
+  chrome.tabs.getSelected(null, function(tab) {
+    hide(e("add-rule-link"));
+    show(e("add-new-rule-div"));
+    var newUrl = new URI(tab.url);
+    newUrl.scheme("https");
+    e("new-rule-host").value = newUrl.host();
+    var oldUrl = new URI(tab.url);
+    oldUrl.scheme("http");
+    var oldMatcher = "^" + escapeForRegex(oldUrl.scheme() + "://" + oldUrl.host() + "/");
+    e("new-rule-regex").value = oldMatcher;
+    var redirectPath = newUrl.scheme() + "://" + newUrl.host() + "/";
+    e("new-rule-redirect").value = redirectPath;
+    e("new-rule-name").value = "Manual rule for " + oldUrl.host();
+    e("add-new-rule-button").addEventListener("click", function() {
+      var params = {
+        host : e("new-rule-host").value,
+        redirectTo : e("new-rule-redirect").value,
+        urlMatcher : e("new-rule-regex").value
+      };
+      backgroundPage.addNewRule(params, function() {
+        location.reload();
+      });
+    });
+
+    e("cancel-new-rule").addEventListener("click", function() {
+      show(e("add-rule-link"));
+      hide(e("add-new-rule-div"));
+    });
+    e("new-rule-show-advanced-link").addEventListener("click", function() {
+      show(e("new-rule-advanced"));
+      hide(e("new-rule-regular-text"));
+    });
+    e("new-rule-hide-advanced-link").addEventListener("click", function() {
+      hide(e("new-rule-advanced"));
+      show(e("new-rule-regular-text"));
+    });
+  });
+}