WIP: handle sites that pull globals from an iframe

Author: nfriedly

lib/client-scripts.js

@@ -21,10 +21,6 @@ module.exports = function ({ prefix }) {
     maxAge: "10m",
   };
 
-  const INJECTION_SNIPET = `
-<script>var unblocker=${JSON.stringify({ prefix })}</script>
-<script src="${clientScriptPathWeb}"></script>`;
-
   function server(req, res, next) {
     if (req.url === clientScriptPathWeb) {
       send(req, clientScriptPathFs, sendOpts).pipe(res);
@@ -33,30 +29,33 @@ module.exports = function ({ prefix }) {
     next();
   }
 
-  function createStream() {
-    return new Transform({
-      decodeStrings: false,
-      transform: function (chunk, encoding, next) {
-        // todo: only inject once (maybe make an "injects into head" helper)
-        var updated = chunk
-          .toString()
-          .replace(/(<head[^>]*>)/i, "$1" + INJECTION_SNIPET + "\n");
-        this.push(updated, "utf8");
-        next();
-      },
-    });
-  }
-
   function injector(data) {
     if (contentTypes.html.includes(data.contentType)) {
-      data.stream = data.stream.pipe(createStream());
+      data.stream = data.stream.pipe(
+        new Transform({
+          decodeStrings: false,
+          transform: function (chunk, encoding, next) {
+            // todo: only inject once (maybe make an "injects into head" helper)
+            var updated = chunk.toString().replace(
+              /(<head[^>]*>)/i,
+              `$1
+<script src="${clientScriptPathWeb}"></script>
+<script>unblockerInit(${JSON.stringify({
+                prefix,
+                url: data.url,
+              })}, window);</script>
+`
+            );
+            this.push(updated, "utf8");
+            next();
+          },
+        })
+      );
     }
   }
 
-  injector.createStream = createStream;
   return {
     server,
     injector,
-    createStream, // for testing
   };
 };

lib/client/unblocker-client.js

@@ -1,29 +1,32 @@
-(function (exports) {
+(function (global) {
   "use strict";
-  /*global unblocker*/
 
   // todo:
-  // - fetch
-  // - history API
   // - postMessage
   // - open
   // - split each part into separate files (?)
   // - wrap other JS and provide proxies to fix writes to window.location and document.cookie
   //   - will require updating contentTypes.html.includes(data.contentType) to include js
   //   - that, in turn will require decompressing js....
 
-  console.log("begin unblocker client scripts", unblocker);
-
-  function fixUrl(target, prefix, location) {
-    var currentRemoteHref =
-      location.pathname.substr(prefix.length) + location.search + location.hash;
-    var url = new URL(target, currentRemoteHref);
+  function fixUrl(urlStr, config, location) {
+    var currentRemoteHref;
+    if (location.pathname.substr(0, config.prefix.length) === config.prefix) {
+      currentRemoteHref =
+        location.pathname.substr(config.prefix.length) +
+        location.search +
+        location.hash;
+    } else {
+      // in case sites like youtube bypass our history wrapper somehow
+      currentRemoteHref = config.url;
+    }
+    var url = new URL(urlStr, currentRemoteHref);
 
     //todo: handle already proxied urls (will be important for checking current dom)
 
     // don't break data: urls
     if (url.protocol === "data:") {
-      return target;
+      return urlStr;
     }
 
     // sometimes websites are tricky
@@ -36,37 +39,56 @@
       url.protocol = currentRemoteUrl.protocol;
       // todo: handle websocket protocols
     }
-    return prefix + url.href;
+    return config.prefix + url.href;
   }
 
-  function initXMLHttpRequest(config) {
-    var _XMLHttpRequest = XMLHttpRequest;
+  function initXMLHttpRequest(config, window) {
+    if (typeof window.XMLHttpRequest === "undefined") return;
+    var _XMLHttpRequest = window.XMLHttpRequest;
 
     window.XMLHttpRequest = function (opts) {
       var xhr = new _XMLHttpRequest(opts);
       var _open = xhr.open;
       xhr.open = function () {
         var args = Array.prototype.slice.call(arguments);
-        args[1] = fixUrl(args[1], config.prefix, location);
+        args[1] = fixUrl(args[1], config, location);
         return _open.apply(xhr, args);
       };
       return xhr;
     };
   }
 
-  function initCreateElement(config) {
-    var prefix = config.prefix;
-    var _createElement = document.createElement;
+  function initFetch(config, window) {
+    if (typeof window.fetch === "undefined") return;
+    var _fetch = window.fetch;
 
-    document.createElement = function (tagName, options) {
-      var element = _createElement.call(document, tagName, options);
+    window.fetch = function (resource, init) {
+      if (resource.url) {
+        resource.url = fixUrl(resource.url, config, location);
+      } else {
+        resource = fixUrl(resource.toString(), config, location);
+      }
+      return _fetch(resource, init);
+    };
+  }
+
+  function initCreateElement(config, window) {
+    if (
+      typeof window.document === "undefined" ||
+      typeof window.document.createElement === "undefined"
+    )
+      return;
+    var _createElement = window.document.createElement;
+
+    window.document.createElement = function (tagName, options) {
+      var element = _createElement.call(window.document, tagName, options);
       // todo: whitelist elements with href or src attributes and only check those
       setTimeout(function () {
         if (element.src) {
-          element.src = fixUrl(element.src, prefix, location);
+          element.src = fixUrl(element.src, config, location);
         }
         if (element.href) {
-          element.href = fixUrl(element.href, prefix, location);
+          element.href = fixUrl(element.href, config, location);
         }
         // todo: support srcset and ..?
       }, 0);
@@ -75,8 +97,22 @@
     };
   }
 
-  function initWebsockets(config) {
-    var _WebSocket = WebSocket;
+  // js on some sites, such as youtube, uses an iframe to grab native APIs such as history, so we need to fix those also.
+  // the
+  // function initBodyAppendiFrame(config, window) {
+  //   if (
+  //     typeof window.document === "undefined" ||
+  //     typeof window.document.body === "undefined"
+  //   )
+  //         if (tagName.toLowerCase() === 'iframe' && element.contentWindow) {
+  //           // todo: check if we need to wait for onLoad or whatever
+  //             initForWindow(config, element.contentWindow);
+  //           }
+  // }
+
+  function initWebsockets(config, window) {
+    if (typeof window.WebSocket === "undefined") return;
+    var _WebSocket = window.WebSocket;
     var prefix = config.prefix;
     var proxyHost = location.host;
     var isSecure = location.protocol === "https";
@@ -118,13 +154,59 @@
     };
   }
 
-  initXMLHttpRequest(unblocker);
-  initCreateElement(unblocker);
-  initWebsockets(unblocker);
+  // todo: figure out how youtube bypasses this
+  // notes: look at bindHistoryStateFunctions_ - it looks like it checks the contentWindow.history of an iframe *fitst*, then it's __proto__, then the global history api
+  //        - so, we need to inject this into iframes also
+  function initPushState(config, window) {
+    if (
+      typeof window.history === "undefined" ||
+      typeof window.history.pushState === "undefined"
+    )
+      return;
+
+    var _pushState = window.history.pushState;
+    window.history.pushState = function (state, title, url) {
+      if (url) {
+        url = fixUrl(url, config, location);
+        config.url = new URL(url, config.url);
+        return _pushState.call(history, state, title, url);
+      }
+    };
+
+    if (typeof window.history.replaceState === "undefined") return;
+    var _replaceState = window.history.replaceState;
+    window.history.replaceState = function (state, title, url) {
+      if (url) {
+        url = fixUrl(url, config, location);
+        config.url = new URL(url, config.url);
+        return _replaceState.call(history, state, title, url);
+      }
+    };
+  }
 
-  console.log("unblocker client scripts initialized");
+  function initForWindow(unblocker, window) {
+    console.log("begin unblocker client scripts", unblocker, window);
+    initXMLHttpRequest(unblocker, window);
+    initFetch(unblocker, window);
+    initCreateElement(unblocker, window);
+    initWebsockets(unblocker, window);
+    initPushState(unblocker, window);
+    if (window === global) {
+      // leave no trace
+      delete global.unblockerInit;
+    }
+    console.log("unblocker client scripts initialized");
+  }
 
-  // export things for testing if loaded via commonjs
-  exports.fixUrl = fixUrl;
+  // either export things for testing or put the init method into the global scope to be called
+  // with config by the next script tag in a browser
   /*globals module*/
-})((typeof module === "object" && module.exports) || {});
+  if (typeof module === "undefined") {
+    global.unblockerInit = initForWindow;
+  } else {
+    module.exports = {
+      initForWindow: initForWindow,
+      fixUrl: fixUrl,
+    };
+  }
+})(this); // window in a browser, global in node.js

test/client/fix-url-spec.js

@@ -1,11 +1,13 @@
 "use strict";
 const { test } = require("tap");
-const { fixUrl } = require("../../lib/client/unblocker-client.js");
-const proxy = "http://localhost";
 const prefix = "/proxy/";
+const proxy = "http://localhost";
 const target = "http://example.com/page.html?query#hash";
 const location = new URL(proxy + prefix + target);
 
+const config = (global.unblocker = { prefix, url: target });
+const { fixUrl } = require("../../lib/client/unblocker-client.js");
+
 // 1x1 transparent gif
 const pixel =
   " data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACH5BAEAAAAALAAAAAABAAEAAAICRAEAOw==";
@@ -36,16 +38,19 @@ const testCases = [
   { url: "http://localhost/path", expected: "/proxy/http://example.com/path" },
   // don't break data: urls
   { url: pixel, expected: pixel },
+  // don't break protocol-relative urls
+  { url: "//example.com/foo", expected: "/proxy/http://example.com/foo" },
   // todo: port numbers
   // todo: more https tests
   // todo: websockets(?)
   // todo: already proxied input url
+  // todo: about:blank
 ];
 
 testCases.forEach((tc) => {
   test(JSON.stringify(tc), (t) => {
     // todo: replace || with ??
-    const actual = fixUrl(tc.url, tc.prefix || prefix, tc.location || location);
+    const actual = fixUrl(tc.url, tc.config || config, tc.location || location);
     t.equal(actual, tc.expected);
     t.end();
   });