Home Explore Help
Register Sign In
Apq
/
violentmonkey
mirror of https://github.com/violentmonkey/violentmonkey.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

fix: vault iframe uses page mode so `window` is `global`

+ also get the list just once per vault
tophf 3 years ago
parent
eadca5eb37
commit
0c3fb7de88
2 changed files with 8 additions and 7 deletions
Split View Show Diff Stats
  1. 1 1
      src/injected/content/inject.js
  2. 7 6
      src/injected/web/safe-globals-web.js

+ 1 - 1
src/injected/content/inject.js
View File 

@@ -71,7 +71,7 @@ export function injectPageSandbox(contentId, webId) {
 
      * Content scripts will see `document.opener = null`, not the original opener, so we have
 
      * to use an iframe to extract the safe globals. Detection via document.referrer won't work
 
      * is it can be emptied by the opener page, too. */
 
-    inject({ code: `parent["${vaultId}"] = [this, window]` }, ok => {
 
+    inject({ code: `parent["${vaultId}"] = [this]` }, ok => {
 
       // Skipping page injection in FF if our script element was blocked by site's CSP
 
       if (ok && (!IS_FIREFOX || window.wrappedJSObject[vaultId])) {
 
         startHandshake();

+ 7 - 6
src/injected/web/safe-globals-web.js
View File 

@@ -97,9 +97,9 @@ export const VAULT = (() => {
 
   if (!res) {
 
     res = createNullObj();
 
   } else if (!isFunction(res[0])) {
 
-    // injectPageSandbox iframe's `this` and `window`
 
+    // injectPageSandbox iframe's `global` is `window` because it's in page mode
 
     src = res[0];
 
-    srcWindow = res[1];
 
+    srcWindow = src;
 
     res = createNullObj();
 
   }
 
   res = [
 
@@ -163,13 +163,14 @@ export const VAULT = (() => {
 
     getDetail = res[i += 1] || describeProperty(SafeCustomEvent[PROTO], 'detail').get,
 
     getReaderResult = res[i += 1] || describeProperty(SafeFileReader[PROTO], 'result').get,
 
     getRelatedTarget = res[i += 1] || describeProperty(SafeMouseEvent[PROTO], 'relatedTarget').get,
 
+    // various values
 
+    builtinGlobals = res[i += 1] || [
 
+      getOwnPropertyNames(srcWindow),
 
+      src !== srcWindow && getOwnPropertyNames(src),
 
+    ],
 
   ];
 
   // Well-known Symbols are unforgeable
 
   toStringTagSym = SafeSymbol.toStringTag;
 
-  builtinGlobals = [
 
-    getOwnPropertyNames(srcWindow),
 
-    src !== srcWindow && getOwnPropertyNames(src),
 
-  ];
 
   /* Exporting the functions separately instead of exporting SafeJSON as its props may be broken
 
    * by the page if it gains access to any other object from the vault e.g. a thrown SafeError. */
 
   jsonParse = SafeJSON.parse;