ciphermask/app/scripts/contentscript.js

const fs = require('fs')
const path = require('path')
const pump = require('pump')
const LocalMessageDuplexStream = require('post-message-stream')
const PongStream = require('ping-pong-stream/pong')
const ObjectMultiplex = require('obj-multiplex')
const extension = require('extensionizer')
const PortStream = require('./lib/port-stream.js')

const inpageContent = fs.readFileSync(path.join(__dirname, '..', '..', 'dist', 'chrome', 'inpage.js')).toString()
const inpageSuffix = '//# sourceURL=' + extension.extension.getURL('inpage.js') + '\n'
const inpageBundle = inpageContent + inpageSuffix

// Eventually this streaming injection could be replaced with:
// https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.utils.exportFunction
//
// But for now that is only Firefox
// If we create a FireFox-only code path using that API,
// MetaMask will be much faster loading and performant on Firefox.

if (shouldInjectWeb3()) {
  setupInjection()
  setupStreams()
}

function setupInjection () {
  try {
    // inject in-page script
    var scriptTag = document.createElement('script')
    scriptTag.textContent = inpageBundle
    scriptTag.onload = function () { this.parentNode.removeChild(this) }
    var container = document.head || document.documentElement
    // append as first child
    container.insertBefore(scriptTag, container.children[0])
  } catch (e) {
    console.error('Metamask injection failed.', e)
  }
}

function setupStreams () {
  // setup communication to page and plugin
  const pageStream = new LocalMessageDuplexStream({
    name: 'contentscript',
    target: 'inpage',
  })
  const pluginPort = extension.runtime.connect({ name: 'contentscript' })
  const pluginStream = new PortStream(pluginPort)

  // forward communication plugin->inpage
  pump(
    pageStream,
    pluginStream,
    pageStream,
    (err) => logStreamDisconnectWarning('MetaMask Contentscript Forwarding', err)
  )

  // setup local multistream channels
  const mux = new ObjectMultiplex()
  mux.setMaxListeners(25)

  pump(
    mux,
    pageStream,
    mux,
    (err) => logStreamDisconnectWarning('MetaMask Inpage', err)
  )
  pump(
    mux,
    pluginStream,
    mux,
    (err) => logStreamDisconnectWarning('MetaMask Background', err)
  )

  // connect ping stream
  const pongStream = new PongStream({ objectMode: true })
  pump(
    mux,
    pongStream,
    mux,
    (err) => logStreamDisconnectWarning('MetaMask PingPongStream', err)
  )

  // connect phishing warning stream
  const phishingStream = mux.createStream('phishing')
  phishingStream.once('data', redirectToPhishingWarning)

  // ignore unused channels (handled by background, inpage)
  mux.ignoreStream('provider')
  mux.ignoreStream('publicConfig')
}

function logStreamDisconnectWarning (remoteLabel, err) {
  let warningMsg = `MetamaskContentscript - lost connection to ${remoteLabel}`
  if (err) warningMsg += '\n' + err.stack
  console.warn(warningMsg)
}

function shouldInjectWeb3 () {
  return doctypeCheck() && suffixCheck()
    && documentElementCheck() && !blacklistedDomainCheck()
}

function doctypeCheck () {
  const doctype = window.document.doctype
  if (doctype) {
    return doctype.name === 'html'
  } else {
    return true
  }
}

function suffixCheck () {
  var prohibitedTypes = ['xml', 'pdf']
  var currentUrl = window.location.href
  var currentRegex
  for (let i = 0; i < prohibitedTypes.length; i++) {
    currentRegex = new RegExp(`\\.${prohibitedTypes[i]}$`)
    if (currentRegex.test(currentUrl)) {
      return false
    }
  }
  return true
}

function documentElementCheck () {
  var documentElement = document.documentElement.nodeName
  if (documentElement) {
    return documentElement.toLowerCase() === 'html'
  }
  return true
}

function blacklistedDomainCheck () {
  var blacklistedDomains = [
    'uscourts.gov',
    'dropbox.com',
    'webbyawards.com',
  ]
  var currentUrl = window.location.href
  var currentRegex
  for (let i = 0; i < blacklistedDomains.length; i++) {
    const blacklistedDomain = blacklistedDomains[i].replace('.', '\\.')
    currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blacklistedDomain}).)*$`)
    if (!currentRegex.test(currentUrl)) {
      return true
    }
  }
  return false
}

function redirectToPhishingWarning () {
  console.log('MetaMask - redirecting to phishing warning')
  window.location.href = 'https://metamask.io/phishing.html'
}
contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`const fs = require('fs')`
			`const path = require('path')`
			`const pump = require('pump')`
deps - local-message-stream extracted as module post-message-stream 8 years ago			`const LocalMessageDuplexStream = require('post-message-stream')`
dapp reload - fixed disconnect detection via polling 8 years ago			`const PongStream = require('ping-pong-stream/pong')`
contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`const ObjectMultiplex = require('obj-multiplex')`
extension - prefer extensionizer module 8 years ago			`const extension = require('extensionizer')`
contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`const PortStream = require('./lib/port-stream.js')`
inpage - automatic dapp reload 9 years ago
build - extension - move js files to toplevel 7 years ago			`const inpageContent = fs.readFileSync(path.join(__dirname, '..', '..', 'dist', 'chrome', 'inpage.js')).toString()`
			`const inpageSuffix = '//# sourceURL=' + extension.extension.getURL('inpage.js') + '\n'`
contentscript - fix inpage require and bundling 7 years ago			`const inpageBundle = inpageContent + inpageSuffix`
Inject inpage script synchronously Huge thanks to the Firefox team, for their help on the issue of our long-standing inpage script race condition. http://stackoverflow.com/questions/38577656/how-can-i-make-a-firefox-add-on-contentscript-inject-and-run-a-script-before-oth The problem is that we were injecting a `script` tag and assigning its `src` attribute, which triggers an asynchronous fetch request, and does not guarantee execution order! (That was news to me!) Instead, I'm now assigning the `script` tag a `textContent` value of the script to inject, and it seems to fix the problem! There is also a Firefox-only API that could solve this whole problem in an even more elegant way, so we might want to expose a code path for that solution later on: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.utils.exportFunction Allows you to expose an object from one scope to another. There was even talk of creating a polyfill for it that does virtually what we do, message passing between contexts. 8 years ago
			`// Eventually this streaming injection could be replaced with:`
			`// https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Language_Bindings/Components.utils.exportFunction`
			`//`
			`// But for now that is only Firefox`
			`// If we create a FireFox-only code path using that API,`
			`// MetaMask will be much faster loading and performant on Firefox.`

contentscript - skip web3 injection if domain appears to be a pdf 8 years ago			`if (shouldInjectWeb3()) {`
			`setupInjection()`
contentscript - remove timeout before stream setup 8 years ago			`setupStreams()`
contentscript - skip web3 injection if domain appears to be a pdf 8 years ago			`}`

Linting to the max. 8 years ago			`function setupInjection () {`
Clean up extension polyfill abstraction 8 years ago			`try {`
			`// inject in-page script`
			`var scriptTag = document.createElement('script')`
contentscript - fix inpage require and bundling 7 years ago			`scriptTag.textContent = inpageBundle`
Clean up extension polyfill abstraction 8 years ago			`scriptTag.onload = function () { this.parentNode.removeChild(this) }`
			`var container = document.head \|\| document.documentElement`
			`// append as first child`
			`container.insertBefore(scriptTag, container.children[0])`
			`} catch (e) {`
			`console.error('Metamask injection failed.', e)`
			`}`
web3 injection - use web3 dist for faster injection 8 years ago			`}`

Linting to the max. 8 years ago			`function setupStreams () {`
contentscript - skip web3 injection if domain appears to be a pdf 8 years ago			`// setup communication to page and plugin`
Merge branch 'master' of github.com:MetaMask/metamask-extension into greenkeeper/initial 7 years ago			`const pageStream = new LocalMessageDuplexStream({`
contentscript - skip web3 injection if domain appears to be a pdf 8 years ago			`name: 'contentscript',`
			`target: 'inpage',`
			`})`
Merge branch 'master' of github.com:MetaMask/metamask-extension into greenkeeper/initial 7 years ago			`const pluginPort = extension.runtime.connect({ name: 'contentscript' })`
			`const pluginStream = new PortStream(pluginPort)`
contentscript - skip web3 injection if domain appears to be a pdf 8 years ago
			`// forward communication plugin->inpage`
bug - fix event emitter mem leak warning 7 years ago			`pump(`
			`pageStream,`
			`pluginStream,`
			`pageStream,`
			`(err) => logStreamDisconnectWarning('MetaMask Contentscript Forwarding', err)`
			`)`
contentscript - skip web3 injection if domain appears to be a pdf 8 years ago
dapp reload - fixed disconnect detection via polling 8 years ago			`// setup local multistream channels`
contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`const mux = new ObjectMultiplex()`
bug - fix event emitter mem leak warning 7 years ago			`mux.setMaxListeners(25)`

contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`pump(`
			`mux,`
			`pageStream,`
			`mux,`
			`(err) => logStreamDisconnectWarning('MetaMask Inpage', err)`
			`)`
			`pump(`
			`mux,`
			`pluginStream,`
			`mux,`
			`(err) => logStreamDisconnectWarning('MetaMask Background', err)`
			`)`
dapp reload - fixed disconnect detection via polling 8 years ago
			`// connect ping stream`
Merge branch 'master' of github.com:MetaMask/metamask-extension into greenkeeper/initial 7 years ago			`const pongStream = new PongStream({ objectMode: true })`
contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`pump(`
			`mux,`
			`pongStream,`
			`mux,`
			`(err) => logStreamDisconnectWarning('MetaMask PingPongStream', err)`
			`)`
dapp reload - fixed disconnect detection via polling 8 years ago
Merge branch 'master' of github.com:MetaMask/metamask-extension into greenkeeper/initial 7 years ago			`// connect phishing warning stream`
contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`const phishingStream = mux.createStream('phishing')`
Merge branch 'master' of github.com:MetaMask/metamask-extension into greenkeeper/initial 7 years ago			`phishingStream.once('data', redirectToPhishingWarning)`

			`// ignore unused channels (handled by background, inpage)`
contentscript - fix obj-multiplex instantiation and use pump for streams 7 years ago			`mux.ignoreStream('provider')`
			`mux.ignoreStream('publicConfig')`
			`}`

			`function logStreamDisconnectWarning (remoteLabel, err) {`
			let warningMsg = `MetamaskContentscript - lost connection to ${remoteLabel}`
			`if (err) warningMsg += '\n' + err.stack`
			`console.warn(warningMsg)`
contentscript - skip web3 injection if domain appears to be a pdf 8 years ago			`}`

Linting to the max. 8 years ago			`function shouldInjectWeb3 () {`
build - extension - move js files to toplevel 7 years ago			`return doctypeCheck() && suffixCheck()`
Inject Script: Blacklist domains where not to inject script Put a blacklist domain check where if the page url is in the list of blacklisted domains, we shouldn't inject script in that web page. 7 years ago			`&& documentElementCheck() && !blacklistedDomainCheck()`
Prevent XML from web3 injections. 8 years ago			`}`

Fix injection logic. 8 years ago			`function doctypeCheck () {`
Modify logic for injection conditions. 8 years ago			`const doctype = window.document.doctype`
			`if (doctype) {`
			`return doctype.name === 'html'`
			`} else {`
fix #1398, prevent injecting xml without xml suffix 7 years ago			`return true`
Prevent XML from web3 injections. 8 years ago			`}`
Implement some cross-browser practices (#473) * Add mozilla plugin key to manifest * Move all chrome references into platform-checking module Addresses #453 * Add chrome global back to linter blacklist * Add tests 8 years ago			`}`
Fix injection logic. 8 years ago
Fix linting warnings 8 years ago			`function suffixCheck () {`
Fix injection logic. 8 years ago			`var prohibitedTypes = ['xml', 'pdf']`
			`var currentUrl = window.location.href`
			`var currentRegex`
			`for (let i = 0; i < prohibitedTypes.length; i++) {`
lint fixes 7 years ago			currentRegex = new RegExp(`\\.${prohibitedTypes[i]}$`)
Fix injection logic. 8 years ago			`if (currentRegex.test(currentUrl)) {`
			`return false`
			`}`
			`}`
			`return true`
			`}`
Merge branch 'master' of github.com:MetaMask/metamask-extension into greenkeeper/initial 7 years ago
fix #1398, prevent injecting xml without xml suffix 7 years ago			`function documentElementCheck () {`
			`var documentElement = document.documentElement.nodeName`
			`if (documentElement) {`
			`return documentElement.toLowerCase() === 'html'`
			`}`
			`return true`
			`}`

Inject Script: Blacklist domains where not to inject script Put a blacklist domain check where if the page url is in the list of blacklisted domains, we shouldn't inject script in that web page. 7 years ago			`function blacklistedDomainCheck () {`
Add webby awards to web3 block list. 7 years ago			`var blacklistedDomains = [`
			`'uscourts.gov',`
			`'dropbox.com',`
			`'webbyawards.com',`
			`]`
Inject Script: Blacklist domains where not to inject script Put a blacklist domain check where if the page url is in the list of blacklisted domains, we shouldn't inject script in that web page. 7 years ago			`var currentUrl = window.location.href`
			`var currentRegex`
			`for (let i = 0; i < blacklistedDomains.length; i++) {`
			`const blacklistedDomain = blacklistedDomains[i].replace('.', '\\.')`
			currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blacklistedDomain}).)*$`)
			`if (!currentRegex.test(currentUrl)) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

Merge branch 'master' of github.com:MetaMask/metamask-extension into greenkeeper/initial 7 years ago			`function redirectToPhishingWarning () {`
			`console.log('MetaMask - redirecting to phishing warning')`
			`window.location.href = 'https://metamask.io/phishing.html'`
			`}`