From f5f0154cfd40ab34c9cb223766f9ad33c39942fa Mon Sep 17 00:00:00 2001
From: Thomas Rientjes <synzvato@protonmail.com>
Date: Mon, 15 Feb 2016 00:13:57 +0100
Subject: [PATCH] Adjust domain tainting mechanism

---
 lib/interceptor.js  |  2 +-
 lib/load-watcher.js | 30 +++++++++++++++---------------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/lib/interceptor.js b/lib/interceptor.js
index c8dad4b..bb92528 100644
--- a/lib/interceptor.js
+++ b/lib/interceptor.js
@@ -28,7 +28,7 @@ var { Cc, Ci, Cr } = require('chrome');
 var simplePreferences = require('sdk/simple-prefs');
 
 /**
- * Retains data across Firefox restarts.
+ * Retains data across application restarts.
  * @var {object} simpleStorage
  */
 var simpleStorage = require('sdk/simple-storage');
diff --git a/lib/load-watcher.js b/lib/load-watcher.js
index 64f6d19..0862dd8 100644
--- a/lib/load-watcher.js
+++ b/lib/load-watcher.js
@@ -30,7 +30,7 @@ var xpcom = require('sdk/platform/xpcom');
 var mappings = require('./mappings');
 
 /**
- * Retains data across Firefox restarts.
+ * Retains data across application restarts.
  * @var {object} simpleStorage
  */
 var simpleStorage = require('sdk/simple-storage');
@@ -45,7 +45,6 @@ var categoryManager = Cc['@mozilla.org/categorymanager;1']
 
 const CONTRACT_ID = '@decentraleyes.org/load-watcher;1';
 const SCRIPT_CONTENT_TYPE = Ci.nsIContentPolicy.TYPE_SCRIPT;
-const HTML_DOCUMENT = Ci.nsIDOMHTMLDocument;
 const SCRIPT_ELEMENT = Ci.nsIDOMHTMLScriptElement;
 const REQUEST_ACCEPTATION = Ci.nsIContentPolicy.ACCEPT;
 
@@ -55,11 +54,21 @@ const REQUEST_ACCEPTATION = Ci.nsIContentPolicy.ACCEPT;
 
 var storage = simpleStorage.storage;
 
+/**
+ * Tainted domains that are not automatically detectable.
+ * @var {object} undetectableTaintedDomains
+ */
+var undetectableTaintedDomains = {
+
+    'passport.twitch.tv': true,
+    'minigames.mail.ru': true
+};
+
 /**
  * Initializations
  */
 
-storage.taintedDomains = storage.taintedDomains || {};
+storage.taintedDomains = storage.taintedDomains || undetectableTaintedDomains;
 
 /**
  * Load Watcher Class
@@ -69,7 +78,9 @@ var LoadWatcher = new Class({
 
     extends: Unknown,
     interfaces: ['nsIContentPolicy'],
-    get wrappedJSObject() { return this },
+    get wrappedJSObject() {
+        return this
+    },
 
     register: function () {
 
@@ -88,17 +99,6 @@ var LoadWatcher = new Class({
                     // Add corresponding origin domain to the list of tainted domains.
                     storage.taintedDomains[requestOrigin.host] = true;
                 }
-
-            } else if (node instanceof HTML_DOCUMENT) {
-
-                if (node.defaultView && node.defaultView.frameElement) {
-
-                    if (node.defaultView.frameElement.tagName === 'IFRAME') {
-
-                        // Add corresponding origin domain to the list of tainted domains.
-                        storage.taintedDomains[requestOrigin.host] = true;
-                    }
-                }
             }
         }
 
-- 
GitLab