我正在开发一个Chrome扩展程序来阻止WebRTC应对此漏洞:https://github.com/diafygi/webrtc-ips
使用当前代码一切顺利,直到几天前更新漏洞利用程序包含此内容:iframe.sandbox = 'allow-same-origin';
由于添加了沙箱属性,因此收到错误Blocked script execution in 'about:blank' because the document's frame is sandboxed and the 'allow-scripts' permission is not set.
怎么办?
manifest.json的相关代码:
"content_scripts": [
{
"matches": ["<all_urls>"],
"run_at": "document_start",
"all_frames": true,
"match_about_blank": true,
"js": ["webrtc.js"]
}
],
"permissions": [ "tabs", "<all_urls>", "webRequest", "webRequestBlocking"],
我的webrtc.js:
var inject = '(' + function() {
if (typeof window.RTCPeerConnection !== "undefined") {
window.RTCPeerConnection = undefined;
}
if (typeof window.webkitRTCPeerConnection !== "undefined") {
window.webkitRTCPeerConnection = undefined;
}
} + ')();';
var isInIFrame = window.frameElement && window.frameElement.nodeName == "IFRAME";
if(isInIFrame==true){
var script = document.createElement('script');
script.textContent = inject;
(document.head || document.documentElement)
.appendChild(script);
script.parentNode.removeChild(script);
}
else
{
var script = document.createElement('script');
script.textContent = inject;
(document.head || document.documentElement)
.appendChild(script);
script.parentNode.removeChild(script);
}
LE:我忘了补充说扩展并没有在最新的稳定版本40.0.2214.111中阻止WebRTC,但似乎在Canary 42.0.2304.0中这样做。