Obviate CSP

Just load the sandbox from a blob url, then the extension CSP doesn't apply to it.
dimdenGD · Sep 1, 2024 · c6ad6fc · c6ad6fc
1 parent 3f94b38
commit c6ad6fc
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 21 deletions.
diff --git a/pack.js b/pack.js
@@ -59,7 +59,6 @@ copyDir('./', '../OldTwitterFirefox').then(async () => {
         "webRequest",
         "webRequestBlocking"
     ];
-    manifest.content_security_policy = "script-src 'self' 'unsafe-eval' 'sha256-0c7AR7s38d85qcAifgyf/pxhEECsIYaQQxFzScXjrKI='; object-src 'self'",
     delete manifest.sandbox;
     delete manifest.host_permissions;
     delete manifest.declarative_net_request;

diff --git a/scripts/twchallenge.js b/scripts/twchallenge.js
@@ -1,25 +1,35 @@
+let solverIframe;
 let solveId = 0;
 let solveCallbacks = {};
 let solveQueue = []
 let solverReady = false;
 let solverErrored = false;
 let sentData = false;
 
-let solverIframe = document.createElement('iframe');
-solverIframe.style.display = 'none';
-solverIframe.src = chrome.runtime.getURL(`sandbox.html`);
-let injectedBody = document.getElementById('injected-body');
-if(injectedBody) {
-    injectedBody.appendChild(solverIframe);
-} else {
-    let int = setInterval(() => {
-        let injectedBody = document.getElementById('injected-body');
-        if(injectedBody) {
-            injectedBody.appendChild(solverIframe);
-            clearInterval(int);
-        }
-    }, 10);
+let sandboxUrl = fetch(chrome.runtime.getURL(`sandbox.html`))
+    .then(resp => resp.blob())
+    .then(blob => URL.createObjectURL(blob))
+    .catch(console.error);
+
+function createSolverFrame() {
+    if (solverIframe) solverIframe.remove();
+    solverIframe = document.createElement('iframe');
+    solverIframe.style.display = 'none';
+    sandboxUrl.then(url => solverIframe.src = url);
+    let injectedBody = document.getElementById('injected-body');
+    if(injectedBody) {
+        injectedBody.appendChild(solverIframe);
+    } else {
+        let int = setInterval(() => {
+            let injectedBody = document.getElementById('injected-body');
+            if(injectedBody) {
+                injectedBody.appendChild(solverIframe);
+                clearInterval(int);
+            }
+        }, 10);
+    }
 }
+createSolverFrame();
 
 function solveChallenge(path, method) {
     return new Promise((resolve, reject) => {
@@ -51,11 +61,7 @@ function solveChallenge(path, method) {
 setInterval(() => {
     if(!document.getElementById('loading-box').hidden && sentData && solveQueue.length) {
         console.log("Something's wrong with the challenge solver, reloading", solveQueue);
-        solverIframe.remove();
-        solverIframe = document.createElement('iframe');
-        solverIframe.style.display = 'none';
-        solverIframe.src = chrome.runtime.getURL(`sandbox.html`);
-        document.getElementById('injected-body').appendChild(solverIframe);
+        createSolverFrame();
         initChallenge();
     }
 }, 2000);
@@ -187,4 +193,4 @@ async function initChallenge() {
     }
 };
 
-initChallenge();
+initChallenge();