From bbbb4f48774f68fcd5523261afb0eecabb38e2bb Mon Sep 17 00:00:00 2001 From: Official Noob <31563761+OfficialNoob@users.noreply.github.com> Date: Sun, 4 Aug 2019 20:01:39 +0100 Subject: [PATCH 1/3] Made UUID less predictable --- background.js | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/background.js b/background.js index cbd45531..84ec925e 100644 --- a/background.js +++ b/background.js @@ -269,5 +269,27 @@ function getYouTubeVideoID(url) { // Return video id or false return (match && match[7].length == 11) ? match[7] : false; } -//uuid generator function from https://gist.github.com/jed/982883 -function generateUUID(a){return a?(a^Math.random()*16>>a/4).toString(16):([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g,generateUUID)} \ No newline at end of file +function generateUUID() { + var length = 36; + var charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; + var i; + var result = ""; + var isOpera = Object.prototype.toString.call(window.opera) == '[object Opera]'; + if (window.crypto && window.crypto.getRandomValues) { + values = new Uint32Array(length); + window.crypto.getRandomValues(values); + for (i = 0; i < length; i++) { + result += charset[values[i] % charset.length]; + } + return result; + } else if (isOpera) //Opera's Math.random is secure, see http://lists.w3.org/Archives/Public/public-webcrypto/2013Jan/0063.html + { + for (i = 0; i < length; i++) { + result += charset[Math.floor(Math.random() * charset.length)]; + } + return result; + } else { + alert("Your browser can't generate a secure UUID so Math.random() was used"); + return Math.random().toString(36).substring(2) + (new Date()).getTime().toString(36); + } +} From b28087f723d248dad3b066b7dbd10ea4c406d915 Mon Sep 17 00:00:00 2001 From: Official Noob <31563761+OfficialNoob@users.noreply.github.com> Date: Fri, 9 Aug 2019 11:34:08 +0100 Subject: [PATCH 2/3] Kind of better :/ --- background.js | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/background.js b/background.js index 84ec925e..e4ecc233 100644 --- a/background.js +++ b/background.js @@ -269,8 +269,7 @@ function getYouTubeVideoID(url) { // Return video id or false return (match && match[7].length == 11) ? match[7] : false; } -function generateUUID() { - var length = 36; +function generateUUID(length = 36) { var charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; var i; var result = ""; @@ -282,14 +281,11 @@ function generateUUID() { result += charset[values[i] % charset.length]; } return result; - } else if (isOpera) //Opera's Math.random is secure, see http://lists.w3.org/Archives/Public/public-webcrypto/2013Jan/0063.html - { + } else { + if(!isOpera) alert("[SB] Your browser can't generate a secure userID"); for (i = 0; i < length; i++) { - result += charset[Math.floor(Math.random() * charset.length)]; + result += charset[Math.floor(Math.random() * charset.length)]; } return result; - } else { - alert("Your browser can't generate a secure UUID so Math.random() was used"); - return Math.random().toString(36).substring(2) + (new Date()).getTime().toString(36); } } From 1c05de3098f976b1e2998d89dc9d1205f02c8bbe Mon Sep 17 00:00:00 2001 From: Ajay Ramachandran Date: Sun, 11 Aug 2019 17:10:40 -0400 Subject: [PATCH 3/3] Update version number --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 544b9501..e80a30f6 100644 --- a/manifest.json +++ b/manifest.json @@ -1,7 +1,7 @@ { "name": "SponsorBlock for YouTube - Skip Sponsorships", "short_name": "SponsorBlock", - "version": "1.0.29", + "version": "1.0.30", "description": "Skip over sponsorship on YouTube videos. Report sponsors on videos you watch to save the time of others.", "content_scripts": [ {