Eli Grey eligrey

## interventions.ts
const freezeProp = <T = any>(
  object: T,
  property: string | symbol | number,
  value = (object as any)[property],
): T =>
  Object.defineProperty(object, property, {
    value,
    configurable: false,
    writable: false,
    enumerable: false,

## uri-validator.ts
/**
 * Validate potentially relative URL
 *
 * @param input - URL to validate
 * @returns true if URL is valid and doesn't need additional encoding
 */
const isValidURL = (input: string): boolean => {
  try {
    const { href, pathname, host, origin } = new globalThis.URL(
      input,

## example.ts
import { matchLanguages, getNearestSupportedLanguage } from './match-languages';

const supportedLanguages = ['en-GB', 'fr'];
console.log('navigator.languages: ', navigator.languages);
const matches = matchLanguages(navigator.languages, supportedLanguages);
console.log('preferred language matches:', matches);
const nearest = getNearestSupportedLanguage(matches, supportedLanguages);
console.log('nearest matching supported language:', nearest);

## host-validator.ts
/**
 * Validate URL host
 *
 * This supports domain names, IDN domain names, IPv4, and IPv6 addresses.
 *
 * Intentional spec incompatibilities:
 * - Blank hosts ('') and blank FQDN hosts ('.') are considered invalid.
 *
 * @param host - Host to validate
 * @returns true if host is valid and doesn't need additional encoding

## challenge.js
// @ts-nocheck

//
//  User-initiated click isTrusted attestation challenge:
//
//   Secure this 'click' event listener from synthetic clicks
//   while working in a prototype pollution superfund site.
//
//   addEventListener() has been been backdoored.
//

## node.isConnected-polyfill.js
/*
 * Node.isConnected polyfill for EdgeHTML
 * 2021-04-12
 *
 * By Eli Grey, https://eligrey.com
 * Public domain.
 * NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
 */

if (!('isConnected' in Node.prototype)) {

## bypass-csp.js
// update: this was over-engineered
// just navigate to an HTTP 204 redirect to exfiltrate data

## filename from path regexes.js
const pathFileNameMatcher = /\/?(?<fileName>[^/]+(?<fileExtension>\.[^/.]*)?)\/*$/;
const pathFilePrefixMatcher = /\/?(?<filePrefix>[^/]+)(?<fileExtension>\.[^/.]*)?\/*$/;

'test/foo/|foo|.test.enc/'.match(pathFilePrefixMatcher).groups.filePrefix == '|foo|.test'

const matches = new URL('https://your-url-here/example.txt').pathname.match(pathFileNameMatcher);
const fileName =
  (matches && matches.groups && matches.groups.fileName) || 'file';

## spreadify.once.js
/** Alternative spreadify implementation with `...spreadify.once` */
const spreadify = {
  /** Always spread */
  *[Symbol.iterator](): any {
    delete this[Symbol.iterator];
    yield* this.once[Symbol.iterator].call(this);
    this[Symbol.iterator] = this.once[Symbol.iterator];
  },
  once: {
    /** Spread once */

## hash.ts
/**
 * Get the cryptographic hash of an ArrayBuffer
 *
 * @param ab - ArrayBuffer to digest
 * @param algorithm - Cryptographic hash digest algorithm
 * @returns Hexadecimal hash digest string
 */
export const hash = async (
  algorithm: string,
  ab: ArrayBuffer | Promise<ArrayBuffer>,
	const freezeProp = <T = any>(
	object: T,
	property: string \| symbol \| number,
	value = (object as any)[property],
	): T =>
	Object.defineProperty(object, property, {
	value,
	configurable: false,
	writable: false,
	enumerable: false,
	/**
	* Validate potentially relative URL
	*
	* @param input - URL to validate
	* @returns true if URL is valid and doesn't need additional encoding
	*/
	const isValidURL = (input: string): boolean => {
	try {
	const { href, pathname, host, origin } = new globalThis.URL(
	input,
	import { matchLanguages, getNearestSupportedLanguage } from './match-languages';

	const supportedLanguages = ['en-GB', 'fr'];
	console.log('navigator.languages: ', navigator.languages);
	const matches = matchLanguages(navigator.languages, supportedLanguages);
	console.log('preferred language matches:', matches);
	const nearest = getNearestSupportedLanguage(matches, supportedLanguages);
	console.log('nearest matching supported language:', nearest);
	/**
	* Validate URL host
	*
	* This supports domain names, IDN domain names, IPv4, and IPv6 addresses.
	*
	* Intentional spec incompatibilities:
	* - Blank hosts ('') and blank FQDN hosts ('.') are considered invalid.
	*
	* @param host - Host to validate
	* @returns true if host is valid and doesn't need additional encoding
	// @ts-nocheck

	//
	// User-initiated click isTrusted attestation challenge:
	//
	// Secure this 'click' event listener from synthetic clicks
	// while working in a prototype pollution superfund site.
	//
	// addEventListener() has been been backdoored.
	//
	/*
	* Node.isConnected polyfill for EdgeHTML
	* 2021-04-12
	*
	* By Eli Grey, https://eligrey.com
	* Public domain.
	* NO WARRANTY EXPRESSED OR IMPLIED. USE AT YOUR OWN RISK.
	*/

	if (!('isConnected' in Node.prototype)) {
	// update: this was over-engineered
	// just navigate to an HTTP 204 redirect to exfiltrate data
	const pathFileNameMatcher = /\/?(?<fileName>[^/]+(?<fileExtension>\.[^/.])?)\/$/;
	const pathFilePrefixMatcher = /\/?(?<filePrefix>[^/]+)(?<fileExtension>\.[^/.])?\/$/;

	'test/foo/\|foo\|.test.enc/'.match(pathFilePrefixMatcher).groups.filePrefix == '\|foo\|.test'

	const matches = new URL('https://your-url-here/example.txt').pathname.match(pathFileNameMatcher);
	const fileName =
	(matches && matches.groups && matches.groups.fileName) \|\| 'file';
	/** Alternative spreadify implementation with `...spreadify.once` */
	const spreadify = {
	/** Always spread */
	*[Symbol.iterator](): any {
	delete this[Symbol.iterator];
	yield* this.once[Symbol.iterator].call(this);
	this[Symbol.iterator] = this.once[Symbol.iterator];
	},
	once: {
	/** Spread once */
	/**
	* Get the cryptographic hash of an ArrayBuffer
	*
	* @param ab - ArrayBuffer to digest
	* @param algorithm - Cryptographic hash digest algorithm
	* @returns Hexadecimal hash digest string
	*/
	export const hash = async (
	algorithm: string,
	ab: ArrayBuffer \| Promise<ArrayBuffer>,