Work on Unsafe Window API

MrBlankCoding · MrBlankCoding · commit 59c034b52d01 · 2025-11-04T21:46:01.000-05:00
diff --git a/src/GM/gm_core.js b/src/GM/gm_core.js
@@ -173,7 +173,12 @@
       if (this.loadedScripts.has(url)) {
         return;
       }
-      await this.injectScriptTag(url);
+      // Auto-upgrade HTTP to HTTPS to prevent mixed content errors
+      const upgradedUrl = url.replace(/^http:\/\//i, 'https://');
+      if (upgradedUrl !== url) {
+        console.info(`CodeTweak: Auto-upgraded ${url} to HTTPS`);
+      }
+      await this.injectScriptTag(upgradedUrl);
       this.loadedScripts.add(url);
     }
 
@@ -261,10 +266,17 @@
     window.addEventListener('error', errorHandler);
     window.addEventListener('unhandledrejection', rejectionHandler);
 
+    // Ensure unsafeWindow is available globally before loading external scripts
+    // (jQuery and other libraries may try to attach to it)
+    if (!window.unsafeWindow) {
+      window.unsafeWindow = window;
+    }
+
     try {
       await loader.loadScripts(requireUrls);
       
-      const wrappedCode = `(async function() {\n'use strict';\n${userCode}\n})();`;
+      const wrappedCode = `(async function() {\n'use strict';\nconst unsafeWindow = window.unsafeWindow || window;\n${userCode}\n})();`;
+      console.log('CodeTweak: Wrapped code preview (first 500 chars):', wrappedCode.substring(0, 500));
       const blob = new Blob([wrappedCode], { type: "text/javascript" });
       const blobUrl = URL.createObjectURL(blob);
 
diff --git a/src/utils/inject.js b/src/utils/inject.js
@@ -20,7 +20,25 @@ function createMainWorldExecutor(
   requiredUrls,
   gmInfo
 ) {
-  const MAX_RETRIES = 10;
+  // Always expose unsafeWindow in MAIN world FIRST (it's just the window object)
+  if (!window.unsafeWindow) {
+    try {
+      Object.defineProperty(window, "unsafeWindow", {
+        value: window,
+        writable: false,
+        configurable: false,
+      });
+      console.log('CodeTweak: unsafeWindow exposed via defineProperty');
+    } catch (e) {
+      window.unsafeWindow = window;
+      console.log('CodeTweak: unsafeWindow exposed via direct assignment');
+    }
+  } else {
+    console.log('CodeTweak: unsafeWindow already exists');
+  }
+  console.log('CodeTweak: unsafeWindow check:', typeof window.unsafeWindow, window.unsafeWindow === window);
+
+  const MAX_RETRIES = 30;
   const RETRY_INTERVAL = 100;
 
   function waitForGMBridge(worldType, callback) {
@@ -43,7 +61,14 @@ function createMainWorldExecutor(
         setTimeout(check, RETRY_INTERVAL);
       } else {
         console.error(
-          `CodeTweak: Timed out waiting for core script to load for script '${scriptId}'${worldType ? ` in ${worldType} world` : ''}.`
+          `CodeTweak: Timed out waiting for core script to load for script '${scriptId}'${worldType ? ` in ${worldType} world` : ''}.`,
+          'Missing objects:', {
+            GMBridge: typeof window.GMBridge,
+            ResourceManager: typeof window.GMBridge?.ResourceManager,
+            GMAPIRegistry: typeof window.GMBridge?.GMAPIRegistry,
+            ExternalScriptLoader: typeof window.GMBridge?.ExternalScriptLoader,
+            executeUserScriptWithDependencies: typeof window.GMBridge?.executeUserScriptWithDependencies
+          }
         );
       }
     }
@@ -103,8 +128,6 @@ function createMainWorldExecutor(
   waitForGMBridge('MAIN', () => {
     if (preventReExecution()) return;
 
-  
-
     const bridge = new window.GMBridge(scriptId, extensionId, 'MAIN');
     const resourceManager = window.GMBridge.ResourceManager.fromScript(script);
     const apiRegistry = new window.GMBridge.GMAPIRegistry(bridge, resourceManager);
@@ -133,7 +156,7 @@ function createIsolatedWorldExecutor(
   requiredUrls,
   gmInfo
 ) {
-  const MAX_RETRIES = 10;
+  const MAX_RETRIES = 30;
   const RETRY_INTERVAL = 100;
 
   function waitForGMBridge(worldType, callback) {
@@ -156,7 +179,14 @@ function createIsolatedWorldExecutor(
         setTimeout(check, RETRY_INTERVAL);
       } else {
         console.error(
-          `CodeTweak: Timed out waiting for core script to load for script '${scriptId}'${worldType ? ` in ${worldType} world` : ''}.`
+          `CodeTweak: Timed out waiting for core script to load for script '${scriptId}'${worldType ? ` in ${worldType} world` : ''}.`,
+          'Missing objects:', {
+            GMBridge: typeof window.GMBridge,
+            ResourceManager: typeof window.GMBridge?.ResourceManager,
+            GMAPIRegistry: typeof window.GMBridge?.GMAPIRegistry,
+            ExternalScriptLoader: typeof window.GMBridge?.ExternalScriptLoader,
+            executeUserScriptWithDependencies: typeof window.GMBridge?.executeUserScriptWithDependencies
+          }
         );
       }
     }
@@ -277,7 +307,7 @@ class ScriptInjector {
       await chrome.scripting.executeScript({
         target: { tabId },
         world,
-        files: ["GM/gm_core.js"],
+        files: ["GM/gm_core.js", "GM/gm_api_registry.js"],
       });
       tabCoreScripts.add(world);
     }
diff --git a/src/utils/urls.js b/src/utils/urls.js
@@ -27,8 +27,8 @@ export function urlMatchesPattern(url, pattern) {
 
     if (patternHost === "*") {
       // Any host
-    } else if (patternHost.startsWith("*.")) {
-      const domain = patternHost.slice(2);
+    } else if (patternHost.startsWith("*.") || patternHost.startsWith(".")) {
+      const domain = patternHost.startsWith("*.") ? patternHost.slice(2) : patternHost.slice(1);
       if (!(urlHost === domain || urlHost.endsWith("." + domain))) return false;
     } else if (patternHost.includes("*")) {
       const hostRegex = new RegExp(
@@ -46,21 +46,35 @@ export function urlMatchesPattern(url, pattern) {
     }
 
     const segments = patternPath.split("/").filter(Boolean);
+    
+    // If no segments (just /), match any path
+    if (segments.length === 0) return true;
+    
     const regexParts = ["^"];
 
     for (let i = 0; i < segments.length; i++) {
       const segment = segments[i];
       if (segment === "**") {
-        regexParts.push("(?:\/.*)?");
+        regexParts.push("(?:\\/.*)?" );
+      } else if (segment === "*") {
+        // Single * as entire segment matches one or more path segments
+        regexParts.push("(?:\\/[^/]+)+");
       } else {
         const segmentRegex = segment
           .replace(/\*/g, "[^/]*")
           .replace(/\./g, "\\.");
-        regexParts.push("\/" + segmentRegex);
+        regexParts.push("\\/" + segmentRegex);
       }
     }
 
-    regexParts.push("/?$");
+    // Allow optional trailing slash and anything after the last segment if it ends with *
+    const lastSegment = segments[segments.length - 1];
+    if (lastSegment === "*" || lastSegment.includes("*")) {
+      regexParts.push("(?:\\/.*)?$");
+    } else {
+      regexParts.push("/?$");
+    }
+    
     const pathRegex = new RegExp(regexParts.join(""));
     return pathRegex.test(urlPath);
   } catch (e) {
