Merge branch 'main' into release/v1.3

CodFrm · CodFrm · commit 84558e02b83e · 2026-02-04T00:43:08.000+08:00
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "scriptcat",
-  "version": "1.3.0-beta.2",
+  "version": "1.3.0-beta.3",
   "description": "脚本猫,一个可以执行用户脚本的浏览器扩展,万物皆可脚本化,让你的浏览器可以做更多的事情!",
   "author": "CodFrm",
   "license": "GPLv3",
@@ -39,7 +39,6 @@
     "eventemitter3": "^5.0.1",
     "i18next": "^23.16.4",
     "monaco-editor": "^0.52.2",
-    "pako": "^2.1.0",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
     "react-dropzone": "^14.3.8",
@@ -64,7 +63,6 @@
     "@types/chrome": "^0.1.27",
     "@types/crypto-js": "^4.2.2",
     "@types/node": "^22.12.0",
-    "@types/pako": "^2.0.3",
     "@types/react": "^18.3.1",
     "@types/react-dom": "^18.3.1",
     "@types/semver": "^7.7.1",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/app/service/content/global.ts b/src/app/service/content/global.ts
@@ -0,0 +1,36 @@
+// 避免在全局页面环境中，内置处理函数被篡改或重写
+const unsupportedAPI = () => {
+  throw "unsupportedAPI";
+};
+
+export const Native = {
+  structuredClone: typeof structuredClone === "function" ? structuredClone : unsupportedAPI,
+  jsonStringify: JSON.stringify.bind(JSON),
+  jsonParse: JSON.parse.bind(JSON),
+} as const;
+
+export const customClone = (o: any) => {
+  // 非对象类型直接返回（包含 Symbol、undefined、基本类型等）
+  // 接受参数：阵列、物件、null
+  if (typeof o !== "object") return o;
+
+  try {
+    // 优先使用 structuredClone，支持大多数可克隆对象
+    return Native.structuredClone(o);
+  } catch {
+    // 例如：被 Proxy 包装的对象（如 Vue 等框架处理过的 reactive 对象）
+    // structuredClone 可能会失败，忽略错误继续尝试其他方式
+  }
+
+  try {
+    // 退而求其次，使用 JSON 序列化方式进行深拷贝
+    // 仅适用于可被 JSON 表示的普通对象
+    return Native.jsonParse(Native.jsonStringify(o));
+  } catch {
+    // 序列化失败，忽略错误
+  }
+
+  // 其他无法克隆的非法对象，例如 window、document 等
+  console.error("customClone failed");
+  return undefined;
+};
diff --git a/src/app/service/content/gm_api/gm_api.test.ts b/src/app/service/content/gm_api/gm_api.test.ts
@@ -440,7 +440,12 @@ describe.concurrent("GM_value", () => {
     // 设置再删除
     GM_setValue("a", undefined);
     let ret2 = GM_getValue("a", 456);
-    return {ret1, ret2};
+    // 设置错误的对象
+    GM_setValue("proxy-key", new Proxy({}, {}));
+    let ret3 = GM_getValue("proxy-key");
+    GM_setValue("window",window);
+    let ret4 = GM_getValue("window");
+    return {ret1, ret2, ret3, ret4};
     `;
     const mockSendMessage = vi.fn().mockResolvedValue({ code: 0 });
     const mockMessage = {
@@ -452,7 +457,7 @@ describe.concurrent("GM_value", () => {
     const ret = await exec.exec();
 
     expect(mockSendMessage).toHaveBeenCalled();
-    expect(mockSendMessage).toHaveBeenCalledTimes(2);
+    expect(mockSendMessage).toHaveBeenCalledTimes(4);
 
     // 第一次调用：设置值为 123
     expect(mockSendMessage).toHaveBeenNthCalledWith(
@@ -482,11 +487,45 @@ describe.concurrent("GM_value", () => {
       })
     );
 
-    expect(ret).toEqual({ ret1: 123, ret2: 456 });
+    // 第三次调用：设置值为 Proxy 对象（应失败）
+    expect(mockSendMessage).toHaveBeenNthCalledWith(
+      3,
+      expect.objectContaining({
+        action: "content/runtime/gmApi",
+        data: {
+          api: "GM_setValue",
+          params: [expect.any(String), "proxy-key", {}], // Proxy 会被转换为空对象
+          runFlag: expect.any(String),
+          uuid: undefined,
+        },
+      })
+    );
+
+    // 第四次调用：设置值为 window 对象（应失败）
+    expect(mockSendMessage).toHaveBeenNthCalledWith(
+      4,
+      expect.objectContaining({
+        action: "content/runtime/gmApi",
+        data: {
+          api: "GM_setValue",
+          params: [expect.any(String), "window"], // window 会被转换为空对象
+          runFlag: expect.any(String),
+          uuid: undefined,
+        },
+      })
+    );
+
+    expect(ret).toEqual({
+      ret1: 123,
+      ret2: 456,
+      ret3: {},
+      ret4: undefined,
+    });
   });
 
   it.concurrent("value引用问题 #1141", async () => {
     const script = Object.assign({}, scriptRes) as ScriptLoadInfo;
+    script.value = {};
     script.metadata.grant = ["GM_getValue", "GM_setValue", "GM_getValues"];
     script.code = `
 const value1 = {
@@ -646,7 +685,12 @@ return { value1, value2, value3, values1,values2, allValues1, allValues2, value4
     // 设置再删除
     GM_setValues({"a": undefined, "c": undefined});
     let ret2 = GM_getValues(["a","b","c"]);
-    return {ret1, ret2};
+    // 设置错误的对象
+    GM_setValues({"proxy-key": new Proxy({}, {})});
+    let ret3 = GM_getValues(["proxy-key"]);
+    GM_setValues({"window": window});
+    let ret4 = GM_getValues(["window"]);
+    return {ret1, ret2, ret3, ret4};
     `;
     const mockSendMessage = vi.fn().mockResolvedValue({ code: 0 });
     const mockMessage = {
@@ -658,7 +702,7 @@ return { value1, value2, value3, values1,values2, allValues1, allValues2, value4
     const ret = await exec.exec();
 
     expect(mockSendMessage).toHaveBeenCalled();
-    expect(mockSendMessage).toHaveBeenCalledTimes(2);
+    expect(mockSendMessage).toHaveBeenCalledTimes(4);
 
     const keyValuePairs1 = [
       ["a", encodeRValue(123)],
@@ -709,7 +753,60 @@ return { value1, value2, value3, values1,values2, allValues1, allValues2, value4
       })
     );
 
-    expect(ret).toEqual({ ret1: { a: 123, b: 456, c: "789" }, ret2: { b: 456 } });
+    // 第三次调用：设置值为 Proxy 对象（应失败）
+    expect(mockSendMessage).toHaveBeenNthCalledWith(
+      3,
+      expect.objectContaining({
+        action: "content/runtime/gmApi",
+        data: {
+          api: "GM_setValues",
+          params: [
+            // event id
+            expect.stringMatching(/^.+::\d+$/),
+            // the object payload
+            expect.objectContaining({
+              k: expect.stringMatching(/^##[\d.]+##$/),
+              m: expect.objectContaining({
+                "proxy-key": {},
+              }),
+            }),
+          ],
+          runFlag: expect.any(String),
+          uuid: undefined,
+        },
+      })
+    );
+
+    // 第四次调用：设置值为 window 对象（应失败）
+    expect(mockSendMessage).toHaveBeenNthCalledWith(
+      4,
+      expect.objectContaining({
+        action: "content/runtime/gmApi",
+        data: {
+          api: "GM_setValues",
+          params: [
+            // event id
+            expect.stringMatching(/^.+::\d+$/),
+            // the object payload
+            expect.objectContaining({
+              k: expect.stringMatching(/^##[\d.]+##$/),
+              m: expect.objectContaining({
+                window: expect.stringMatching(/^##[\d.]+##undefined$/),
+              }),
+            }),
+          ],
+          runFlag: expect.any(String),
+          uuid: undefined,
+        },
+      })
+    );
+
+    expect(ret).toEqual({
+      ret1: { a: 123, b: 456, c: "789" },
+      ret2: { b: 456 },
+      ret3: { "proxy-key": {} },
+      ret4: { window: undefined },
+    });
   });
 
   it.concurrent("GM_deleteValue", async () => {
diff --git a/src/app/service/content/gm_api/gm_api.ts b/src/app/service/content/gm_api/gm_api.ts
@@ -1,3 +1,4 @@
+import { customClone, Native } from "../global";
 import type { Message, MessageConnect } from "@Packages/message/types";
 import type { CustomEventMessage } from "@Packages/message/custom_event_message";
 import type {
@@ -239,7 +240,7 @@ export default class GMApi extends GM_Base {
     const ret = a.scriptRes.value[key];
     if (ret !== undefined) {
       if (ret && typeof ret === "object") {
-        return structuredClone(ret);
+        return customClone(ret)!;
       }
       return ret;
     }
@@ -278,10 +279,15 @@ export default class GMApi extends GM_Base {
     } else {
       // 对object的value进行一次转化
       if (value && typeof value === "object") {
-        value = structuredClone(value);
+        value = customClone(value);
       }
+      // customClone 可能返回 undefined
       a.scriptRes.value[key] = value;
-      a.sendMessage("GM_setValue", [id, key, value]);
+      if (value === undefined) {
+        a.sendMessage("GM_setValue", [id, key]);
+      } else {
+        a.sendMessage("GM_setValue", [id, key, value]);
+      }
     }
     return id;
   }
@@ -306,8 +312,9 @@ export default class GMApi extends GM_Base {
       } else {
         // 对object的value进行一次转化
         if (value_ && typeof value_ === "object") {
-          value_ = structuredClone(value_);
+          value_ = customClone(value_);
         }
+        // customClone 可能返回 undefined
         valueStore[key] = value_;
       }
       // 避免undefined 等空值流失，先进行映射处理
@@ -373,7 +380,7 @@ export default class GMApi extends GM_Base {
     if (!this.scriptRes) return {};
     if (!keysOrDefaults) {
       // Returns all values
-      return structuredClone(this.scriptRes.value);
+      return customClone(this.scriptRes.value)!;
     }
     const result: TGMKeyValue = {};
     if (Array.isArray(keysOrDefaults)) {
@@ -385,7 +392,7 @@ export default class GMApi extends GM_Base {
           // 对object的value进行一次转化
           let value = this.scriptRes.value[key];
           if (value && typeof value === "object") {
-            value = structuredClone(value);
+            value = customClone(value)!;
           }
           result[key] = value;
         }
@@ -485,7 +492,7 @@ export default class GMApi extends GM_Base {
   public GM_log(message: string, level: GMTypes.LoggerLevel = "info", ...labels: GMTypes.LoggerLabel[]): void {
     if (this.isInvalidContext()) return;
     if (typeof message !== "string") {
-      message = JSON.stringify(message);
+      message = Native.jsonStringify(message);
     }
     this.sendMessage("GM_log", [message, level, labels]);
   }
@@ -1346,7 +1353,7 @@ export default class GMApi extends GM_Base {
   public GM_saveTab(tabData: object): void {
     if (this.isInvalidContext()) return;
     if (typeof tabData === "object") {
-      tabData = JSON.parse(JSON.stringify(tabData));
+      tabData = customClone(tabData);
     }
     this.sendMessage("GM_saveTab", [tabData]);
   }
diff --git a/src/app/service/content/gm_api/gm_xhr.ts b/src/app/service/content/gm_api/gm_xhr.ts
@@ -1,3 +1,4 @@
+import { Native } from "../global";
 import type { CustomEventMessage } from "@Packages/message/custom_event_message";
 import type GMApi from "./gm_api";
 import { dataEncode } from "@App/pkg/utils/xhr/xhr_data";
@@ -344,7 +345,7 @@ export function GM_xmlhttpRequest(
                       let o = undefined;
                       if (text) {
                         try {
-                          o = JSON.parse(text);
+                          o = Native.jsonParse(text);
                         } catch {
                           // ignored
                         }
diff --git a/src/app/service/service_worker/script.ts b/src/app/service/service_worker/script.ts
@@ -48,7 +48,6 @@ import { getSimilarityScore, ScriptUpdateCheck } from "./script_update_check";
 import { LocalStorageDAO } from "@App/app/repo/localStorage";
 import { CompiledResourceDAO } from "@App/app/repo/resource";
 import { initRegularUpdateCheck } from "./regular_updatecheck";
-// import { gzip as pakoGzip } from "pako";
 
 export type TCheckScriptUpdateOption = Partial<
   { checkType: "user"; noUpdateCheck?: number } | ({ checkType: "system" } & Record<string, any>)
diff --git a/src/manifest.json b/src/manifest.json
@@ -1,7 +1,7 @@
 {
   "manifest_version": 3,
   "name": "__MSG_scriptcat__",
-  "version": "1.3.0.1300",
+  "version": "1.3.0.1400",
   "author": "CodFrm",
   "description": "__MSG_scriptcat_description__",
   "options_ui": {

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,4 @@`
	`1`	`+import { customClone, Native } from "../global";`
`1`	`2`	`import type { Message, MessageConnect } from "@Packages/message/types";`
`2`	`3`	`import type { CustomEventMessage } from "@Packages/message/custom_event_message";`
`3`	`4`	`import type {`
`@@ -239,7 +240,7 @@ export default class GMApi extends GM_Base {`
`239`	`240`	`const ret = a.scriptRes.value[key];`
`240`	`241`	`if (ret !== undefined) {`
`241`	`242`	`if (ret && typeof ret === "object") {`
`242`		`- return structuredClone(ret);`
	`243`	`+ return customClone(ret)!;`
`243`	`244`	`}`
`244`	`245`	`return ret;`
`245`	`246`	`}`
`@@ -278,10 +279,15 @@ export default class GMApi extends GM_Base {`
`278`	`279`	`} else {`
`279`	`280`	`// 对object的value进行一次转化`
`280`	`281`	`if (value && typeof value === "object") {`
`281`		`- value = structuredClone(value);`
	`282`	`+ value = customClone(value);`
`282`	`283`	`}`
	`284`	`+ // customClone 可能返回 undefined`
`283`	`285`	`a.scriptRes.value[key] = value;`
`284`		`- a.sendMessage("GM_setValue", [id, key, value]);`
	`286`	`+ if (value === undefined) {`
	`287`	`+ a.sendMessage("GM_setValue", [id, key]);`
	`288`	`+ } else {`
	`289`	`+ a.sendMessage("GM_setValue", [id, key, value]);`
	`290`	`+ }`
`285`	`291`	`}`
`286`	`292`	`return id;`
`287`	`293`	`}`
`@@ -306,8 +312,9 @@ export default class GMApi extends GM_Base {`
`306`	`312`	`} else {`
`307`	`313`	`// 对object的value进行一次转化`
`308`	`314`	`if (value_ && typeof value_ === "object") {`
`309`		`- value_ = structuredClone(value_);`
	`315`	`+ value_ = customClone(value_);`
`310`	`316`	`}`
	`317`	`+ // customClone 可能返回 undefined`
`311`	`318`	`valueStore[key] = value_;`
`312`	`319`	`}`
`313`	`320`	`// 避免undefined 等空值流失，先进行映射处理`
`@@ -373,7 +380,7 @@ export default class GMApi extends GM_Base {`
`373`	`380`	`if (!this.scriptRes) return {};`
`374`	`381`	`if (!keysOrDefaults) {`
`375`	`382`	`// Returns all values`
`376`		`- return structuredClone(this.scriptRes.value);`
	`383`	`+ return customClone(this.scriptRes.value)!;`
`377`	`384`	`}`
`378`	`385`	`const result: TGMKeyValue = {};`
`379`	`386`	`if (Array.isArray(keysOrDefaults)) {`
`@@ -385,7 +392,7 @@ export default class GMApi extends GM_Base {`
`385`	`392`	`// 对object的value进行一次转化`
`386`	`393`	`let value = this.scriptRes.value[key];`
`387`	`394`	`if (value && typeof value === "object") {`
`388`		`- value = structuredClone(value);`
	`395`	`+ value = customClone(value)!;`
`389`	`396`	`}`
`390`	`397`	`result[key] = value;`
`391`	`398`	`}`
`@@ -485,7 +492,7 @@ export default class GMApi extends GM_Base {`
`485`	`492`	`public GM_log(message: string, level: GMTypes.LoggerLevel = "info", ...labels: GMTypes.LoggerLabel[]): void {`
`486`	`493`	`if (this.isInvalidContext()) return;`
`487`	`494`	`if (typeof message !== "string") {`
`488`		`- message = JSON.stringify(message);`
	`495`	`+ message = Native.jsonStringify(message);`
`489`	`496`	`}`
`490`	`497`	`this.sendMessage("GM_log", [message, level, labels]);`
`491`	`498`	`}`
`@@ -1346,7 +1353,7 @@ export default class GMApi extends GM_Base {`
`1346`	`1353`	`public GM_saveTab(tabData: object): void {`
`1347`	`1354`	`if (this.isInvalidContext()) return;`
`1348`	`1355`	`if (typeof tabData === "object") {`
`1349`		`- tabData = JSON.parse(JSON.stringify(tabData));`
	`1356`	`+ tabData = customClone(tabData);`
`1350`	`1357`	`}`
`1351`	`1358`	`this.sendMessage("GM_saveTab", [tabData]);`
`1352`	`1359`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"manifest_version": 3,`
`3`	`3`	`"name": "__MSG_scriptcat__",`
`4`		`- "version": "1.3.0.1300",`
	`4`	`+ "version": "1.3.0.1400",`
`5`	`5`	`"author": "CodFrm",`
`6`	`6`	`"description": "__MSG_scriptcat_description__",`
`7`	`7`	`"options_ui": {`