🐛 对齐 PR#1319, 防止参数类型出错 (#1320)

* 对齐 PR#1319, 防止参数类型出错

* 写法修改

* 写法修改

* 写法修改

* typo

* 先显式校验 details 为非 null 的 plain object

* `Object.entries` 的 key 不用转

Author: cyfung1031

src/app/service/content/gm_api/gm_api.ts

@@ -267,6 +267,7 @@ export default class GMApi extends GM_Base {
   }
 
   static _GM_setValue(a: GMApi, promise: any, key: string, value: any) {
+    key = `${key}`;
     if (!a.scriptRes) return;
     if (valChangeCounterId > 1e8) {
       // 防止 valChangeCounterId 过大导致无法正常工作
@@ -498,7 +499,7 @@ export default class GMApi extends GM_Base {
     if (typeof message !== "string") {
       message = Native.jsonStringify(message);
     }
-    this.sendMessage("GM_log", [message, level, labels]);
+    this.sendMessage("GM_log", [`${message}`, `${level}`, labels]);
   }
 
   @GMContext.API({ depend: ["GM_log"] })
@@ -521,7 +522,7 @@ export default class GMApi extends GM_Base {
   // 辅助GM_xml获取blob数据
   @GMContext.API()
   public CAT_fetchBlob(url: string): Promise<Blob> {
-    return this.sendMessage("CAT_fetchBlob", [url]);
+    return this.sendMessage("CAT_fetchBlob", [`${url}`]);
   }
 
   @GMContext.API()
@@ -540,17 +541,25 @@ export default class GMApi extends GM_Base {
     details: GMTypes.CookieDetails,
     done: (cookie: GMTypes.Cookie[] | any, error: any | undefined) => void
   ) {
-    // 如果url和域名都没有，自动填充当前url
-    if (!details.url && !details.domain) {
-      details.url = window.location.href;
-    }
-    // 如果是set、delete操作，自动填充当前url
-    if (action === "set" || action === "delete") {
-      if (!details.url) {
-        details.url = window.location.href;
-      }
+    // 防止错误参数类型传送
+    if (
+      typeof (details || false) !== "object" ||
+      typeof (details.domain ?? "") !== "string" ||
+      typeof (details.expirationDate ?? 0) !== "number" ||
+      typeof (details.httpOnly ?? false) !== "boolean" ||
+      typeof (details.name ?? "") !== "string" ||
+      typeof (details.partitionKey ?? null) !== "object" ||
+      typeof (details.path ?? "") !== "string" ||
+      typeof (details.secure ?? false) !== "boolean" ||
+      typeof (details.session ?? false) !== "boolean" ||
+      typeof (details.url ?? "") !== "string" ||
+      typeof (details.value ?? "") !== "string"
+    ) {
+      done(undefined, new Error("Invalid Argument Type"));
+      return;
     }
-    a.sendMessage("GM_cookie", [action, details])
+    // 确保物件参数可以传送
+    a.sendMessage("GM_cookie", [`${action}`, customClone(details)])
       .then((resp: any) => {
         done && done(resp, undefined);
       })
@@ -707,7 +716,7 @@ export default class GMApi extends GM_Base {
       this.EE.addListener("menuClick:" + menuKey, listener);
     }
     // 发送至 service worker 处理（唯一键，显示名字，不包括id的其他设定）
-    this.sendMessage("GM_registerMenuCommand", [menuKey, name, options] as GMRegisterMenuCommandParam);
+    this.sendMessage("GM_registerMenuCommand", [menuKey, `${name}`, options] as GMRegisterMenuCommandParam);
     return ret;
   }
 
@@ -889,27 +898,29 @@ export default class GMApi extends GM_Base {
       const url = await toBlobURL(this, details.data);
       sendDetails.data = url;
     }
-    this.sendMessage("CAT_fileStorage", [action, sendDetails]).then(async (resp: { action: string; data: any }) => {
-      switch (resp.action) {
-        case "onload": {
-          if (action === "download") {
-            // 读取blob
-            const blob = await this.CAT_fetchBlob(resp.data);
-            details.onload && details.onload(blob);
-          } else {
-            details.onload && details.onload(resp.data);
+    this.sendMessage("CAT_fileStorage", [`${action}`, sendDetails]).then(
+      async (resp: { action: string; data: any }) => {
+        switch (resp.action) {
+          case "onload": {
+            if (action === "download") {
+              // 读取blob
+              const blob = await this.CAT_fetchBlob(resp.data);
+              details.onload && details.onload(blob);
+            } else {
+              details.onload && details.onload(resp.data);
+            }
+            break;
           }
-          break;
-        }
-        case "error": {
-          if (typeof resp.data.code === "undefined") {
-            details.onerror && details.onerror({ code: -1, message: resp.data.message });
-            return;
+          case "error": {
+            if (typeof resp.data.code === "undefined") {
+              details.onerror && details.onerror({ code: -1, message: resp.data.message });
+              return;
+            }
+            details.onerror && details.onerror(resp.data);
           }
-          details.onerror && details.onerror(resp.data);
         }
       }
-    });
+    );
   }
 
   // 用于脚本跨域请求,需要@connect domain指定允许的域名
@@ -1199,7 +1210,7 @@ export default class GMApi extends GM_Base {
     if (typeof data.tag === "string") {
       notificationId = notificationTagMap.get(data.tag);
     }
-    gmApi.sendMessage("GM_notification", [data, notificationId]).then((id) => {
+    gmApi.sendMessage("GM_notification", [customClone(data), notificationId]).then((id) => {
       if (!gmApi.EE) return;
       if (create) {
         create.apply({ id }, [id]);
@@ -1292,13 +1303,13 @@ export default class GMApi extends GM_Base {
   // ScriptCat 额外API
   @GMContext.API({ alias: "GM.closeNotification" })
   public GM_closeNotification(id: string): void {
-    this.sendMessage("GM_closeNotification", [id]);
+    this.sendMessage("GM_closeNotification", [`${id}`]);
   }
 
   // ScriptCat 额外API
   @GMContext.API({ alias: "GM.updateNotification" })
   public GM_updateNotification(id: string, details: GMTypes.NotificationDetails): void {
-    this.sendMessage("GM_updateNotification", [id, details]);
+    this.sendMessage("GM_updateNotification", [`${id}`, customClone(details)]);
   }
 
   @GMContext.API({ depend: ["GM_closeInTab"] })
@@ -1439,7 +1450,7 @@ export default class GMApi extends GM_Base {
     // 参考： https://github.com/Tampermonkey/tampermonkey/issues/1250
     let mimetype: string | undefined;
     if (typeof info === "object" && info?.mimetype) {
-      mimetype = info.mimetype;
+      mimetype = `${info.mimetype}`;
     } else {
       mimetype = (typeof info === "string" ? info : info?.type) || "text/plain";
       if (mimetype === "text") mimetype = "text/plain";

src/app/service/content/gm_api/gm_xhr.ts

@@ -99,7 +99,7 @@ export const convObjectToURL = async (object: string | URL | Blob | File | undef
 
 export const urlToDocumentInContentPage = async (a: GMApi, url: string, isContent: boolean) => {
   // url (e.g. blob url) -> XMLHttpRequest (CONTENT) -> Document (CONTENT)
-  const nodeId = await a.sendMessage("CAT_fetchDocument", [url, isContent]);
+  const nodeId = await a.sendMessage("CAT_fetchDocument", [`${url}`, isContent]);
   return (<CustomEventMessage>a.message).getAndDelRelatedTarget(nodeId) as Document;
 };
 

src/app/service/service_worker/gm_api/gm_api.ts

@@ -10,7 +10,15 @@ import type { ConfirmParam } from "../permission_verify";
 import PermissionVerify, { PermissionVerifyApiGet } from "../permission_verify";
 import { cacheInstance } from "@App/app/cache";
 import { type RuntimeService } from "../runtime";
-import { getIcon, isFirefox, getCurrentTab, openInCurrentTab, cleanFileName, makeBlobURL } from "@App/pkg/utils/utils";
+import {
+  getIcon,
+  isFirefox,
+  getCurrentTab,
+  openInCurrentTab,
+  cleanFileName,
+  makeBlobURL,
+  stripUndefined,
+} from "@App/pkg/utils/utils";
 import { type SystemConfig } from "@App/pkg/config/config";
 import i18next, { i18nName } from "@App/locales/locales";
 import FileSystemFactory from "@Packages/filesystem/factory";
@@ -282,15 +290,18 @@ export default class GMApi {
         return true;
       }
       const detail = request.params[1];
-      if (!detail.url && !detail.domain) {
-        throw new Error("there must be one of url or domain");
+      // 未指定 url 和 domain 时，自动使用当前页面的 URL（兼容 Tampermonkey 行为）
+      const senderURL = sender.getSender()?.url;
+      if (!detail.url && !detail.domain && senderURL) {
+        detail.url = senderURL;
       }
       let url: URL = <URL>{};
       if (detail.url) {
-        url = new URL(detail.url);
+        url = new URL(`${detail.url}`);
+      } else if (detail.domain) {
+        url.hostname = url.host = `${detail.domain}`;
       } else {
-        url.host = detail.domain || "";
-        url.hostname = detail.domain || "";
+        throw new Error("there must be one of url or domain");
       }
       if (getConnectMatched(request.script.metadata.connect, url, sender) === ConnectMatch.NONE) {
         // 检查是否配置了权限
@@ -322,17 +333,15 @@ export default class GMApi {
     if (param.length !== 2) {
       throw new Error("there must be two parameters");
     }
-    const detail: GMTypes.CookieDetails = request.params[1];
-    // url或者域名不能为空
-    if (detail.url) {
-      detail.url = detail.url.trim();
-    }
-    if (detail.domain) {
-      detail.domain = detail.domain.trim();
-    }
-    if (!detail.url && !detail.domain) {
-      throw new Error("there must be one of url or domain");
+    const cookieAction: string = `${param[0]}`;
+    const detail: GMTypes.CookieDetails = param[1];
+    // 未指定 url 和 domain 时，自动使用当前页面的 URL（兼容 Tampermonkey 行为）
+    const senderURL = sender.getSender()?.url;
+    if (!detail.url && !detail.domain && senderURL) {
+      detail.url = senderURL;
     }
+    if (detail.domain) detail.domain = `${detail.domain}`.trim();
+    if (detail.url) detail.url = `${detail.url}`.trim();
     if (!detail.partitionKey || typeof detail.partitionKey !== "object") {
       detail.partitionKey = {};
     }
@@ -350,48 +359,63 @@ export default class GMApi {
         storeId = store.id;
       }
     }
-    switch (param[0]) {
+    switch (cookieAction) {
       case "list": {
-        const cookies = await chrome.cookies.getAll({
-          domain: detail.domain,
-          name: detail.name,
-          path: detail.path,
-          secure: detail.secure,
-          session: detail.session,
-          url: detail.url,
-          storeId: storeId,
-          partitionKey: detail.partitionKey,
-        });
+        detail.domain = detail.domain || undefined;
+        detail.url = detail.url || undefined;
+        const cookies = await chrome.cookies.getAll(
+          stripUndefined({
+            domain: detail.domain,
+            name: detail.name,
+            path: detail.path,
+            secure: detail.secure,
+            session: detail.session,
+            url: detail.url,
+            storeId: storeId,
+            partitionKey: stripUndefined(detail.partitionKey),
+          })
+        );
         return cookies;
       }
       case "delete": {
+        detail.domain = undefined;
+        detail.url = detail.url || senderURL;
         if (!detail.url || !detail.name) {
           throw new Error("delete operation must have url and name");
         }
-        await chrome.cookies.remove({
-          name: detail.name,
-          url: detail.url,
-          storeId: storeId,
-          partitionKey: detail.partitionKey,
-        });
+        await chrome.cookies.remove(
+          stripUndefined({
+            name: detail.name,
+            url: detail.url,
+            storeId: storeId,
+            partitionKey: stripUndefined(detail.partitionKey),
+          })
+        );
         break;
       }
       case "set": {
-        if (!detail.url || !detail.name || !detail.value) {
-          throw new Error("set operation must have url, name and value");
+        detail.domain = detail.domain || undefined;
+        detail.url = detail.url || senderURL;
+        // https://developer.chrome.com/docs/extensions/reference/api/cookies#method-set
+        if (!detail.name) detail.name = ""; // Empty by default if omitted.
+        if (!detail.value) detail.value = ""; // Empty by default if omitted.
+        if (!detail.url) {
+          throw new Error("set operation must have url");
         }
-        await chrome.cookies.set({
-          url: detail.url,
-          name: detail.name,
-          domain: detail.domain,
-          value: detail.value,
-          expirationDate: detail.expirationDate,
-          path: detail.path,
-          httpOnly: detail.httpOnly,
-          secure: detail.secure,
-          storeId: storeId,
-          partitionKey: detail.partitionKey,
-        });
+        await chrome.cookies.set(
+          stripUndefined({
+            url: detail.url,
+            name: detail.name,
+            domain: detail.domain,
+            value: detail.value,
+            expirationDate: detail.expirationDate,
+            path: detail.path,
+            httpOnly: detail.httpOnly,
+            secure: detail.secure,
+            storeId: storeId,
+            partitionKey: stripUndefined(detail.partitionKey),
+          })
+        );
         break;
       }
       default: {
@@ -614,16 +638,13 @@ export default class GMApi {
         }
       }
 
-      const cookies = await chrome.cookies.getAll({
-        domain: undefined,
-        name: undefined,
-        path: undefined,
-        secure: undefined,
-        session: undefined,
-        url: params.url,
-        storeId: storeId,
-        partitionKey: params.cookiePartition,
-      });
+      const cookies = await chrome.cookies.getAll(
+        stripUndefined({
+          url: params.url,
+          storeId: storeId,
+          partitionKey: stripUndefined(params.cookiePartition),
+        })
+      );
       // 追加cookie
       if (cookies?.length) {
         const v = cookies.map((c) => `${c.name}=${c.value}`).join("; ");