From 4d326f6c2ab71b7e45a707e53326a3fea6af775c Mon Sep 17 00:00:00 2001
From: Mohammed Tanveer <fameshark@gmail.com>
Date: Tue, 6 Aug 2024 22:29:50 +0530
Subject: [PATCH] Cordova-js: Event Listener Hijacking Updated Code with Both
 Document and Window Event Handlers

---
 src/cordova.js | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)

diff --git a/src/cordova.js b/src/cordova.js
index 28df37590..26cd2aff3 100644
--- a/src/cordova.js
+++ b/src/cordova.js
@@ -43,6 +43,80 @@ var m_window_removeEventListener = window.removeEventListener;
 var documentEventHandlers = {};
 var windowEventHandlers = {};
 
+/**
+ * Mitigation for Event Listener Hijacking
+ */
+(function() {
+    var originalDocumentAddEventListener = document.addEventListener;
+    var originalWindowAddEventListener = window.addEventListener;
+    var documentEventHandlers = {};
+    var windowEventHandlers = {};
+
+    document.addEventListener = function (evt, handler, capture) {
+        var e = evt.toLowerCase();
+        if (typeof documentEventHandlers[e] !== 'undefined') {
+            if (typeof documentEventHandlers[e].subscribe === 'function') {
+                documentEventHandlers[e].subscribe(handler);
+            } else {
+                console.warn('No subscribe function defined for event:', e);
+            }
+        } else {
+            originalDocumentAddEventListener.call(document, evt, handler, capture);
+        }
+    };
+
+    window.addEventListener = function (evt, handler, capture) {
+        var e = evt.toLowerCase();
+        if (typeof windowEventHandlers[e] !== 'undefined') {
+            if (typeof windowEventHandlers[e].subscribe === 'function') {
+                windowEventHandlers[e].subscribe(handler);
+            } else {
+                console.warn('No subscribe function defined for event:', e);
+            }
+        } else {
+            originalWindowAddEventListener.call(window, evt, handler, capture);
+        }
+    };
+
+    // Securely define your event handlers
+    documentEventHandlers['click'] = {
+        subscribe: function(handler) {
+            var secureHandler = function(event) {
+                // Perform necessary checks or actions before invoking the handler
+                if (event && event.target) {
+                    var allowedElements = ['button', 'a', 'div'];
+                    if (allowedElements.includes(event.target.tagName.toLowerCase())) {
+                        handler(event);
+                    } else {
+                        console.warn('Click event handler ignored for disallowed element:', event.target.tagName);
+                    }
+                } else {
+                    console.warn('Invalid event object in secure handler.');
+                }
+            };
+            originalDocumentAddEventListener.call(document, 'click', secureHandler, false);
+        }
+    };
+
+    windowEventHandlers['resize'] = {
+        subscribe: function(handler) {
+            var secureHandler = function(event) {
+                // Perform necessary checks or actions before invoking the handler
+                if (event && event.target) {
+                    if (event.target === window) {
+                        handler(event);
+                    } else {
+                        console.warn('Resize event handler ignored for disallowed target:', event.target);
+                    }
+                } else {
+                    console.warn('Invalid event object in secure handler.');
+                }
+            };
+            originalWindowAddEventListener.call(window, 'resize', secureHandler, false);
+        }
+    };
+})();
+
 document.addEventListener = function (evt, handler, capture) {
     var e = evt.toLowerCase();
     if (typeof documentEventHandlers[e] !== 'undefined') {