Signal which entries expose origin or are part of a request that

exposes origin

extended-request.ts

@@ -128,19 +128,33 @@ export default class ExtendedRequest {
   }
 
   exposesOrigin() {
-    const url = new URL(this.origin);
+    const url = new URL(this.originalURL);
     const host = url.host;
     const path = url.pathname;
     const shorthost = getshorthost(host);
-    return (
+    if (this.getReferer().includes(shorthost)) {
-      this.getReferer().includes(host) ||
+      return true;
-      this.stolenData.filter(
+    }
-        (entry) =>
+    for (const entry of this.stolenData) {
+      if (
         entry.value.includes(host) ||
         entry.value.includes(path) ||
         entry.value.includes(shorthost)
-      ).length > 0
+      ) {
+        console.log(
+          "request",
+          this.data.url,
+          "exposes origin in ",
+          entry,
+          ". Checked",
+          host,
+          path,
+          shorthost
         );
+        return true;
+      }
+    }
+    return false;
   }
 
   private getAllStolenData(): StolenDataEntry[] {

sidebar/stolen-data-cluster.tsx

@@ -44,19 +44,10 @@ const icons: Record<Sources, string> = {
   header: "H",
 };
 
-function StolenDataRow({
+function StolenDataRow({ entry }: { entry: StolenDataEntry }) {
-  entry,
-  cluster,
-}: {
-  entry: StolenDataEntry;
-  cluster: RequestCluster;
-}) {
   const [version] = useEmitter(entry);
   return (
-    <tr
+    <tr data-key={entry.id} data-version={version}>
-      data-key={origin + cluster.id + entry.getUniqueKey()}
-      data-version={version}
-    >
       <td>
         <input
           type="checkbox"
@@ -73,7 +64,16 @@ function StolenDataRow({
       >
         {entry.name}
       </th>
-      <td>{[entry.source].map((source) => icons[source])}</td>
+      <td style={{ whiteSpace: "nowrap" }}>
+        {[entry.source].map((source) => icons[source])}
+        {entry.exposesOrigin() ? (
+          <span title="Pokazuje część historii przeglądania">🔴</span>
+        ) : entry.request.exposesOrigin() ? (
+          <span title="Jest częścią zapytania, które ujawnia historię przeglądania">
+            🟡
+          </span>
+        ) : null}
+      </td>
       <td style={{ wordWrap: "anywhere" as any }}>
         <StolenDataValue entry={entry} />
       </td>
@@ -126,7 +126,6 @@ export default function StolenDataCluster({
               <StolenDataRow
                 {...{
                   entry,
-                  cluster,
                   key: entry.id,
                 }}
               />

stolen-data-entry.ts

@@ -4,6 +4,7 @@ import ExtendedRequest, { HAREntry } from "./extended-request";
 
 import {
   getshorthost,
+  isBase64,
   isBase64JSON,
   isJSONObject,
   isURL,
@@ -28,7 +29,7 @@ const id = (function* id() {
   }
 })();
 
-export type DecodingSchema = "base64";
+export type DecodingSchema = "base64" | "raw";
 
 export class StolenDataEntry extends EventEmitter {
   public isIAB = false;
@@ -36,7 +37,8 @@ export class StolenDataEntry extends EventEmitter {
   public id: number;
   private marked = false;
   public classification: keyof typeof Classifications;
-  public decoding_applied: DecodingSchema = null;
+  public decoding_applied: DecodingSchema = "raw";
+  public decodings_available: DecodingSchema[] = ["raw"];
 
   constructor(
     public request: ExtendedRequest,
@@ -52,9 +54,8 @@ export class StolenDataEntry extends EventEmitter {
     super();
     this.id = id.next().value as number;
     this.classification = this.classify();
-    if (isBase64JSON(value)) {
+    if (isBase64(value)) {
-      this.value = atob(value);
+      this.decodings_available.push("base64");
-      this.decoding_applied = "base64";
     }
   }
 
@@ -213,4 +214,8 @@ export class StolenDataEntry extends EventEmitter {
   getUniqueKey() {
     return this.request.shorthost + ";" + this.name + ";" + this.value;
   }
+
+  exposesOrigin(): boolean {
+    return this.value.includes(getshorthost(this.request.origin));
+  }
 }