(function(opera){

/*

 ~~~ Opera Arioso! ~~~  Active browser vulnerability detection & protection by rvdh, 0x000000.com

 $revisions$ update: 20/7/2008: 7:15 PM, keylog pattern adjusted. update: 22/10/2008: 23:00 PM, unicode loop detection.  update: 23/10/2008: 4:19 PM, blocks opera:* on sources, blocks intranet access. credits: Rvdh, Gareth Heyes, Roberto Suggi Liverani, Aviv Raff, Stefano Di Paola

*/

// Arioso magic variables
window.opera.defineMagicVariable('arioso_links', function() {}, null);
window.opera.defineMagicVariable('arioso_alert', function() {}, null);

// Set strict same origin policy:
var arioso_strict_sop = true;

// Arioso variables
var arioso_links = document.links;
var arioso_alert = "";
var crlf = ". \r\n";

// Arioso messages
var m1 = 'Unsafe URI hyperlink schemes';
var m2 = 'Denial of service vector';
var m3 = 'Heapspraying or denial of service vector';
var m4 = 'VBInjection';
var m5 = 'Cookie stealing';
var m6 = 'Same origin policy violation';
var m7 = 'Keylogging';
var m8 = 'Script access';
var m9 = 'ActiveX access';
var m10 = 'Java access';
var m11 = 'Http response splitting';
var m12 = 'Preference hijacking';

// Arioso patterns
var p1 = /^(chrome|file|opera|res|data|telnet|about|resource|view-source|acrobat|localhost|loopback|127\.|192\.)\s*(:|\.)/gim;
var p2 = /for\s*\(\s*.*([a-z]|[0-9])\s*\=\s*.*([a-z]|[0-9])\s*;\s*.*([a-z]|[0-9])\s*(<|>|<=|>=|<==|>==)\s*[0-9]{3,}\s*;\s*/gim;
var p3 = /(while|for|space|block|memory).*unescape\(("|')(%[0-9]|\\x|\\u)([a-z]|[0-9])("|')\)/gim;
var p4 = /String\(\s*.*([a-z]|[0-9]){6,},\s*"[a-z]"\)/gim;
var p5 = /(http|https):\/\/.*\?.*=.*(\+|concat|join).*document\.(cookie|domain)/gim;
var p6 = /(src|href|location|data|classid|codebase|open)\s*(=|\().*(chrome|file|opera|res|data|telnet|about|resource|view-source|acrobat|localhost|loopback|127\.|192\.)\s*(:|\.)/gim;
var p7 = /(\.keyCode|\.keypress|(e|event)\.charCode)/gim;
var p8 = /(bad_arioso_schemes|arioso_links|arioso_schemes|arioso_sanitize_xss)/gim;
var p9 = /(ActiveXObject\(("|').*Shell("|')\)|HKEY\_)/gim;
var p10 = /(java\.(sun|awt)|packages\.(.*)(plugin|javascript))/gim;
var p11 = /open\(("|')\s*(GET|TRACE|POST)\s*("|').*(\\r|\\r\\n|\\n|(%[0-9]|\\x|\\u)([a-z]|[0-9])).*\)/gim;
var p12 = /.*opera\.setPreference.*/gim;

// strict same origin policy detection
if(arioso_strict_sop == true) { window.opera.addEventListener('BeforeExternalScript', function(e) { if (!e.element.getAttribute('src').match(document.location)) { e.preventDefault(); } }, false);
}

// Arioso link enumerator detecting bad uri schemes
window.addEventListener('DOMContentLoaded', function(e) { for (i = 0; i < arioso_links.length; i++) { entity = arioso_links[i].toString(); if (entity.match(p1)) { arioso_alert += m1; } }
}, false);

window.opera.addEventListener('BeforeScript', function(e) {

 if (e.element.text.match(p2)) { arioso_alert += m2 + crlf; e.preventDefault(); }  if (e.element.text.match(p3)) { arioso_alert += m3 + crlf; e.preventDefault(); }  if (e.element.text.match(p4)) { arioso_alert += m4 + crlf; e.preventDefault(); }  if (e.element.text.match(p5)) { arioso_alert += m5 + crlf; e.preventDefault(); } if (e.element.text.match(p6)) { arioso_alert += m6 + crlf; e.preventDefault(); } if (e.element.text.match(p7)) { arioso_alert += m7 + crlf; e.preventDefault(); } if (e.element.text.match(p8)) { arioso_alert += m8 + crlf; e.preventDefault(); } if (e.element.text.match(p9)) {  arioso_alert += m9 + crlf; e.preventDefault();  }	 if (e.element.text.match(p10)) { arioso_alert += m10 + crlf; e.preventDefault(); }	 if (e.element.text.match(p11)) { arioso_alert += m11 + crlf; e.preventDefault(); }	 if (e.element.text.match(p12)) { arioso_alert += m12 + crlf; e.preventDefault(); }	

}, false);

document.addEventListener('load', function(e) {

 if (arioso_alert != '' ) { var ary = document.createElement('div'); ary.style.position = 'fixed'; ary.style.top = '0px'; ary.style.left = '0px'; ary.style.width = '100%'; ary.style.opacity = '.90'; ary.style.filter = 'alpha(opacity=90)'; ary.style.border = '1px dotted #f30'; ary.style.padding = '3px'; ary.style.font = '8pt sans-serif'; ary.style.backgroundColor = '#f00'; ary.style.color = '#fff'; ary.appendChild(document.createTextNode('ARIOSO BLOCKED: ' + arioso_alert)) document.body.appendChild(ary); } 

}, false);

})(window.opera);