From 59b85d23f8881b1d0190c82c89ea7d91b168f725 Mon Sep 17 00:00:00 2001
From: Arun Isaac
Date: Sun, 6 Aug 2017 22:55:19 +0530
Subject: Remove support for decrypting signatures.

Decrypting signatures is done by extracting a part of the proprietary
YouTube javascript and executing it. This is unsafe, and is
problematic for software freedom.

* viewtube.js (ytDecryptFunction): Remove function.
(ytVideos): Remove invocation of `ytDecryptFunction'.
---
 viewtube.js | 29 ++++-------------------------
 1 file changed, 4 insertions(+), 25 deletions(-)

diff --git a/viewtube.js b/viewtube.js
index 8ed1076..a313549 100644
--- a/viewtube.js
+++ b/viewtube.js
@@ -146,26 +146,6 @@
 	if ((!ytAgeGateContent) || (ytAgeGateContent.indexOf('feature=private_video') != -1)) return;
     }
 
-    /* Decrypt Signature */
-    var ytScriptSrc;
-    function ytDecryptSignature(s) {return null;}
-    function ytDecryptFunction() {
-	var ytSignFuncName, ytSignFuncBody, ytSwapFuncName, ytSwapFuncBody, ytFuncMatch;
-	ytScriptSrc = ytScriptSrc.replace(/(\r\n|\n|\r)/gm, '');
-	if (ytSignFuncName = (ytScriptSrc.match(/"signature"\s*,\s*([^\)]*?)\(/) || [])[1]) {
-	    ytFuncMatch = ytSignFuncName.replace(/\$/, '\\$') + '\\s*=\\s*function\\s*' + '\\s*\\(\\w+\\)\\s*\\{(.*?)\\}';
-	    if (ytSignFuncBody = (ytScriptSrc.match(ytFuncMatch) || [])[1]) {
-		if (ytSwapFuncName = (ytSignFuncBody.match(/((\$|_|\w)+)\.(\$|_|\w)+\(\w,[0-9]+\)/) || [])[1]) {
-		    ytFuncMatch = 'var\\s+' + ytSwapFuncName.replace(/\$/, '\\$') + '=\\s*\\{(.*?)\\};';
-		    ytSwapFuncBody = (ytScriptSrc.match(ytFuncMatch) || [])[1];
-		}
-		if (ytSwapFuncBody) ytSignFuncBody = 'var ' + ytSwapFuncName + '={' + ytSwapFuncBody + '};' + ytSignFuncBody;
-		ytSignFuncBody = 'try {' + ytSignFuncBody + '} catch(e) {return null}';
-		ytDecryptSignature = new Function('a', ytSignFuncBody);
-	    }
-	}
-    }
-
     /* Get Player Window */
     var ytPlayerWindow = document.querySelector("#player");
     if (!ytPlayerWindow) console.log("Couldn't get the player element.");
@@ -285,11 +265,10 @@
 		    ytVideo = ytVideo.replace(/type=(video|audio).*?/, "").replace(/xtags=[^%=]*?/, "");
 		    ytVideo = ytVideo.replace(/&&/g, "&").replace(/^&/, "").replace(/&$/, "");
 		    if (ytVideo.match(/&sig=/)) ytVideo = ytVideo.replace(/&sig=/, '&signature=');
-		    else if (ytVideo.match(/&s=/))
-			if ((ytSig = ytVideo.match(/&s=(.*?)(&|$)/)) &&
-			    (s = ytDecryptSignature(ytSig[1])))
-			    ytVideo = ytVideo.replace(/&s=.*?(&|$)/, '&signature=' + s + '$1');
-			else ytVideo = '';
+		    else if (ytVideo.match(/&s=/)) {
+			console.log("Decrypting cipher signatures not supported.");
+			ytVideo = "";
+		    }
 		    ytVideo = cleanMyContent(ytVideo, true);
 		    if (ytVideo.indexOf('ratebypass') == -1) ytVideo += '&ratebypass=yes';
 		    if (ytVideo && ytVideo.indexOf('http') == 0)
-- 
cgit v1.2.3