(c) BlinkOn 18 October 17-19, 2023 Sunnyvale, CA (USA) + Virtual

1. Investigation into DNR regexFilter
Byungwoo Lee
October 18th, 2023

2. Igalia, collaborates with content filtering
● Added :has() pseudo class
○ Enables content filtering extensions to remove their own implementation for better
support of :has() in the filter list: (e.g. target.com##.target:has(.malicious))
● Added declarativeNetRequest.updateStaticRules() extension API
○ Allows content filtering extensions to selectively disable or enable individual static rules.
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

3. Igalia, collaborates with content filtering
● Investigating other issues:
○ Injecting scripts to initial about:blank document by using
contentScripts extension API
○ Improving regular expression support in declarativeNetRequest
extension API
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

4. regexFilter in declarativeNetRequest
● “Regular expression to match against the network request url. This follows the RE2 syntax.”
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023
{
"id": 1,
"priority": 1,
"action": { "type": "block" },
"condition": {
"regexFilter": "^https://(malicious1|malicious2).com/[0-9a-f]{12}.js",
"resourceTypes": [ "script" ]
}
}
Ref. https://developer.chrome.com/docs/extensions/reference/declarativeNetRequest/#property-RuleCondition-regexFilter

5. Issue 1: Regex Syntax differences
● Regex syntax differences between the Javascript and RE2:
○ RE2 regex syntax supports all Javascript regex syntax except followings:
■ Supported functionality in different syntax
● Matches the character with the unicode value (u{hhhh} -> x{hhhh})
● Named capturing group ((?<Name>x) -> (?P<Name>x))
■ Unsupported functionality
● Matches a backspace([b]), NUL(/0), control character(cX), UTF-16 code-unit(uhhhh).
● lookahead assertion(x(?=y)), negative lookahead assertion((x(?!y)),
lookbehind assertion(x(?<=y)), negative lookahead assertion(x(?<!y))
● back reference(n where ‘n’ is a positive integer), named back reference(k<Name>)
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

6. Issue 2 : Memory limitations with regex filters
● 2 Mb memory limit for each rule source (dynamic/session/static)
○ maximum 2 Kb memory limit for each RE2 instance (for each regex filter)
○ maximum 1000 regex filters for each rule source (dynamic/session/static)
● Due to the 2 Kb memory limit for each regex filter, some regex filters that were
valid in Manifest v2 are now invalid in Manifest v3:
(w3c/webextensions/issues/344#issuecomment-1429271719)
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

7. Issue 2 : Memory limitations with regex filters
● The limitation policy is linked to how the RE2 library allocates the given
memory budget.
○ RE2 only allows setting the maximum memory budget when creating a RE2 instance.
○ The RE2 instance uses the entire budget, allocating necessary memory and reserving
the rest for later use.
○ Unfortunately, RE2 lacks a functionality to set the minimum available memory
budget for a regex pattern.
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023
Ref. https://github.com/google/re2/blob/main/re2/re2.h#L631

8. Exploring RE2: Memory budget allocation
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

9. Exploring RE2: Optimal allocation case
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

10. Exploring RE2: Understanding memory exceeding error
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

11. Possible solution: Add memory budget adjustment step
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023

12. POC: Prepare patches for RE2 and Chromium projects
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023
● RE2: Add ‘minimize_mem_budget’ RE2 creation option.
(https://github.com/byung-woo/re2/pull/4/files)
● Chromium: Optimize memory budget for regex filters.
(https://crrev.com/c/4861562)

13. POC: Results look promising
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023
(Collected regex patterns from abp-filters, AdguardTeam, uBlock, easylist github and other sources)

14. POC: Challenges in the approach
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023
● Challenges in the patches:
○ RE2: Introducing a new RE2 creation option
○ Chromium: Updating a flatbuffer scheme
● Not easy to explain the precise conditions for exceeding the 2Mb per-rule-source
limit.
○ “At some point, if the sum of the memory budget of all filters exceeds 2Mb memory
limit, some of your filters may not loaded.”

15. Considering sharing progress and seeking feedback
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023
● We are considering sharing progress in W3C Web Extensions WG issue:
https://github.com/w3c/webextensions/issues/344

16. Thank you!
Investigation into DNR regexFilter
Byungwoo Lee, October 18th 2023