Circumvention via shadow root

Using shadow root is a popular way for adblocking circumvention systems to avoid blocking. Well, at least I often see it, and it’s extremely hard to tackle.

Have you experienced this on any websites?
Also, can anyone suggest any userscripts that are able to properly disable or override shadow root?

I’ve encountered it in only 1 significant instance, which was a certain variety of Twitter tweet embeds: https://github.com/NanoAdblocker/NanoCore/issues/237

Yeah, and this is becoming more widespread.

If I’m reading this right, in Firefox extensions can access Shadow DOM by Element​.open​OrClosed​Shadow​Root (implementation bug)

Do something like this exists in Chrome?

In uBO syntax this can be :shadow-root() procedural selector which can be used as any other procedural filter. Internally this will be return to old solutions with injected style element or attribute.

Other not implemented ideas: https://bugzilla.mozilla.org/show_bug.cgi?id=1475870,
https://bugzilla.mozilla.org/show_bug.cgi?id=1475869

Mozilla hasn’t fully implemented shadow DOM so this is mostly Chrome-specific issue at least for now.

In uBO syntax this can be :shadow-root() procedural selector which can be used as any other procedural filter. Internally this will be return to old solutions with injected style element or attribute.

Is it already implemented?

The problem is that ad blocking circumvention scripts use Element.attachShadow and closed shadow roots, which simply cannot be accessed from the outside.

It could be solved by overriding attachShadow with our own wrapper and keeping track of shadow roots by ourselves. There are ways how they can circumvent our wrapper, though.

Seems to be enabled in 63 https://developer.mozilla.org/en-US/docs/Web/API/Element/attachShadow#Browser_compatibility ? Works in 67 on https://www.tv2.no/nyheter/10359148/, in ESR I see iframe.

Is it already implemented?

No. Needs more cases.

Edit: can be done

Finally:) On the other hand, I’ve never seen this feature used for anything useful.

Well, yeah, but there are ways to circumvent this, for instance, they could create an iframe and grab the implementation from iframe.contentWindow.Element. Still, it’s possible to override that as well.

It’s just this is the solution I know, but maybe there are other ways which I am missing?

Just as say, element.addEventListener [enter any user interaction on website; inner.html is widely used as well as mouse events) the removal can be achieved through element.removeEventListener("mousedown", handleMouseDown, { passive: true }); (using example code from here : https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/removeEventListener). While I’m unsure if AdGuard can inject this into sites using the EventListener ad/tracking scheme (which is many of the most popular especially e-commerce for tracking where and when a visitor clicks on products) to fight against it, I would not know.