Type casting improvements

[jonathanKingston]

Asana Task/Github Issue: N/A

Description

This PR improves type safety by eliminating unnecessary any casts and introducing better type narrowing in config-feature.js and element-hiding.js.

Specifically:

• config-feature.js: Removed an any cast in matchConditionalFeatureSetting's filter callback, which led to fixing two type gaps:
  • rule.domain could be undefined (now explicitly checked).
  • condition could be undefined when passed to _matchConditionalBlockOrArray (parameter type widened to handle "no condition = always matches" semantic).
• element-hiding.js: Introduced ElementHidingRuleWithSelector type and a hasSelector type guard to remove 6 inline casts related to .selector access in injectStyleTag, hideAdNodes, and overrideRules.

These are type-only changes that preserve existing runtime behavior.

Testing Steps

• npx tsc --noEmit
• npm run tsc-strict-core
• npm run lint-fix
• npm run test-unit (all 104 specs pass)
• npx playwright test --grep "Element Hiding" --reporter list (integration test passes)
• npm run test-unit -- config-feature (93 specs pass)

Checklist

Please tick all that apply:

• I have tested this change locally
• I have tested this change locally in all supported browsers
• This change will be visible to users
• I have added automated tests that cover this change
• I have ensured the change is gated by config
• This change was covered by a ship review
• This change was covered by a tech design
• Any dependent config has been merged

---

  

---

Note

Low Risk
Primarily type-narrowing/refactor changes with minimal logic adjustment; the main behavioral impact is that config entries with no condition/domain now explicitly match all pages.

Overview
Improves type safety in conditional config and element-hiding rule handling by removing any casts and introducing explicit type narrowing.

ConfigFeature.matchConditionalFeatureSetting now explicitly handles missing condition/domain (treating no condition as an unconditional match) instead of relying on property-in checks. ElementHiding introduces a hasSelector type guard and ElementHidingRuleWithSelector to only read .selector where valid, hardening style-tag injection and override filtering against rules like disable-default and non-array domains[].rules.

^{Written by Cursor Bugbot for commit 92ae0df. This will update automatically on new commits. Configure here.}

[cursor]

Cursor Agent can help with this pull request. Just @cursor in comments and I'll start working on changes in this branch.
_{Learn more about Cursor Agents}

[github-actions]

[Beta] Generated file diff

Time updated: Mon, 09 Mar 2026 22:43:39 GMT

Android

    - android/adsjsContentScope.js

• android/autofillImport.js
• android/brokerProtection.js
• android/contentScope.js
• android/duckAiChatHistory.js
• android/duckAiDataClearing.js

File has changed

Apple

    - apple/contentScope.js

• apple/contentScopeIsolated.js
• apple/duckAiChatHistory.js
• apple/duckAiDataClearing.js

File has changed

Chrome-mv3

    - chrome-mv3/inject.js

File has changed

Firefox

    - firefox/inject.js

File has changed

Integration

    - integration/contentScope.js

File has changed

Windows

    - windows/contentScope.js

File has changed

[github-actions]

⚠️ Cursor assessed this PR as Medium Risk (only Low Risk is auto-approved).

This PR requires a manual review and approval from a member of one of the following teams:

• @duckduckgo/content-scope-scripts-owners
• @duckduckgo/apple-devs
• @duckduckgo/android-devs
• @duckduckgo/team-windows-development
• @duckduckgo/extension-owners
• @duckduckgo/config-aor
• @duckduckgo/breakage-aor
• @duckduckgo/breakage

[github-actions]

Build Branch

Branch	pr-releases/jkt/auto/type-casting-improvements-3f3a
Commit	1875896e64
Updated	March 9, 2026 at 10:43:12 PM UTC

Static preview entry points

• Docs: docs/index.html
• Static pages: build/integration/pages/index.html
• Integration pages: injected/integration-test/test-pages/index.html

QR codes (mobile preview)

Entry point	QR code
Docs
Static pages
Integration pages

Integration commands

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#pr-releases/jkt/auto/type-casting-improvements-3f3a

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", branch: "pr-releases/jkt/auto/type-casting-improvements-3f3a")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/jkt/auto/type-casting-improvements-3f3a
git -C submodules/content-scope-scripts checkout origin/pr-releases/jkt/auto/type-casting-improvements-3f3a

Pin to exact commit

npm (Android / Extension):

npm i github:duckduckgo/content-scope-scripts#1875896e64a5d1865412f329b4673ff05c740a87

Swift Package Manager (Apple):

.package(url: "https://github.com/duckduckgo/content-scope-scripts.git", revision: "1875896e64a5d1865412f329b4673ff05c740a87")

git submodule (Windows):

git -C submodules/content-scope-scripts fetch origin pr-releases/jkt/auto/type-casting-improvements-3f3a
git -C submodules/content-scope-scripts checkout 1875896e64a5d1865412f329b4673ff05c740a87

Dismissing stale approval — new commits pushed, awaiting Cursor re-review.

Dismissing stale approval — new commits pushed, awaiting Cursor re-review.

Dismissing stale approval — new commits pushed, awaiting Cursor re-review.

[cursor]

Web Compatibility Assessment

• injected/src/config-feature.js
  Range: L139-L143
  Severity: warning
  The new if (condition === undefined) return true path changes runtime semantics for malformed conditional entries from "non-match/error" to "apply everywhere". In ConfigFeature, this affects all features using matchConditionalFeatureSetting(), so an accidentally incomplete config entry in domains/conditionalChanges can now broaden scope globally and create cross-site breakage instead of failing closed.

• injected/src/features/element-hiding.js
  Range: L399-L400
  Severity: info
Array.isArray(item.rules) is a good compatibility guard: it prevents non-array config payloads from flowing into selector processing and avoids downstream querySelectorAll/rule-shape failures.

Security Assessment

• injected/src/features/element-hiding.js
  Range: L74-L80
  Severity: warning
hasSelector() uses 'selector' in rule, which walks the prototype chain. In a hostile page, Object.prototype.selector pollution can make non-selector rules pass the guard and route inherited values/accessors into selector handling. Prefer an own-property check (hasOwnProperty.call(rule, 'selector')) using captured globals to avoid prototype-chain influence.

Risk Level

Medium Risk — mostly type-hardening, but one behavior change in core config matching (ConfigFeature) can alter rule application scope across many features if config entries are incomplete.

Recommendations

1. Tighten matchConditionalFeatureSetting() fail-closed behavior for malformed entries: treat missing both condition and domain as non-match (or gate "always match" to an explicitly supported key/path).
2. Harden selector type guard to own-property checks with captured globals (hasOwnProperty.call(...)) rather than 'in'.
3. Add regression tests in config-feature unit tests for entries missing both condition and domain, and in element-hiding tests for prototype-polluted objects to ensure guard behavior is stable.

---