/content/freezer.js - Diff - Haketilo - Hydrilla issue tracker

« Previous | Next »

Revision 261548ff

Added by koszko about 2 years ago

ID 261548ff184926567a623e90df7954aeef842d59
Parent 83a8d263
Child cd5272ac

emply an sh-based build system; make some changes to blocking

      * Redistribution terms are gathered in the `copyright' file.
      */
     "use strict";
     const loaderAttributes = ["href", "src", "data"];
     const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i;
     (() => {
         const loaderAttributes = ["href", "src", "data"];
         const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i;
     function sanitize_attributes(element) {
         if (element._frozen)
     	return;
         let fa = [];
         let loaders = [];
         let attributes = element.attributes || [];
         function sanitizeAttributes(element) {
     	if (element._frozen)
     	    return;
     	let fa = [];
     	let loaders = [];
     	for (let a of element.attributes) {
     	    let name = a.localName.toLowerCase();
     	    if (loaderAttributes.includes(name))
     		if (jsOrDataUrlRx.test(a.value))
     		    loaders.push(a);
         for (let a of attributes) {
     	let name = a.localName.toLowerCase();
     	if (loaderAttributes.includes(name))
     	    if (jsOrDataUrlRx.test(a.value))
     		loaders.push(a);
     	    else if (name.startsWith("on")) {
     		console.debug("Removing", a, element.outerHTML);
     		fa.push(a.cloneNode());
     		a.value = "";
     		element[name] = null;
+    	    }
     	else if (name.startsWith("on")) {
     	    console.debug("Removing", a, element.outerHTML);
     	    fa.push(a.cloneNode());
     	    a.value = "";
     	    element[name] = null;
+    	}
     	if (loaders.length) {
     	    for (let a of loaders) {
     		fa.push(a.cloneNode());
     		a.value = "javascript://frozen";
+    	    }
     	    if ("contentWindow" in element)
     		element.replaceWith(element = element.cloneNode(true));
+        }
         if (loaders.length) {
     	for (let a of loaders) {
     	    fa.push(a.cloneNode());
     	    a.value = "javascript://frozen";
+    	}
     	if (fa.length)
     	    element._frozenAttributes = fa;
     	element._frozen = true;
     	if ("contentWindow" in element)
     	    element.replaceWith(element = element.cloneNode(true));
+        }
         function scriptSuppressor(nonce) {
     	const blockExecute = e => {
     	    if (document.readyState === 'complete') {
     		removeEventListener('beforescriptexecute', blockExecute, true);
     		return;
+    	    }
     	    else if (e.isTrusted && e.target.getAttribute('nonce') !== nonce) { // Prevent blocking of injected scripts
     		e.preventDefault();
     		console.log('Suppressed script', e.target);
+    	    }
     	};
     	return blockExecute;
         if (fa.length)
     	element._frozenAttributes = fa;
         element._frozen = true;
+    }
     function script_suppressor(nonce) {
         const blockExecute = e => {
     	if (document.readyState === 'complete') {
     	    removeEventListener('beforescriptexecute', blockExecute, true);
     	    return;
+    	}
     	else if (e.isTrusted && e.target.getAttribute('nonce') !== nonce) { // Prevent blocking of injected scripts
     	    e.preventDefault();
     	    console.log('Suppressed script', e.target);
+    	}
         };
         window.scriptSuppressor = scriptSuppressor;
         window.sanitize_attributes = sanitizeAttributes;
     })();
         return blockExecute;
     };
     /*
      * EXPORTS_START
      * EXPORT script_suppressor
      * EXPORT sanitize_attributes
      * EXPORTS_END
      */

Also available in: Unified diff