Revision 33b6872c
Added by koszko over 1 year ago
| content/policy_enforcing.js | ||
|---|---|---|
| 174 | 174 |
|
| 175 | 175 |
let some_attr_blocked = false; |
| 176 | 176 |
|
| 177 |
for (const attr of [...element.attributes || []] |
|
| 178 |
.filter(attr => /^(href|src|data)$/i.test(attr.localName)) |
|
| 179 |
.filter(attr => bad_url_reg.test(attr.value))) {
|
|
| 177 |
const bad_attrs = [...(element.attributes || [])] |
|
| 178 |
.filter(attr => /^(href|src|data)$/i.test(attr.localName)) |
|
| 179 |
.filter(attr => bad_url_reg.test(attr.value)); |
|
| 180 |
|
|
| 181 |
for (const attr of bad_attrs) {
|
|
| 180 | 182 |
/* |
| 181 | 183 |
* Under some browsers (Mozilla) removing attributes doesn't stop their |
| 182 | 184 |
* javascript from executing, but replacing them does. For 'src' and |
Also available in: Unified diff
for () loop styling