Revision 44e89d8e
Added by koszko almost 2 years ago
| background/stream_filter.js | ||
|---|---|---|
| 12 | 12 |
/* |
| 13 | 13 |
* IMPORTS_START |
| 14 | 14 |
* IMPORT browser |
| 15 |
* IMPORT is_csp_header_name
|
|
| 15 |
* IMPORT csp_header_regex
|
|
| 16 | 16 |
* IMPORTS_END |
| 17 | 17 |
*/ |
| 18 | 18 |
|
| ... | ... | |
| 116 | 116 |
const doc = new DOMParser().parseFromString(html, "text/html"); |
| 117 | 117 |
|
| 118 | 118 |
for (const meta of doc.querySelectorAll("head>meta[http-equiv]")) {
|
| 119 |
if (is_csp_header_name(meta.getAttribute("http-equiv"), true) &&
|
|
| 120 |
meta.content) |
|
| 119 |
if (csp_header_regex.test(meta.httpEquiv) && meta.content) |
|
| 121 | 120 |
return true; |
| 122 | 121 |
} |
| 123 | 122 |
|
Also available in: Unified diff
simplify CSP handling
All page's CSP rules are now removed when a payload is to be injected. When there is no payload, CSP rules are not modified but only supplemented with Hachette's own.