Revision 51d43685
Added by koszko about 2 years ago
| content/main.js | ||
|---|---|---|
| 180 | 180 |
meta.content = sanitize_csp_header({value}, policy).value;
|
| 181 | 181 |
} |
| 182 | 182 |
|
| 183 |
function sanitize_script(script) |
|
| 184 |
{
|
|
| 185 |
script.hachette_blocked_type = script.type; |
|
| 186 |
script.type = "text/plain"; |
|
| 187 |
} |
|
| 188 |
|
|
| 189 |
/* |
|
| 190 |
* Executed after script has been connected to the DOM, when it is no longer |
|
| 191 |
* eligible for being executed by the browser |
|
| 192 |
*/ |
|
| 193 |
function desanitize_script(script, policy) |
|
| 194 |
{
|
|
| 195 |
script.setAttribute("type", script.hachette_blocked_type);
|
|
| 196 |
|
|
| 197 |
if (script.hachette_blocked_type === undefined) |
|
| 198 |
script.removeAttribute("type");
|
|
| 199 |
|
|
| 200 |
delete script.hachette_blocked_type; |
|
| 201 |
} |
|
| 202 |
|
|
| 183 | 203 |
function apply_hachette_csp_rules(doc, policy) |
| 184 | 204 |
{
|
| 185 | 205 |
const meta = doc.createElement("meta");
|
| ... | ... | |
| 220 | 240 |
for (const meta of old_html.querySelectorAll("head meta"))
|
| 221 | 241 |
sanitize_meta(meta, policy); |
| 222 | 242 |
|
| 243 |
for (const script of old_html.querySelectorAll("script"))
|
|
| 244 |
sanitize_script(script, policy); |
|
| 245 |
|
|
| 223 | 246 |
new_html.replaceWith(old_html); |
| 247 |
|
|
| 248 |
for (const script of old_html.querySelectorAll("script"))
|
|
| 249 |
desanitize_script(script, policy); |
|
| 224 | 250 |
} |
| 225 | 251 |
|
| 226 | 252 |
if (!is_privileged_url(document.URL)) {
|
Also available in: Unified diff
fix script blocking bug under Chromium