Revision 5b419aed
Added by jahoti about 2 years ago
| content/main.js | ||
|---|---|---|
| 19 | 19 |
* IMPORT is_chrome |
| 20 | 20 |
* IMPORT is_mozilla |
| 21 | 21 |
* IMPORT start_activity_info_server |
| 22 |
* IMPORT sanitize_csp_header |
|
| 22 | 23 |
* IMPORTS_END |
| 23 | 24 |
*/ |
| 24 | 25 |
|
| ... | ... | |
| 65 | 66 |
block_script(node); |
| 66 | 67 |
return; |
| 67 | 68 |
} |
| 69 |
|
|
| 70 |
else if (node.tagName === 'META' && |
|
| 71 |
node.getAttribute('http-equiv') === 'content-security-policy') {
|
|
| 72 |
|
|
| 73 |
node.content = sanitize_csp_header( |
|
| 74 |
{value: node.content},
|
|
| 75 |
`'nonce-${nonce}'`,
|
|
| 76 |
!policy.allow |
|
| 77 |
).value; |
|
| 78 |
return; |
|
| 79 |
} |
|
| 68 | 80 |
|
| 69 | 81 |
sanitize_attributes(node); |
| 70 | 82 |
|
| ... | ... | |
| 114 | 126 |
if (!policy.allow) {
|
| 115 | 127 |
block_nodes_recursively(document.documentElement); |
| 116 | 128 |
|
| 117 |
if (is_chrome) {
|
|
| 118 |
var observer = new MutationObserver(handle_mutation); |
|
| 119 |
observer.observe(document.documentElement, {
|
|
| 120 |
attributes: true, |
|
| 121 |
childList: true, |
|
| 122 |
subtree: true |
|
| 123 |
}); |
|
| 124 |
} |
|
| 129 |
/* Now needed on Mozilla as well to sanitize CSP header */ |
|
| 130 |
var observer = new MutationObserver(handle_mutation); |
|
| 131 |
observer.observe(document.documentElement, {
|
|
| 132 |
attributes: true, |
|
| 133 |
childList: true, |
|
| 134 |
subtree: true |
|
| 135 |
}); |
|
| 125 | 136 |
|
| 126 | 137 |
if (is_mozilla) |
| 127 | 138 |
addEventListener('beforescriptexecute', mozilla_suppress_scripts, true);
|
Also available in: Unified diff
[UNTESTED- will test] Add filtering for http-equiv CSP headers