Revision 5b419aed
Added by jahoti about 2 years ago
content/main.js | ||
---|---|---|
19 | 19 |
* IMPORT is_chrome |
20 | 20 |
* IMPORT is_mozilla |
21 | 21 |
* IMPORT start_activity_info_server |
22 |
* IMPORT sanitize_csp_header |
|
22 | 23 |
* IMPORTS_END |
23 | 24 |
*/ |
24 | 25 |
|
... | ... | |
65 | 66 |
block_script(node); |
66 | 67 |
return; |
67 | 68 |
} |
69 |
|
|
70 |
else if (node.tagName === 'META' && |
|
71 |
node.getAttribute('http-equiv') === 'content-security-policy') { |
|
72 |
|
|
73 |
node.content = sanitize_csp_header( |
|
74 |
{value: node.content}, |
|
75 |
`'nonce-${nonce}'`, |
|
76 |
!policy.allow |
|
77 |
).value; |
|
78 |
return; |
|
79 |
} |
|
68 | 80 |
|
69 | 81 |
sanitize_attributes(node); |
70 | 82 |
|
... | ... | |
114 | 126 |
if (!policy.allow) { |
115 | 127 |
block_nodes_recursively(document.documentElement); |
116 | 128 |
|
117 |
if (is_chrome) { |
|
118 |
var observer = new MutationObserver(handle_mutation); |
|
119 |
observer.observe(document.documentElement, { |
|
120 |
attributes: true, |
|
121 |
childList: true, |
|
122 |
subtree: true |
|
123 |
}); |
|
124 |
} |
|
129 |
/* Now needed on Mozilla as well to sanitize CSP header */ |
|
130 |
var observer = new MutationObserver(handle_mutation); |
|
131 |
observer.observe(document.documentElement, { |
|
132 |
attributes: true, |
|
133 |
childList: true, |
|
134 |
subtree: true |
|
135 |
}); |
|
125 | 136 |
|
126 | 137 |
if (is_mozilla) |
127 | 138 |
addEventListener('beforescriptexecute', mozilla_suppress_scripts, true); |
Also available in: Unified diff
[UNTESTED- will test] Add filtering for http-equiv CSP headers