Revision 6fda8ea5
Added by jahoti about 2 years ago
| content/main.js | ||
|---|---|---|
| 19 | 19 |
* IMPORT is_chrome |
| 20 | 20 |
* IMPORT is_mozilla |
| 21 | 21 |
* IMPORT start_activity_info_server |
| 22 |
* IMPORT sanitize_csp_header |
|
| 23 | 22 |
* IMPORTS_END |
| 24 | 23 |
*/ |
| 25 | 24 |
|
| ... | ... | |
| 66 | 65 |
block_script(node); |
| 67 | 66 |
return; |
| 68 | 67 |
} |
| 69 |
|
|
| 70 |
else if (node.tagName === 'META' && |
|
| 71 |
node.getAttribute('http-equiv') === 'content-security-policy') {
|
|
| 72 |
|
|
| 73 |
node.content = sanitize_csp_header( |
|
| 74 |
{value: node.content},
|
|
| 75 |
`'nonce-${nonce}'`,
|
|
| 76 |
!policy.allow |
|
| 77 |
).value; |
|
| 78 |
return; |
|
| 79 |
} |
|
| 80 | 68 |
|
| 81 | 69 |
sanitize_attributes(node); |
| 82 | 70 |
|
| ... | ... | |
| 126 | 114 |
if (!policy.allow) {
|
| 127 | 115 |
block_nodes_recursively(document.documentElement); |
| 128 | 116 |
|
| 129 |
/* Now needed on Mozilla as well to sanitize CSP header */ |
|
| 130 |
var observer = new MutationObserver(handle_mutation); |
|
| 131 |
observer.observe(document.documentElement, {
|
|
| 132 |
attributes: true, |
|
| 133 |
childList: true, |
|
| 134 |
subtree: true |
|
| 135 |
}); |
|
| 117 |
if (is_chrome) {
|
|
| 118 |
var observer = new MutationObserver(handle_mutation); |
|
| 119 |
observer.observe(document.documentElement, {
|
|
| 120 |
attributes: true, |
|
| 121 |
childList: true, |
|
| 122 |
subtree: true |
|
| 123 |
}); |
|
| 124 |
} |
|
| 136 | 125 |
|
| 137 | 126 |
if (is_mozilla) |
| 138 | 127 |
addEventListener('beforescriptexecute', mozilla_suppress_scripts, true);
|
Also available in: Unified diff
Revert changes to content/main.js to commit 25817b68c*
It turns out modifying the CSP headers in meta tags has no effect.