Project

General

Profile

« Previous | Next » 

Revision 77139a6f

Added by jahoti about 2 years ago

Fix some bugs in the refined CSP handling

View differences:

background/policy_injector.js
108 108 
	delete csp['report-to'];
109 109 
	delete csp['report-uri'];
110 110
111 
	if (!target.policy.allow) {
111 
	if (!targets.policy.allow) {
112 112 
	    delete csp['script-src'];
113 113 
	    delete csp['script-src-elem'];
114 114 
	    csp['script-src-attr'] = ["'none'"];
......
118 118 
	if ('script-src' in csp)
119 119 
	    csp['script-src'].push(rule);
120 120 
	else
121 
	    csp['script-src'] = rule;
121 
	    csp['script-src'] = [rule];
122 122 

  		




  123
  123
  
    
	if ('script-src-elem' in csp)


  		




  124
  124
  
    
	    csp['script-src-elem'].push(rule);


  		




  125
  125
  
    
	else


  		




  126
  
  
    
	    csp['script-src-elem'] = rule;


  		




  
  126
  
    
	    csp['script-src-elem'] = [rule];


  		




  127
  127
  
    
	


  		




  128
  128
  
    
	/* TODO: is this safe */


  		




  129
  129
  
    
	let new_policy = Object.entries(csp).map(


  		












  

    
      common/misc.js
    
  





  159
  159
  
    
    let directive, directive_array;


  		




  160
  160
  
    
    let directives = {};


  		




  161
  161
  
    
    for (directive of csp.split(';')) {


  		




  162
  
  
    
	directive = directive.trim;


  		




  
  162
  
    
	directive = directive.trim();


  		




  163
  163
  
    
	if (directive === '')


  		




  164
  164
  
    
	    continue;


  		




  165
  165
  
    

  		












Also available in:  Unified diff