Revision 96068ada
Added by koszko almost 2 years ago
| background/stream_filter.js | ||
|---|---|---|
| 174 | 174 |
* as harmless anyway). |
| 175 | 175 |
*/ |
| 176 | 176 |
|
| 177 |
const dummy_script = |
|
| 178 |
`<script data-haketilo-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`;
|
|
| 177 |
const dummy_script = `<script>null</script>`; |
|
| 179 | 178 |
const doctype_decl = /^(\s*<!doctype[^<>"']*>)?/i.exec(decoded)[0]; |
| 180 | 179 |
decoded = doctype_decl + dummy_script + |
| 181 | 180 |
decoded.substring(doctype_decl.length); |
| ... | ... | |
| 189 | 188 |
|
| 190 | 189 |
function apply_stream_filter(details, headers, policy) |
| 191 | 190 |
{
|
| 192 |
if (!policy.has_payload)
|
|
| 191 |
if (!policy.payload) |
|
| 193 | 192 |
return headers; |
| 194 | 193 |
|
| 195 | 194 |
const properties = properties_from_headers(headers); |
| 196 |
properties.policy = policy; |
|
| 197 | 195 |
|
| 198 | 196 |
properties.filter = |
| 199 | 197 |
browser.webRequest.filterResponseData(details.requestId); |
Also available in: Unified diff
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.