Revision 96068ada
Added by koszko almost 2 years ago
background/stream_filter.js | ||
---|---|---|
174 | 174 |
* as harmless anyway). |
175 | 175 |
*/ |
176 | 176 |
|
177 |
const dummy_script = |
|
178 |
`<script data-haketilo-deleteme="${properties.policy.nonce}" nonce="${properties.policy.nonce}">null</script>`; |
|
177 |
const dummy_script = `<script>null</script>`; |
|
179 | 178 |
const doctype_decl = /^(\s*<!doctype[^<>"']*>)?/i.exec(decoded)[0]; |
180 | 179 |
decoded = doctype_decl + dummy_script + |
181 | 180 |
decoded.substring(doctype_decl.length); |
... | ... | |
189 | 188 |
|
190 | 189 |
function apply_stream_filter(details, headers, policy) |
191 | 190 |
{ |
192 |
if (!policy.has_payload)
|
|
191 |
if (!policy.payload) |
|
193 | 192 |
return headers; |
194 | 193 |
|
195 | 194 |
const properties = properties_from_headers(headers); |
196 |
properties.policy = policy; |
|
197 | 195 |
|
198 | 196 |
properties.filter = |
199 | 197 |
browser.webRequest.filterResponseData(details.requestId); |
Also available in: Unified diff
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.