Revision 96068ada
Added by koszko almost 2 years ago
content/page_actions.js | ||
---|---|---|
12 | 12 |
* IMPORT CONNECTION_TYPE |
13 | 13 |
* IMPORT browser |
14 | 14 |
* IMPORT report_script |
15 |
* IMPORT report_settings |
|
16 | 15 |
* IMPORT report_document_type |
17 | 16 |
* IMPORTS_END |
18 | 17 |
*/ |
19 | 18 |
|
20 |
let policy_received_callback;
|
|
19 |
let policy; |
|
21 | 20 |
/* Snapshot url and content type early; these can be changed by other code. */ |
22 | 21 |
let url; |
23 | 22 |
let is_html; |
24 | 23 |
let port; |
25 | 24 |
let loaded = false; |
26 | 25 |
let scripts_awaiting = []; |
27 |
let nonce; |
|
28 | 26 |
|
29 | 27 |
function handle_message(message) |
30 | 28 |
{ |
... | ... | |
38 | 36 |
scripts_awaiting.push(script_text); |
39 | 37 |
} |
40 | 38 |
} |
41 |
if (action === "settings") { |
|
42 |
report_settings(data); |
|
43 |
policy_received_callback({url, allow: data[1].allow}); |
|
39 |
else { |
|
40 |
console.error(`Bad page action '${action}'.`); |
|
44 | 41 |
} |
45 | 42 |
} |
46 | 43 |
|
... | ... | |
61 | 58 |
|
62 | 59 |
let script = document.createElement("script"); |
63 | 60 |
script.textContent = script_text; |
64 |
script.setAttribute("nonce", nonce); |
|
61 |
script.setAttribute("nonce", policy.nonce);
|
|
65 | 62 |
script.haketilo_payload = true; |
66 | 63 |
document.body.appendChild(script); |
67 | 64 |
|
68 | 65 |
report_script(script_text); |
69 | 66 |
} |
70 | 67 |
|
71 |
function handle_page_actions(script_nonce, policy_received_cb,
|
|
72 |
doc_ready_promise) {
|
|
73 |
policy_received_callback = policy_received_cb; |
|
68 |
function handle_page_actions(_policy, doc_ready_promise) {
|
|
69 |
policy = _policy;
|
|
70 |
|
|
74 | 71 |
url = document.URL; |
75 | 72 |
is_html = document instanceof HTMLDocument; |
76 | 73 |
report_document_type(is_html); |
77 | 74 |
|
78 | 75 |
doc_ready_promise.then(document_ready); |
79 | 76 |
|
80 |
port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
|
|
81 |
port.onMessage.addListener(handle_message);
|
|
82 |
port.postMessage({url});
|
|
83 |
|
|
84 |
nonce = script_nonce;
|
|
77 |
if (policy.payload) {
|
|
78 |
port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
|
|
79 |
port.onMessage.addListener(handle_message);
|
|
80 |
port.postMessage({payload: policy.payload}); |
|
81 |
}
|
|
85 | 82 |
} |
86 | 83 |
|
87 | 84 |
/* |
Also available in: Unified diff
replace cookies with synchronous XmlHttpRequest as policy smuggling method.
Note: this breaks Mozilla port of Haketilo. Synchronous XmlHttpRequest doesn't work as well there. This will be fixed with dynamically-registered content scripts later.