Project

General

Profile

« Previous | Next » 

Revision c12b9ee3

Added by koszko about 2 years ago

disable payload injection on non-html pages

View differences:

content/activity_info_server.js
44 44
    report_activity("settings", settings);
45 45
}
46 46

  
47
function report_content_type(content_type)
48
{
49
    report_activity("content_type", content_type);
50
}
51

  
47 52
function report_repo_query_action(update, port)
48 53
{
49 54
    report_activity_oneshot("repo_query_action", update, port);
......
91 96
 * EXPORT start_activity_info_server
92 97
 * EXPORT report_script
93 98
 * EXPORT report_settings
99
 * EXPORT report_content_type
94 100
 * EXPORTS_END
95 101
 */
content/main.js
147 147

  
148 148
    start_activity_info_server();
149 149
}
150

  
151
console.log("content script");
content/page_actions.js
11 11
 * IMPORT browser
12 12
 * IMPORT report_script
13 13
 * IMPORT report_settings
14
 * IMPORT report_content_type
14 15
 * IMPORTS_END
15 16
 */
16 17

  
17 18
let policy_received_callback;
18
/* Snapshot url early because document.URL can be changed by other code. */
19
/* Snapshot url and content type early; these can be changed by other code. */
19 20
let url;
21
let is_html;
20 22
let port;
21 23
let loaded = false;
22 24
let scripts_awaiting = [];
......
52 54

  
53 55
function add_script(script_text)
54 56
{
57
    if (!is_html)
58
	return;
59

  
55 60
    let script = document.createElement("script");
56 61
    script.textContent = script_text;
57 62
    script.setAttribute("nonce", nonce);
......
64 69
function handle_page_actions(script_nonce, policy_received_cb) {
65 70
    policy_received_callback = policy_received_cb;
66 71
    url = document.URL;
72
    is_html = /html/.test(document.contentType);
73
    report_content_type(document.contentType);
67 74

  
68 75
    document.addEventListener("DOMContentLoaded", document_loaded);
69 76
    port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
html/display-panel.html
306 306
		    </label>
307 307
		  </td>
308 308
		</tr>
309
		<tr>
310
		  <td id="content_type" colspan="3" class="hide">
311
		    This is a non-HTML page. Chosen payload will not be injected.
312
		  </td>
313
		</tr>
309 314
	      </tbody>
310 315
	    </table>
311 316
	    <label id="query_pattern" for="show_queried_view_radio" class="button">
html/display-panel.js
230 230
const view_payload_but = by_id("view_payload");
231 231
const view_injected_but = by_id("view_injected");
232 232
const container_for_injected = by_id("container_for_injected");
233
const content_type_cell = by_id("content_type");
233 234

  
234 235
const queried_items = new Map();
235 236

  
......
275 276
	template.script_contents.textContent = data;
276 277
	container_for_injected.appendChild(template.div);
277 278
    }
279
    if (type === "content_type") {
280
	if (!/html/.test(data))
281
	    content_type_cell.classList.remove("hide");
282
    }
278 283
    if (type === "repo_query_action") {
279 284
	const key = data.prefix + data.item;
280 285
	const results = queried_items.get(key) || {};

Also available in: Unified diff