aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjahoti <jahoti@tilde.team>2021-07-22 00:00:00 +0000
committerWojtek Kosior <koszko@koszko.org>2021-07-26 11:09:57 +0200
commite402e0363cd55f7f849c20c1acd96de548ebc9a6 (patch)
tree84cd250c2ebc18c0ec27a7af68ce978eb47e0a86
parentfba4820bec6714115ef03bd4bdfd714ba485ac2c (diff)
downloadbrowser-extension-e402e0363cd55f7f849c20c1acd96de548ebc9a6.tar.gz
browser-extension-e402e0363cd55f7f849c20c1acd96de548ebc9a6.zip
Fix some bugs in the refined CSP handling
-rw-r--r--background/policy_injector.js6
-rw-r--r--common/misc.js2
2 files changed, 4 insertions, 4 deletions
diff --git a/background/policy_injector.js b/background/policy_injector.js
index a67b4e3..90c65bd 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -108,7 +108,7 @@ function headers_inject(details)
delete csp['report-to'];
delete csp['report-uri'];
- if (!target.policy.allow) {
+ if (!targets.policy.allow) {
delete csp['script-src'];
delete csp['script-src-elem'];
csp['script-src-attr'] = ["'none'"];
@@ -118,12 +118,12 @@ function headers_inject(details)
if ('script-src' in csp)
csp['script-src'].push(rule);
else
- csp['script-src'] = rule;
+ csp['script-src'] = [rule];
if ('script-src-elem' in csp)
csp['script-src-elem'].push(rule);
else
- csp['script-src-elem'] = rule;
+ csp['script-src-elem'] = [rule];
/* TODO: is this safe */
let new_policy = Object.entries(csp).map(
diff --git a/common/misc.js b/common/misc.js
index 6af2327..0d8466e 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -159,7 +159,7 @@ function parse_csp(csp) {
let directive, directive_array;
let directives = {};
for (directive of csp.split(';')) {
- directive = directive.trim;
+ directive = directive.trim();
if (directive === '')
continue;
02:53 -0500'>2021-02-11gnu: OpenLDAP: Update to 2.4.57 [security fixes].Leo Famulari 2021-02-01gnu: 389-ds-base: Wrap with GUIX_PYTHONPATH.Maxim Cournoyer 2021-01-13Merge branch 'staging' into 'core-updates'.Maxim Cournoyer 2020-12-08gnu: openldap: Update to 2.4.50 and remove replacement.Ludovic Courtès 2020-10-19Merge branch 'staging'Maxim Cournoyer 2020-09-22gnu: python-ldap: Update to 3.3.1.Marius Bakke 2020-07-27gnu: openldap: Remove graft.Jakub Kądziołka 2020-04-30Merge branch 'master' into core-updatesMarius Bakke 2020-04-29gnu: OpenLDAP: Update to 2.4.50 [fixes CVE-2019-{13057,13565}].Leo Famulari 2020-04-28gnu: openldap: Fix CVE-2020-12243.Efraim Flashner