diff options
| author | Wojtek Kosior <koszko@koszko.org> | 2022-06-20 14:41:54 +0200 |
|---|---|---|
| committer | Wojtek Kosior <koszko@koszko.org> | 2022-06-20 15:26:35 +0200 |
| commit | f2cf9f1243ad131ae8194576b69f55c3612312bb (patch) | |
| tree | c0100c95c19cedf8b016db96096adfba4426c49a | |
| parent | 1f9ccef9b99a1adfa53cf1a22543f4bdbe2ac068 (diff) | |
| download | browser-extension-f2cf9f1243ad131ae8194576b69f55c3612312bb.tar.gz browser-extension-f2cf9f1243ad131ae8194576b69f55c3612312bb.zip | |
prevent injected scripts from executing out of orderv2.0-beta1
| -rw-r--r-- | content/content.js | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/content/content.js b/content/content.js index c492d53..998ff49 100644 --- a/content/content.js +++ b/content/content.js @@ -143,12 +143,17 @@ async function main() { for (const script_contents of scripts) { const html_ns = "http://www.w3.org/1999/xhtml"; const script = document.createElementNS(html_ns, "script"); + const load_prom = new Promise( + (...cbs) => [script.onload, script.onerror] = cbs + ); const blobby_opts = {type: "text/javascript;charset=UTF-8"}; const blobby = new Blob([script_contents], blobby_opts); script.src = URL.createObjectURL(blobby); script.setAttribute("nonce", policy.nonce); + document.documentElement.append(script); + await load_prom; script.remove(); } } |