[UNTESTED- will test] Add filtering for http-equiv CSP headers

1 files changed, 3 insertions, 37 deletions

diff --git a/background/policy_injector.js b/background/policy_injector.js
index f573d48..80a0e3b 100644
--- a/background/policy_injector.js
+++ b/background/policy_injector.js
@@ -19,7 +19,7 @@
  * IMPORT url_extract_target
  * IMPORT sign_policy
  * IMPORT get_query_best
- * IMPORT parse_csp
+ * IMPORT sanitize_csp_header
  * IMPORTS_END
  */
 
@@ -79,40 +79,6 @@ function url_inject(details)
     };
 }
 
-function process_csp_header(header, rule, block)
-{
-    const csp = parse_csp(header.value);
-
-
-    if (block) {
-	/* No snitching */
-	delete csp['report-to'];
-	delete csp['report-uri'];
-	
-	delete csp['script-src'];
-	delete csp['script-src-elem'];
-
-	csp['script-src-attr'] = ["'none'"];
-	csp['prefetch-src'] = ["'none'"];
-    }
-
-    if ('script-src' in csp)
-	csp['script-src'].push(rule);
-    else
-	csp['script-src'] = [rule];
-
-    if ('script-src-elem' in csp)
-	csp['script-src-elem'].push(rule);
-    else
-	csp['script-src-elem'] = [rule];
-
-    const new_policy = Object.entries(csp).map(
-	i => `${i[0]} ${i[1].join(' ')};`
-    );
-
-    return {name: header.name, value: new_policy.join('')};
-}
-
 function headers_inject(details)
 {
     const targets = url_extract_target(details.url);
@@ -157,10 +123,10 @@ function headers_inject(details)
 
 		orig_csp_headers = csp_headers = null;
 		for (const header of data)
-		    headers.push(process_csp_header(header, rule, block));
+		    headers.push(sanitize_csp_header(header, rule, block));
 	    }
 	} else if (is_chrome || !orig_csp_headers) {
-	    csp_headers.push(process_csp_header(header, rule, block));
+	    csp_headers.push(sanitize_csp_header(header, rule, block));
 	    if (is_mozilla)
 		orig_csp_headers.push(header);
 	}