aboutsummaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
authorjahoti <jahoti@tilde.team>2021-08-02 00:00:00 +0000
committerjahoti <jahoti@tilde.team>2021-08-02 00:00:00 +0000
commit5b419aedd564e6506aa2fc8bddcaa5d601888f17 (patch)
tree494d1f7fa1f9600451553d5aaaa68ba28c96d250 /common
parent25817b68c03b25c9b4fcaba2b96ab65f2edfd63c (diff)
downloadbrowser-extension-5b419aedd564e6506aa2fc8bddcaa5d601888f17.tar.gz
browser-extension-5b419aedd564e6506aa2fc8bddcaa5d601888f17.zip
[UNTESTED- will test] Add filtering for http-equiv CSP headers
Diffstat (limited to 'common')
-rw-r--r--common/misc.js36
1 files changed, 35 insertions, 1 deletions
diff --git a/common/misc.js b/common/misc.js
index 0d8466e..d046b65 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -173,6 +173,40 @@ function parse_csp(csp) {
return directives;
}
+/* Make CSP headers do our bidding, not interfere */
+function sanitize_csp_header(header, rule, block)
+{
+ const csp = parse_csp(header.value);
+
+ if (block) {
+ /* No snitching */
+ delete csp['report-to'];
+ delete csp['report-uri'];
+
+ delete csp['script-src'];
+ delete csp['script-src-elem'];
+
+ csp['script-src-attr'] = ["'none'"];
+ csp['prefetch-src'] = ["'none'"];
+ }
+
+ if ('script-src' in csp)
+ csp['script-src'].push(rule);
+ else
+ csp['script-src'] = [rule];
+
+ if ('script-src-elem' in csp)
+ csp['script-src-elem'].push(rule);
+ else
+ csp['script-src-elem'] = [rule];
+
+ const new_policy = Object.entries(csp).map(
+ i => `${i[0]} ${i[1].join(' ')};`
+ );
+
+ return {name: header.name, value: new_policy.join('')};
+}
+
/*
* EXPORTS_START
* EXPORT gen_nonce
@@ -184,6 +218,6 @@ function parse_csp(csp) {
* EXPORT nice_name
* EXPORT open_in_settings
* EXPORT is_privileged_url
- * EXPORT parse_csp
+ * EXPORT sanitize_csp_header
* EXPORTS_END
*/