diff options
author | Wojtek Kosior <koszko@koszko.org> | 2021-09-06 20:45:50 +0200 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2021-09-06 20:45:50 +0200 |
commit | 704f2da0673dc714f72b9bb82f6bf648795d4335 (patch) | |
tree | 15d4819bef4c984b6494bbf4d188d42d285352cb /content/freezer.js | |
parent | ed08ef1a6df1713a0e00ccd656f4bb4ed44647a4 (diff) | |
download | browser-extension-704f2da0673dc714f72b9bb82f6bf648795d4335.tar.gz browser-extension-704f2da0673dc714f72b9bb82f6bf648795d4335.zip |
re-enable sanitizing of data: URLs and also sanitize intrinsics on non-HTML pages where CSP doesn't work
Diffstat (limited to 'content/freezer.js')
-rw-r--r-- | content/freezer.js | 64 |
1 files changed, 0 insertions, 64 deletions
diff --git a/content/freezer.js b/content/freezer.js deleted file mode 100644 index 0ea362e..0000000 --- a/content/freezer.js +++ /dev/null @@ -1,64 +0,0 @@ -/** - * Helper functions for blocking scripts in pages, based off NoScript's lib/DocumentFreezer.js - * - * Copyright (C) 2005-2021 Giorgio Maone - https://maone.net - * Copyright (C) 2021 jahoti - * Redistribution terms are gathered in the `copyright' file. - */ - -const loaderAttributes = ["href", "src", "data"]; -const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i; - -function sanitize_attributes(element) { - if (element._frozen) - return; - let fa = []; - let loaders = []; - let attributes = element.attributes || []; - - for (let a of attributes) { - let name = a.localName.toLowerCase(); - if (loaderAttributes.includes(name)) - if (jsOrDataUrlRx.test(a.value)) - loaders.push(a); - - else if (name.startsWith("on")) { - console.debug("Removing", a, element.outerHTML); - fa.push(a.cloneNode()); - a.value = ""; - element[name] = null; - } - } - if (loaders.length) { - for (let a of loaders) { - fa.push(a.cloneNode()); - a.value = "javascript://frozen"; - } - if ("contentWindow" in element) - element.replaceWith(element = element.cloneNode(true)); - - } - if (fa.length) - element._frozenAttributes = fa; - element._frozen = true; -} - -function mozilla_suppress_scripts(e) { - if (document.readyState === 'complete') { - removeEventListener('beforescriptexecute', blockExecute, true); - console.log('Script suppressor has detached.'); - return; - } - console.log("script event", e); - if (e.isTrusted && !e.target._hachette_payload) { - e.preventDefault(); - console.log('Suppressed script', e.target); - } -}; - -/* - * EXPORTS_START - * EXPORT mozilla_suppress_scripts - * EXPORT sanitize_attributes - * EXPORTS_END - */ |