diff options
author | Wojtek Kosior <koszko@koszko.org> | 2021-09-03 19:40:45 +0200 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2021-09-03 19:40:45 +0200 |
commit | c12b9ee3535f5a4515c164b020dfc08df8f1bfbd (patch) | |
tree | 1269f006494771049ad74338a30c3adb420e8407 /content/page_actions.js | |
parent | d1d5d4fb2447289029c0075db0ccfd5c22597e88 (diff) | |
download | browser-extension-c12b9ee3535f5a4515c164b020dfc08df8f1bfbd.tar.gz browser-extension-c12b9ee3535f5a4515c164b020dfc08df8f1bfbd.zip |
disable payload injection on non-html pages
Diffstat (limited to 'content/page_actions.js')
-rw-r--r-- | content/page_actions.js | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/content/page_actions.js b/content/page_actions.js index bf76790..3799afd 100644 --- a/content/page_actions.js +++ b/content/page_actions.js @@ -11,12 +11,14 @@ * IMPORT browser * IMPORT report_script * IMPORT report_settings + * IMPORT report_content_type * IMPORTS_END */ let policy_received_callback; -/* Snapshot url early because document.URL can be changed by other code. */ +/* Snapshot url and content type early; these can be changed by other code. */ let url; +let is_html; let port; let loaded = false; let scripts_awaiting = []; @@ -52,6 +54,9 @@ function document_loaded(event) function add_script(script_text) { + if (!is_html) + return; + let script = document.createElement("script"); script.textContent = script_text; script.setAttribute("nonce", nonce); @@ -64,6 +69,8 @@ function add_script(script_text) function handle_page_actions(script_nonce, policy_received_cb) { policy_received_callback = policy_received_cb; url = document.URL; + is_html = /html/.test(document.contentType); + report_content_type(document.contentType); document.addEventListener("DOMContentLoaded", document_loaded); port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS}); |