diff options
author | jahoti <jahoti@tilde.team> | 2021-06-28 00:00:00 +0000 |
---|---|---|
committer | jahoti <jahoti@tilde.team> | 2021-06-28 00:00:00 +0000 |
commit | 83a8d263f6efddf4f742bf7a687d10bfd1907ef8 (patch) | |
tree | 41827d3556f5d397c6ab9a623a220cf285b6dfed /content | |
parent | edbbe4002dadd31fd7eab0522a953e1b1b435767 (diff) | |
download | browser-extension-83a8d263f6efddf4f742bf7a687d10bfd1907ef8.tar.gz browser-extension-83a8d263f6efddf4f742bf7a687d10bfd1907ef8.zip |
Index two new files intended for the previous commit.
Diffstat (limited to 'content')
-rw-r--r-- | content/freezer.js | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/content/freezer.js b/content/freezer.js new file mode 100644 index 0000000..cdd0709 --- /dev/null +++ b/content/freezer.js @@ -0,0 +1,63 @@ +/** + * Helper functions for blocking scripts in pages, based off NoScript's lib/DocumentFreezer.js + * + * Copyright (C) 2005-2021 Giorgio Maone - https://maone.net + * Copyright (C) 2021 jahoti + * Redistribution terms are gathered in the `copyright' file. + */ + +"use strict"; + +(() => { + const loaderAttributes = ["href", "src", "data"]; + const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i; + + function sanitizeAttributes(element) { + if (element._frozen) + return; + let fa = []; + let loaders = []; + for (let a of element.attributes) { + let name = a.localName.toLowerCase(); + if (loaderAttributes.includes(name)) + if (jsOrDataUrlRx.test(a.value)) + loaders.push(a); + + else if (name.startsWith("on")) { + console.debug("Removing", a, element.outerHTML); + fa.push(a.cloneNode()); + a.value = ""; + element[name] = null; + } + } + if (loaders.length) { + for (let a of loaders) { + fa.push(a.cloneNode()); + a.value = "javascript://frozen"; + } + if ("contentWindow" in element) + element.replaceWith(element = element.cloneNode(true)); + + } + if (fa.length) + element._frozenAttributes = fa; + element._frozen = true; + } + + function scriptSuppressor(nonce) { + const blockExecute = e => { + if (document.readyState === 'complete') { + removeEventListener('beforescriptexecute', blockExecute, true); + return; + } + else if (e.isTrusted && e.target.getAttribute('nonce') !== nonce) { // Prevent blocking of injected scripts + e.preventDefault(); + console.log('Suppressed script', e.target); + } + }; + return blockExecute; + }; + + window.scriptSuppressor = scriptSuppressor; + window.sanitize_attributes = sanitizeAttributes; +})(); |