summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
authorWojtek Kosior <koszko@koszko.org>2021-09-03 19:40:45 +0200
committerWojtek Kosior <koszko@koszko.org>2021-09-03 19:40:45 +0200
commitc12b9ee3535f5a4515c164b020dfc08df8f1bfbd (patch)
tree1269f006494771049ad74338a30c3adb420e8407 /content
parentd1d5d4fb2447289029c0075db0ccfd5c22597e88 (diff)
downloadbrowser-extension-c12b9ee3535f5a4515c164b020dfc08df8f1bfbd.tar.gz
browser-extension-c12b9ee3535f5a4515c164b020dfc08df8f1bfbd.zip
disable payload injection on non-html pages
Diffstat (limited to 'content')
-rw-r--r--content/activity_info_server.js6
-rw-r--r--content/main.js2
-rw-r--r--content/page_actions.js9
3 files changed, 16 insertions, 1 deletions
diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index 81a25fb..beecb1a 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -44,6 +44,11 @@ function report_settings(settings)
report_activity("settings", settings);
}
+function report_content_type(content_type)
+{
+ report_activity("content_type", content_type);
+}
+
function report_repo_query_action(update, port)
{
report_activity_oneshot("repo_query_action", update, port);
@@ -91,5 +96,6 @@ function start_activity_info_server()
* EXPORT start_activity_info_server
* EXPORT report_script
* EXPORT report_settings
+ * EXPORT report_content_type
* EXPORTS_END
*/
diff --git a/content/main.js b/content/main.js
index 17b6b98..da215b9 100644
--- a/content/main.js
+++ b/content/main.js
@@ -147,3 +147,5 @@ if (!is_privileged_url(document.URL)) {
start_activity_info_server();
}
+
+console.log("content script");
diff --git a/content/page_actions.js b/content/page_actions.js
index bf76790..3799afd 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -11,12 +11,14 @@
* IMPORT browser
* IMPORT report_script
* IMPORT report_settings
+ * IMPORT report_content_type
* IMPORTS_END
*/
let policy_received_callback;
-/* Snapshot url early because document.URL can be changed by other code. */
+/* Snapshot url and content type early; these can be changed by other code. */
let url;
+let is_html;
let port;
let loaded = false;
let scripts_awaiting = [];
@@ -52,6 +54,9 @@ function document_loaded(event)
function add_script(script_text)
{
+ if (!is_html)
+ return;
+
let script = document.createElement("script");
script.textContent = script_text;
script.setAttribute("nonce", nonce);
@@ -64,6 +69,8 @@ function add_script(script_text)
function handle_page_actions(script_nonce, policy_received_cb) {
policy_received_callback = policy_received_cb;
url = document.URL;
+ is_html = /html/.test(document.contentType);
+ report_content_type(document.contentType);
document.addEventListener("DOMContentLoaded", document_loaded);
port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});