diff options
author | Wojtek Kosior <koszko@koszko.org> | 2021-09-04 21:03:03 +0200 |
---|---|---|
committer | Wojtek Kosior <koszko@koszko.org> | 2021-09-04 21:03:03 +0200 |
commit | 51d43685c667567516cfbda8dfeb75e98c00619f (patch) | |
tree | 1947265a5f136d02fc308f67e1409cd93cbf6f89 /content | |
parent | 83039701f41c60db5c42bda7d22951cddfb84188 (diff) | |
download | browser-extension-51d43685c667567516cfbda8dfeb75e98c00619f.tar.gz browser-extension-51d43685c667567516cfbda8dfeb75e98c00619f.zip |
fix script blocking bug under Chromium
Diffstat (limited to 'content')
-rw-r--r-- | content/main.js | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/content/main.js b/content/main.js index 4fe6d43..b2cc9ed 100644 --- a/content/main.js +++ b/content/main.js @@ -180,6 +180,26 @@ function sanitize_meta(meta, policy) meta.content = sanitize_csp_header({value}, policy).value; } +function sanitize_script(script) +{ + script.hachette_blocked_type = script.type; + script.type = "text/plain"; +} + +/* + * Executed after script has been connected to the DOM, when it is no longer + * eligible for being executed by the browser + */ +function desanitize_script(script, policy) +{ + script.setAttribute("type", script.hachette_blocked_type); + + if (script.hachette_blocked_type === undefined) + script.removeAttribute("type"); + + delete script.hachette_blocked_type; +} + function apply_hachette_csp_rules(doc, policy) { const meta = doc.createElement("meta"); @@ -220,7 +240,13 @@ async function sanitize_document(doc, policy) for (const meta of old_html.querySelectorAll("head meta")) sanitize_meta(meta, policy); + for (const script of old_html.querySelectorAll("script")) + sanitize_script(script, policy); + new_html.replaceWith(old_html); + + for (const script of old_html.querySelectorAll("script")) + desanitize_script(script, policy); } if (!is_privileged_url(document.URL)) { |