summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--content/main.js26
1 files changed, 26 insertions, 0 deletions
diff --git a/content/main.js b/content/main.js
index 4fe6d43..b2cc9ed 100644
--- a/content/main.js
+++ b/content/main.js
@@ -180,6 +180,26 @@ function sanitize_meta(meta, policy)
meta.content = sanitize_csp_header({value}, policy).value;
}
+function sanitize_script(script)
+{
+ script.hachette_blocked_type = script.type;
+ script.type = "text/plain";
+}
+
+/*
+ * Executed after script has been connected to the DOM, when it is no longer
+ * eligible for being executed by the browser
+ */
+function desanitize_script(script, policy)
+{
+ script.setAttribute("type", script.hachette_blocked_type);
+
+ if (script.hachette_blocked_type === undefined)
+ script.removeAttribute("type");
+
+ delete script.hachette_blocked_type;
+}
+
function apply_hachette_csp_rules(doc, policy)
{
const meta = doc.createElement("meta");
@@ -220,7 +240,13 @@ async function sanitize_document(doc, policy)
for (const meta of old_html.querySelectorAll("head meta"))
sanitize_meta(meta, policy);
+ for (const script of old_html.querySelectorAll("script"))
+ sanitize_script(script, policy);
+
new_html.replaceWith(old_html);
+
+ for (const script of old_html.querySelectorAll("script"))
+ desanitize_script(script, policy);
}
if (!is_privileged_url(document.URL)) {