1 files changed, 49 insertions, 1 deletions

diff --git a/common/misc.js b/common/misc.js
index 0d8466e..3c7dc46 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -12,6 +12,7 @@
  * IMPORT browser
  * IMPORT is_chrome
  * IMPORT TYPE_NAME
+ * IMPORT TYPE_PREFIX
  * IMPORTS_END
  */
 
@@ -173,6 +174,52 @@ function parse_csp(csp) {
     return directives;
 }
 
+/* Make CSP headers do our bidding, not interfere */
+function sanitize_csp_header(header, rule, block)
+{
+    const csp = parse_csp(header.value);
+
+    if (block) {
+	/* No snitching */
+	delete csp['report-to'];
+	delete csp['report-uri'];
+
+	delete csp['script-src'];
+	delete csp['script-src-elem'];
+
+	csp['script-src-attr'] = ["'none'"];
+	csp['prefetch-src'] = ["'none'"];
+    }
+
+    if ('script-src' in csp)
+	csp['script-src'].push(rule);
+    else
+	csp['script-src'] = [rule];
+
+    if ('script-src-elem' in csp)
+	csp['script-src-elem'].push(rule);
+    else
+	csp['script-src-elem'] = [rule];
+
+    const new_policy = Object.entries(csp).map(
+	i => `${i[0]} ${i[1].join(' ')};`
+    );
+
+    return {name: header.name, value: new_policy.join('')};
+}
+
+/* Regexes and objest to use as/in schemas for parse_json_with_schema(). */
+const nonempty_string_matcher = /.+/;
+
+const matchers = {
+    sha256: /^[0-9a-f]{64}$/,
+    nonempty_string: nonempty_string_matcher,
+    component: [
+	new RegExp(`^[${TYPE_PREFIX.SCRIPT}${TYPE_PREFIX.BAG}]$`),
+	nonempty_string_matcher
+    ]
+};
+
 /*
  * EXPORTS_START
  * EXPORT gen_nonce
@@ -184,6 +231,7 @@ function parse_csp(csp) {
  * EXPORT nice_name
  * EXPORT open_in_settings
  * EXPORT is_privileged_url
- * EXPORT parse_csp
+ * EXPORT sanitize_csp_header
+ * EXPORT matchers
  * EXPORTS_END
  */