1 files changed, 12 insertions, 1 deletions

diff --git a/common/misc.js b/common/misc.js
index 91d60d2..97fc2dc 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -146,6 +146,17 @@ function sanitize_csp_header(header, policy)
     return {name: header.name, value: new_csp.join('')};
 }
 
+/* csp rule that blocks all scripts except for those injected by us */
+function make_csp_rule(policy)
+{
+    let rule = "prefetch-src 'none'; ", nonce = `'nonce-${policy.nonce}'`;
+    if (!policy.allow) {
+	rule += `script-src ${nonce}; script-src-elem ${nonce}; ` +
+	    "script-src-attr 'none'; ";
+    }
+    return rule;
+}
+
 /* Regexes and objects to use as/in schemas for parse_json_with_schema(). */
 const nonempty_string_matcher = /.+/;
 
@@ -161,7 +172,7 @@ const matchers = {
 /*
  * EXPORTS_START
  * EXPORT gen_nonce
- * EXPORT csp_rule
+ * EXPORT make_csp_rule
  * EXPORT is_csp_header_name
  * EXPORT nice_name
  * EXPORT open_in_settings