aboutsummaryrefslogtreecommitdiff
path: root/common
diff options
context:
space:
mode:
Diffstat (limited to 'common')
-rw-r--r--common/misc.js26
1 files changed, 13 insertions, 13 deletions
diff --git a/common/misc.js b/common/misc.js
index 825a117..036eb45 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -35,9 +35,9 @@ function gen_unique(url)
function get_secure_salt()
{
if (is_chrome)
- return browser.runtime.getManifest().key.substring(0, 36);
+ return browser.runtime.getManifest().key.substring(0, 50);
else
- return browser.runtime.getURL("dummy").substr(16, 36);
+ return browser.runtime.getURL("dummy");
}
/*
@@ -107,19 +107,19 @@ function is_privileged_url(url)
/* Extract any policy present in the URL */
function url_extract_policy(url)
{
+ var policy_string;
const targets = url_extract_target(url);
- const key = '#' + get_secure_salt();
- targets.sig = key + gen_unique(targets.base_url);
- if (targets.target && targets.target.startsWith(key)) {
- targets.signed = true;
- if (targets.target.startsWith(targets.sig))
- try {
- const policy_string = targets.target.substring(101);
- targets.policy = JSON.parse(decodeURIComponent(policy_string));
- } catch (e) {
- /* TODO what should happen here? */
- }
+ try {
+ policy_string = targets.target.substring(65);
+ targets.policy = JSON.parse(decodeURIComponent(policy_string));
+ } catch (e) {
+ /* TODO what should happen here? */
+ }
+
+ if (targets.policy) {
+ const sig = gen_unique(policy_string + targets.base_url);
+ targets.valid_sig = targets.target.substring(1, 65) === sig;
}
return targets;