1 files changed, 26 insertions, 8 deletions

diff --git a/common/misc.js b/common/misc.js
index 036eb45..472620e 100644
--- a/common/misc.js
+++ b/common/misc.js
@@ -104,23 +104,40 @@ function is_privileged_url(url)
     return !!/^(chrome(-extension)?|moz-extension):\/\/|^about:/i.exec(url);
 }
 
+/* Sign a given policy for a given time */
+function sign_policy(policy, now, hours_offset) {
+    let time = Math.floor(now / 3600000) + (hours_offset || 0);
+    return gen_unique(time + policy);
+}
+
 /* Extract any policy present in the URL */
 function url_extract_policy(url)
 {
-    var policy_string;
     const targets = url_extract_target(url);
+    if (!targets.target)
+	return targets;
+
+    /* %7B -> { */
+    const index = targets.target.indexOf('%7B');
+    if (index === -1)
+	return targets;
+    
+    const now = new Date();
+    const sig = targets.target.substring(1, index);
+    const policy = targets.target.substring(index);
+    if (
+	sig !== sign_policy(policy, now) &&
+	sig !== sign_policy(policy, now, -1) &&
+	sig !== sign_policy(policy, now, 1)
+    )
+	return targets;
     
     try {
-	policy_string = targets.target.substring(65);
-	targets.policy = JSON.parse(decodeURIComponent(policy_string));
+	targets.policy = JSON.parse(decodeURIComponent(policy));
+	targets.current = targets.policy.base_url === targets.base_url;
     } catch (e) {
 	/* TODO what should happen here? */
     }
-    
-    if (targets.policy) {
-	const sig = gen_unique(policy_string + targets.base_url);
-	targets.valid_sig = targets.target.substring(1, 65) === sig;
-    }
 
     return targets;
 }
@@ -132,6 +149,7 @@ function url_extract_policy(url)
  * EXPORT url_item
  * EXPORT url_extract_target
  * EXPORT url_extract_policy
+ * EXPORT sign_policy
  * EXPORT csp_rule
  * EXPORT nice_name
  * EXPORT open_in_settings