diff options
Diffstat (limited to 'content/main.js')
| -rw-r--r-- | content/main.js | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/content/main.js b/content/main.js index a5e04fd..af8cd7c 100644 --- a/content/main.js +++ b/content/main.js @@ -11,7 +11,6 @@ * IMPORT handle_page_actions * IMPORT url_item * IMPORT url_extract_target - * IMPORT url_extract_policy * IMPORT gen_unique * IMPORT gen_nonce * IMPORT csp_rule @@ -27,14 +26,16 @@ /* * Due to some technical limitations the chosen method of whitelisting sites * is to smuggle whitelist indicator in page's url as a "magical" string - * after '#'. Right now this is not needed in HTTP(s) pages where native - * script blocking happens through CSP header injection but is needed for - * protocols like ftp:// and file://. + * after '#'. Right now this is only supplemental in HTTP(s) pages where + * blocking of native scripts also happens through CSP header injection but is + * necessary for protocols like ftp:// and file://. * * The code that actually injects the magical string into ftp:// and file:// * urls has not yet been added to the extension. */ +var nonce = undefined; + function handle_mutation(mutations, observer) { if (document.readyState === 'complete') { @@ -58,9 +59,8 @@ function block_nodes_recursively(node) function block_node(node) { /* - * Modifying <script> element doesn't always prevent its - * execution in some Mozilla browsers. Additional blocking - * through CSP meta tag injection is required. + * Modifying <script> element doesn't always prevent its execution in some + * Mozilla browsers. This is Chromium-specific code. */ if (node.tagName === "SCRIPT") { block_script(node); @@ -99,21 +99,20 @@ function inject_csp(head) } if (!is_privileged_url(document.URL)) { - const targets = url_extract_policy(document.URL); + const targets = url_extract_target(document.URL); if (targets.policy) { - if (targets.target2 !== undefined) + if (targets.target2) window.location.href = targets.base_url + targets.target2; else history.replaceState(null, "", targets.base_url); } - - targets.policy = targets.current ? targets.policy : {}; - - const nonce = targets.policy.nonce || gen_nonce(); - start_activity_info_server(); + + const policy = targets.current ? targets.policy : {}; + + nonce = policy.nonce || gen_nonce(); handle_page_actions(nonce); - if (!targets.policy.allow) { + if (!policy.allow) { block_nodes_recursively(document.documentElement); if (is_chrome) { @@ -128,4 +127,6 @@ if (!is_privileged_url(document.URL)) { if (is_mozilla) addEventListener('beforescriptexecute', mozilla_suppress_scripts, true); } + + start_activity_info_server(); } |