diff options
Diffstat (limited to 'content/main.js')
-rw-r--r-- | content/main.js | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/content/main.js b/content/main.js index 4fe6d43..b2cc9ed 100644 --- a/content/main.js +++ b/content/main.js @@ -180,6 +180,26 @@ function sanitize_meta(meta, policy) meta.content = sanitize_csp_header({value}, policy).value; } +function sanitize_script(script) +{ + script.hachette_blocked_type = script.type; + script.type = "text/plain"; +} + +/* + * Executed after script has been connected to the DOM, when it is no longer + * eligible for being executed by the browser + */ +function desanitize_script(script, policy) +{ + script.setAttribute("type", script.hachette_blocked_type); + + if (script.hachette_blocked_type === undefined) + script.removeAttribute("type"); + + delete script.hachette_blocked_type; +} + function apply_hachette_csp_rules(doc, policy) { const meta = doc.createElement("meta"); @@ -220,7 +240,13 @@ async function sanitize_document(doc, policy) for (const meta of old_html.querySelectorAll("head meta")) sanitize_meta(meta, policy); + for (const script of old_html.querySelectorAll("script")) + sanitize_script(script, policy); + new_html.replaceWith(old_html); + + for (const script of old_html.querySelectorAll("script")) + desanitize_script(script, policy); } if (!is_privileged_url(document.URL)) { |