summaryrefslogtreecommitdiff
path: root/content/main.js
diff options
context:
space:
mode:
Diffstat (limited to 'content/main.js')
-rw-r--r--content/main.js21
1 files changed, 17 insertions, 4 deletions
diff --git a/content/main.js b/content/main.js
index 9acf749..3204a8a 100644
--- a/content/main.js
+++ b/content/main.js
@@ -2,15 +2,18 @@
* Myext main content script run in all frames
*
* Copyright (C) 2021 Wojtek Kosior
+ * Copyright (C) 2021 jahoti
* Redistribution terms are gathered in the `copyright' file.
*/
/*
* IMPORTS_START
+ * IMPORT CONNECTION_TYPE
* IMPORT handle_page_actions
* IMPORT url_item
* IMPORT url_extract_target
* IMPORT gen_unique
+ * IMPORT gen_nonce
* IMPORT csp_rule
* IMPORT is_privileged_url
* IMPORT sanitize_attributes
@@ -113,7 +116,7 @@ function inject_csp(head)
let meta = document.createElement("meta");
meta.setAttribute("http-equiv", "Content-Security-Policy");
- meta.setAttribute("content", csp_rule(unique));
+ meta.setAttribute("content", csp_rule(nonce));
if (head.firstElementChild === null)
head.appendChild(meta);
@@ -123,13 +126,23 @@ function inject_csp(head)
if (!is_privileged_url(document.URL)) {
start_activity_info_server();
- handle_page_actions(unique);
+ var nonce, port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
if (is_http()) {
- /* rely on CSP injected through webRequest */
+ /* rely on CSP injected through webRequest, at the cost of having to fetch a nonce via messaging */
+ const nonce_capturer = msg => {
+ port.onMessage.removeListener(nonce_capturer);
+ handle_page_actions(msg[1], port);
+ };
+
+ port.onMessage.addListener(nonce_capturer);
+
} else if (is_whitelisted()) {
- /* do not block scripts at all */
+ /* do not block scripts at all; as a result, there is no need for a green-lighted nonce */
+ handle_page_actions(null, port);
} else {
+ nonce = gen_nonce();
+ handle_page_actions(nonce, port);
block_nodes_recursively(document.documentElement);
if (is_chrome) {