aboutsummaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/freezer.js2
-rw-r--r--content/main.js31
-rw-r--r--content/page_actions.js1
3 files changed, 18 insertions, 16 deletions
diff --git a/content/freezer.js b/content/freezer.js
index 8e543a6..9dbc95e 100644
--- a/content/freezer.js
+++ b/content/freezer.js
@@ -49,7 +49,7 @@ function mozilla_suppress_scripts(e) {
console.log('Script suppressor has detached.');
return;
}
- else if (e.isTrusted) { // Prevent blocking of injected scripts
+ if (e.isTrusted && !e.target._hachette_payload) {
e.preventDefault();
console.log('Suppressed script', e.target);
}
diff --git a/content/main.js b/content/main.js
index 826019a..8f8375e 100644
--- a/content/main.js
+++ b/content/main.js
@@ -11,7 +11,6 @@
* IMPORT handle_page_actions
* IMPORT url_item
* IMPORT url_extract_target
- * IMPORT url_extract_policy
* IMPORT gen_unique
* IMPORT gen_nonce
* IMPORT csp_rule
@@ -27,14 +26,16 @@
/*
* Due to some technical limitations the chosen method of whitelisting sites
* is to smuggle whitelist indicator in page's url as a "magical" string
- * after '#'. Right now this is not needed in HTTP(s) pages where native
- * script blocking happens through CSP header injection but is needed for
- * protocols like ftp:// and file://.
+ * after '#'. Right now this is only supplemental in HTTP(s) pages where
+ * blocking of native scripts also happens through CSP header injection but is
+ * necessary for protocols like ftp:// and file://.
*
* The code that actually injects the magical string into ftp:// and file://
* urls has not yet been added to the extension.
*/
+var nonce = undefined;
+
function handle_mutation(mutations, observer)
{
if (document.readyState === 'complete') {
@@ -58,9 +59,8 @@ function block_nodes_recursively(node)
function block_node(node)
{
/*
- * Modifying <script> element doesn't always prevent its
- * execution in some Mozilla browsers. Additional blocking
- * through CSP meta tag injection is required.
+ * Modifying <script> element doesn't always prevent its execution in some
+ * Mozilla browsers. This is Chromium-specific code.
*/
if (node.tagName === "SCRIPT") {
block_script(node);
@@ -99,21 +99,20 @@ function inject_csp(head)
}
if (!is_privileged_url(document.URL)) {
- const targets = url_extract_policy(document.URL);
+ const targets = url_extract_target(document.URL);
if (targets.policy) {
- if (targets.target2 !== undefined)
+ if (targets.target2)
window.location.href = targets.base_url + targets.target2;
else
history.replaceState(null, "", targets.base_url);
}
-
- targets.policy = targets.current ? targets.policy : {};
-
- const nonce = targets.policy.nonce || gen_nonce();
- start_activity_info_server();
+
+ const policy = targets.current ? targets.policy : {};
+
+ nonce = policy.nonce || gen_nonce();
handle_page_actions(nonce);
- if (!targets.policy.allow) {
+ if (!policy.allow) {
block_nodes_recursively(document.documentElement);
if (is_chrome) {
@@ -128,4 +127,6 @@ if (!is_privileged_url(document.URL)) {
if (is_mozilla)
addEventListener('beforescriptexecute', mozilla_suppress_scripts, true);
}
+
+ start_activity_info_server();
}
diff --git a/content/page_actions.js b/content/page_actions.js
index 07fd1bc..aff56b8 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -50,6 +50,7 @@ function add_script(script_text)
let script = document.createElement("script");
script.textContent = script_text;
script.setAttribute("nonce", nonce);
+ script._hachette_payload = true;
document.body.appendChild(script);
report_script(script_text);