summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/policy_enforcing.js8
1 files changed, 5 insertions, 3 deletions
diff --git a/content/policy_enforcing.js b/content/policy_enforcing.js
index f6f4081..0bbe3c6 100644
--- a/content/policy_enforcing.js
+++ b/content/policy_enforcing.js
@@ -174,9 +174,11 @@ function sanitize_element_urls(element) {
let some_attr_blocked = false;
- for (const attr of [...element.attributes || []]
- .filter(attr => /^(href|src|data)$/i.test(attr.localName))
- .filter(attr => bad_url_reg.test(attr.value))) {
+ const bad_attrs = [...(element.attributes || [])]
+ .filter(attr => /^(href|src|data)$/i.test(attr.localName))
+ .filter(attr => bad_url_reg.test(attr.value));
+
+ for (const attr of bad_attrs) {
/*
* Under some browsers (Mozilla) removing attributes doesn't stop their
* javascript from executing, but replacing them does. For 'src' and