diff options
Diffstat (limited to 'content')
-rw-r--r-- | content/main.js | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/content/main.js b/content/main.js index 9e98635..d97747f 100644 --- a/content/main.js +++ b/content/main.js @@ -46,9 +46,19 @@ #FROM content/page_actions.js IMPORT handle_page_actions #FROM common/misc.js IMPORT gen_nonce, is_privileged_url, \ - make_csp_rule, csp_header_regex + csp_header_regex #FROM common/browser.js IMPORT browser +/* CSP rule that blocks scripts according to policy's needs. */ +function make_csp_rule(policy) +{ + let rule = "prefetch-src 'none'; script-src-attr 'none';"; + const script_src = policy.nonce !== undefined ? + `'nonce-${policy.nonce}'` : "'none'"; + rule += ` script-src ${script_src}; script-src-elem ${script_src};`; + return rule; +} + document.content_loaded = document.readyState === "complete"; const wait_loaded = e => e.content_loaded ? Promise.resolve() : new Promise(c => e.addEventListener("DOMContentLoaded", c, {once: true})); |