diff options
Diffstat (limited to 'content')
-rw-r--r-- | content/main.js | 15 |
1 files changed, 5 insertions, 10 deletions
diff --git a/content/main.js b/content/main.js index d55ee2e..8525961 100644 --- a/content/main.js +++ b/content/main.js @@ -10,6 +10,7 @@ * IMPORT handle_page_actions * IMPORT url_item * IMPORT gen_unique + * IMPORT csp_rule * IMPORT sanitize_attributes * IMPORT script_suppressor * IMPORT is_chrome @@ -30,9 +31,8 @@ let url = url_item(document.URL); let unique = gen_unique(url); -let nonce = unique.substring(1); -const suppressor = script_suppressor(nonce); +const suppressor = script_suppressor(unique); function needs_blocking() { @@ -46,7 +46,7 @@ function needs_blocking() let second_target = match[4]; if (first_target !== undefined && - first_target === unique) { + first_target === '#' + unique) { if (second_target !== undefined) window.location.href = base_url + second_target; else @@ -115,12 +115,7 @@ function inject_csp(head) let meta = document.createElement("meta"); meta.setAttribute("http-equiv", "Content-Security-Policy"); - - let rule = `script-src 'nonce-${nonce}'; `; - if (is_chrome) - rule += `script-src-elem 'nonce-${nonce}';`; - - meta.setAttribute("content", rule); + meta.setAttribute("content", csp_rule(unique)); if (head.firstElementChild === null) head.appendChild(meta); @@ -144,4 +139,4 @@ if (needs_blocking()) { addEventListener('beforescriptexecute', suppressor, true); } -handle_page_actions(nonce); +handle_page_actions(unique); |