aboutsummaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/policy_enforcing.js47
1 files changed, 43 insertions, 4 deletions
diff --git a/content/policy_enforcing.js b/content/policy_enforcing.js
index e230537..639a92a 100644
--- a/content/policy_enforcing.js
+++ b/content/policy_enforcing.js
@@ -162,6 +162,41 @@ function desanitize_script(script) {
delete script.haketilo_blocked_type;
}
+/* The following will only be run on pages without payload. */
+function force_noscript_tag(element) {
+ if (element.tagName !== "NOSCRIPT")
+ return;
+
+ let under_head = false;
+ let ancestor = element;
+ while (true) {
+ ancestor = ancestor.parentElement;
+
+ if (ancestor === null)
+ break;
+
+ if (ancestor === document.head) {
+ under_head = true;
+ break;
+ }
+ }
+
+ const replacement = document.createElement('haketilo-noscript');
+ replacement.innerHTML = element.innerHTML;
+
+ for (const script of [...replacement.querySelectorAll('script')])
+ script.remove();
+
+ if (under_head) {
+ for (const child of replacement.childNodes)
+ element.before(child);
+
+ element.remove();
+ } else {
+ element.replaceWith(replacement);
+ }
+}
+
/*
* Blocking certain attributes that might allow 'javascript:' URLs. Some of
* these are: <iframe>'s 'src' attributes (would normally execute js in URL upon
@@ -254,7 +289,8 @@ function sanitize_tree_onevent(root) {
#ENDIF
/*
- * Sanitize elements on-the-fly as they appear using MutationObserver.
+ * Sanitize elements on-the-fly and force <noscript> tags visible as they appear
+ * using MutationObserver.
*
* Under Abrowser 97 it was observed that MutationObserver does not always work
* as is should. When trying to observe nodes of an XMLDocument the behavior was
@@ -262,8 +298,9 @@ function sanitize_tree_onevent(root) {
* around this we avoid using the "subtree" option altogether and have the same
* code work in all scenarios.
*/
-function MOSanitizer(root) {
- this.root = root;
+function MOSanitizer(root, payload_present) {
+ this.root = root;
+ this.payload_present = payload_present;
this.recursively_sanitize(root);
@@ -305,6 +342,8 @@ MOSanitizer.prototype.recursively_sanitize = function(elem) {
#IF MOZILLA
sanitize_element_onevent(current_elem);
#ENDIF
+ if (!this.payload_present)
+ force_noscript_tag(current_elem);
}
}
@@ -391,7 +430,7 @@ async function sanitize_document(doc, policy) {
substitute_doc.documentElement.replaceWith(root);
#ENDIF
- const sanitizer = new MOSanitizer(root);
+ const sanitizer = new MOSanitizer(root, !!policy.payload);
sanitizer.start();
wait_loaded(doc).then(() => sanitizer.stop());