From 261548ff184926567a623e90df7954aeef842d59 Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Wed, 30 Jun 2021 12:28:05 +0200 Subject: emply an sh-based build system; make some changes to blocking --- content/freezer.js | 98 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 50 insertions(+), 48 deletions(-) (limited to 'content/freezer.js') diff --git a/content/freezer.js b/content/freezer.js index cdd0709..1696f53 100644 --- a/content/freezer.js +++ b/content/freezer.js @@ -6,58 +6,60 @@ * Redistribution terms are gathered in the `copyright' file. */ -"use strict"; +const loaderAttributes = ["href", "src", "data"]; +const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i; -(() => { - const loaderAttributes = ["href", "src", "data"]; - const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i; +function sanitize_attributes(element) { + if (element._frozen) + return; + let fa = []; + let loaders = []; + let attributes = element.attributes || []; - function sanitizeAttributes(element) { - if (element._frozen) - return; - let fa = []; - let loaders = []; - for (let a of element.attributes) { - let name = a.localName.toLowerCase(); - if (loaderAttributes.includes(name)) - if (jsOrDataUrlRx.test(a.value)) - loaders.push(a); + for (let a of attributes) { + let name = a.localName.toLowerCase(); + if (loaderAttributes.includes(name)) + if (jsOrDataUrlRx.test(a.value)) + loaders.push(a); - else if (name.startsWith("on")) { - console.debug("Removing", a, element.outerHTML); - fa.push(a.cloneNode()); - a.value = ""; - element[name] = null; - } + else if (name.startsWith("on")) { + console.debug("Removing", a, element.outerHTML); + fa.push(a.cloneNode()); + a.value = ""; + element[name] = null; } - if (loaders.length) { - for (let a of loaders) { - fa.push(a.cloneNode()); - a.value = "javascript://frozen"; - } - if ("contentWindow" in element) - element.replaceWith(element = element.cloneNode(true)); - + } + if (loaders.length) { + for (let a of loaders) { + fa.push(a.cloneNode()); + a.value = "javascript://frozen"; } - if (fa.length) - element._frozenAttributes = fa; - element._frozen = true; + if ("contentWindow" in element) + element.replaceWith(element = element.cloneNode(true)); + } - - function scriptSuppressor(nonce) { - const blockExecute = e => { - if (document.readyState === 'complete') { - removeEventListener('beforescriptexecute', blockExecute, true); - return; - } - else if (e.isTrusted && e.target.getAttribute('nonce') !== nonce) { // Prevent blocking of injected scripts - e.preventDefault(); - console.log('Suppressed script', e.target); - } - }; - return blockExecute; + if (fa.length) + element._frozenAttributes = fa; + element._frozen = true; +} + +function script_suppressor(nonce) { + const blockExecute = e => { + if (document.readyState === 'complete') { + removeEventListener('beforescriptexecute', blockExecute, true); + return; + } + else if (e.isTrusted && e.target.getAttribute('nonce') !== nonce) { // Prevent blocking of injected scripts + e.preventDefault(); + console.log('Suppressed script', e.target); + } }; - - window.scriptSuppressor = scriptSuppressor; - window.sanitize_attributes = sanitizeAttributes; -})(); + return blockExecute; +}; + +/* + * EXPORTS_START + * EXPORT script_suppressor + * EXPORT sanitize_attributes + * EXPORTS_END + */ -- cgit v1.2.3