From c12b9ee3535f5a4515c164b020dfc08df8f1bfbd Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 3 Sep 2021 19:40:45 +0200
Subject: disable payload injection on non-html pages

---
 content/page_actions.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'content/page_actions.js')

diff --git a/content/page_actions.js b/content/page_actions.js
index bf76790..3799afd 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -11,12 +11,14 @@
  * IMPORT browser
  * IMPORT report_script
  * IMPORT report_settings
+ * IMPORT report_content_type
  * IMPORTS_END
  */
 
 let policy_received_callback;
-/* Snapshot url early because document.URL can be changed by other code. */
+/* Snapshot url and content type early; these can be changed by other code. */
 let url;
+let is_html;
 let port;
 let loaded = false;
 let scripts_awaiting = [];
@@ -52,6 +54,9 @@ function document_loaded(event)
 
 function add_script(script_text)
 {
+    if (!is_html)
+	return;
+
     let script = document.createElement("script");
     script.textContent = script_text;
     script.setAttribute("nonce", nonce);
@@ -64,6 +69,8 @@ function add_script(script_text)
 function handle_page_actions(script_nonce, policy_received_cb) {
     policy_received_callback = policy_received_cb;
     url = document.URL;
+    is_html = /html/.test(document.contentType);
+    report_content_type(document.contentType);
 
     document.addEventListener("DOMContentLoaded", document_loaded);
     port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
-- 
cgit v1.2.3