From 5b419aedd564e6506aa2fc8bddcaa5d601888f17 Mon Sep 17 00:00:00 2001 From: jahoti Date: Mon, 2 Aug 2021 00:00:00 +0000 Subject: [UNTESTED- will test] Add filtering for http-equiv CSP headers --- content/main.js | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'content') diff --git a/content/main.js b/content/main.js index 9ed557c..5edb8a6 100644 --- a/content/main.js +++ b/content/main.js @@ -19,6 +19,7 @@ * IMPORT is_chrome * IMPORT is_mozilla * IMPORT start_activity_info_server + * IMPORT sanitize_csp_header * IMPORTS_END */ @@ -65,6 +66,17 @@ function block_node(node) block_script(node); return; } + + else if (node.tagName === 'META' && + node.getAttribute('http-equiv') === 'content-security-policy') { + + node.content = sanitize_csp_header( + {value: node.content}, + `'nonce-${nonce}'`, + !policy.allow + ).value; + return; + } sanitize_attributes(node); @@ -114,14 +126,13 @@ if (!is_privileged_url(document.URL)) { if (!policy.allow) { block_nodes_recursively(document.documentElement); - if (is_chrome) { - var observer = new MutationObserver(handle_mutation); - observer.observe(document.documentElement, { - attributes: true, - childList: true, - subtree: true - }); - } + /* Now needed on Mozilla as well to sanitize CSP header */ + var observer = new MutationObserver(handle_mutation); + observer.observe(document.documentElement, { + attributes: true, + childList: true, + subtree: true + }); if (is_mozilla) addEventListener('beforescriptexecute', mozilla_suppress_scripts, true); -- cgit v1.2.3