From 83a8d263f6efddf4f742bf7a687d10bfd1907ef8 Mon Sep 17 00:00:00 2001 From: jahoti Date: Mon, 28 Jun 2021 00:00:00 +0000 Subject: Index two new files intended for the previous commit. --- content/freezer.js | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 content/freezer.js (limited to 'content') diff --git a/content/freezer.js b/content/freezer.js new file mode 100644 index 0000000..cdd0709 --- /dev/null +++ b/content/freezer.js @@ -0,0 +1,63 @@ +/** + * Helper functions for blocking scripts in pages, based off NoScript's lib/DocumentFreezer.js + * + * Copyright (C) 2005-2021 Giorgio Maone - https://maone.net + * Copyright (C) 2021 jahoti + * Redistribution terms are gathered in the `copyright' file. + */ + +"use strict"; + +(() => { + const loaderAttributes = ["href", "src", "data"]; + const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i; + + function sanitizeAttributes(element) { + if (element._frozen) + return; + let fa = []; + let loaders = []; + for (let a of element.attributes) { + let name = a.localName.toLowerCase(); + if (loaderAttributes.includes(name)) + if (jsOrDataUrlRx.test(a.value)) + loaders.push(a); + + else if (name.startsWith("on")) { + console.debug("Removing", a, element.outerHTML); + fa.push(a.cloneNode()); + a.value = ""; + element[name] = null; + } + } + if (loaders.length) { + for (let a of loaders) { + fa.push(a.cloneNode()); + a.value = "javascript://frozen"; + } + if ("contentWindow" in element) + element.replaceWith(element = element.cloneNode(true)); + + } + if (fa.length) + element._frozenAttributes = fa; + element._frozen = true; + } + + function scriptSuppressor(nonce) { + const blockExecute = e => { + if (document.readyState === 'complete') { + removeEventListener('beforescriptexecute', blockExecute, true); + return; + } + else if (e.isTrusted && e.target.getAttribute('nonce') !== nonce) { // Prevent blocking of injected scripts + e.preventDefault(); + console.log('Suppressed script', e.target); + } + }; + return blockExecute; + }; + + window.scriptSuppressor = scriptSuppressor; + window.sanitize_attributes = sanitizeAttributes; +})(); -- cgit v1.2.3