From 83a8d263f6efddf4f742bf7a687d10bfd1907ef8 Mon Sep 17 00:00:00 2001
From: jahoti <jahoti@tilde.team>
Date: Mon, 28 Jun 2021 00:00:00 +0000
Subject: Index two new files intended for the previous commit.

---
 content/freezer.js | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 content/freezer.js

(limited to 'content')

diff --git a/content/freezer.js b/content/freezer.js
new file mode 100644
index 0000000..cdd0709
--- /dev/null
+++ b/content/freezer.js
@@ -0,0 +1,63 @@
+/**
+ * Helper functions for blocking scripts in pages, based off NoScript's lib/DocumentFreezer.js
+ *
+ * Copyright (C) 2005-2021 Giorgio Maone - https://maone.net
+ * Copyright (C) 2021 jahoti
+ * Redistribution terms are gathered in the `copyright' file.
+ */
+
+"use strict";
+
+(() => {
+    const loaderAttributes = ["href", "src", "data"];
+    const jsOrDataUrlRx = /^(?:data:(?:[^,;]*ml|unknown-content-type)|javascript:)/i;
+
+    function sanitizeAttributes(element) {
+	if (element._frozen)
+	    return;
+	let fa = [];
+	let loaders = [];
+	for (let a of element.attributes) {
+	    let name = a.localName.toLowerCase();
+	    if (loaderAttributes.includes(name))
+		if (jsOrDataUrlRx.test(a.value))
+		    loaders.push(a);
+
+	    else if (name.startsWith("on")) {
+		console.debug("Removing", a, element.outerHTML);
+		fa.push(a.cloneNode());
+		a.value = "";
+		element[name] = null;
+	    }
+	}
+	if (loaders.length) {
+	    for (let a of loaders) {
+		fa.push(a.cloneNode());
+		a.value = "javascript://frozen";
+	    }
+	    if ("contentWindow" in element)
+		element.replaceWith(element = element.cloneNode(true));
+
+	}
+	if (fa.length)
+	    element._frozenAttributes = fa;
+	element._frozen = true;
+    }
+    
+    function scriptSuppressor(nonce) {
+	const blockExecute = e => {
+	    if (document.readyState === 'complete') {
+		removeEventListener('beforescriptexecute', blockExecute, true);
+		return;
+	    }
+	    else if (e.isTrusted && e.target.getAttribute('nonce') !== nonce) { // Prevent blocking of injected scripts
+		e.preventDefault();
+		console.log('Suppressed script', e.target);
+	    }
+	};
+	return blockExecute;
+    };
+    
+    window.scriptSuppressor = scriptSuppressor;
+    window.sanitize_attributes = sanitizeAttributes;
+})();
-- 
cgit v1.2.3