From c12b9ee3535f5a4515c164b020dfc08df8f1bfbd Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Fri, 3 Sep 2021 19:40:45 +0200 Subject: disable payload injection on non-html pages --- content/activity_info_server.js | 6 ++++++ content/main.js | 2 ++ content/page_actions.js | 9 ++++++++- 3 files changed, 16 insertions(+), 1 deletion(-) (limited to 'content') diff --git a/content/activity_info_server.js b/content/activity_info_server.js index 81a25fb..beecb1a 100644 --- a/content/activity_info_server.js +++ b/content/activity_info_server.js @@ -44,6 +44,11 @@ function report_settings(settings) report_activity("settings", settings); } +function report_content_type(content_type) +{ + report_activity("content_type", content_type); +} + function report_repo_query_action(update, port) { report_activity_oneshot("repo_query_action", update, port); @@ -91,5 +96,6 @@ function start_activity_info_server() * EXPORT start_activity_info_server * EXPORT report_script * EXPORT report_settings + * EXPORT report_content_type * EXPORTS_END */ diff --git a/content/main.js b/content/main.js index 17b6b98..da215b9 100644 --- a/content/main.js +++ b/content/main.js @@ -147,3 +147,5 @@ if (!is_privileged_url(document.URL)) { start_activity_info_server(); } + +console.log("content script"); diff --git a/content/page_actions.js b/content/page_actions.js index bf76790..3799afd 100644 --- a/content/page_actions.js +++ b/content/page_actions.js @@ -11,12 +11,14 @@ * IMPORT browser * IMPORT report_script * IMPORT report_settings + * IMPORT report_content_type * IMPORTS_END */ let policy_received_callback; -/* Snapshot url early because document.URL can be changed by other code. */ +/* Snapshot url and content type early; these can be changed by other code. */ let url; +let is_html; let port; let loaded = false; let scripts_awaiting = []; @@ -52,6 +54,9 @@ function document_loaded(event) function add_script(script_text) { + if (!is_html) + return; + let script = document.createElement("script"); script.textContent = script_text; script.setAttribute("nonce", nonce); @@ -64,6 +69,8 @@ function add_script(script_text) function handle_page_actions(script_nonce, policy_received_cb) { policy_received_callback = policy_received_cb; url = document.URL; + is_html = /html/.test(document.contentType); + report_content_type(document.contentType); document.addEventListener("DOMContentLoaded", document_loaded); port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS}); -- cgit v1.2.3