From c12b9ee3535f5a4515c164b020dfc08df8f1bfbd Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Fri, 3 Sep 2021 19:40:45 +0200
Subject: disable payload injection on non-html pages

---
 content/activity_info_server.js | 6 ++++++
 content/main.js                 | 2 ++
 content/page_actions.js         | 9 ++++++++-
 3 files changed, 16 insertions(+), 1 deletion(-)

(limited to 'content')

diff --git a/content/activity_info_server.js b/content/activity_info_server.js
index 81a25fb..beecb1a 100644
--- a/content/activity_info_server.js
+++ b/content/activity_info_server.js
@@ -44,6 +44,11 @@ function report_settings(settings)
     report_activity("settings", settings);
 }
 
+function report_content_type(content_type)
+{
+    report_activity("content_type", content_type);
+}
+
 function report_repo_query_action(update, port)
 {
     report_activity_oneshot("repo_query_action", update, port);
@@ -91,5 +96,6 @@ function start_activity_info_server()
  * EXPORT start_activity_info_server
  * EXPORT report_script
  * EXPORT report_settings
+ * EXPORT report_content_type
  * EXPORTS_END
  */
diff --git a/content/main.js b/content/main.js
index 17b6b98..da215b9 100644
--- a/content/main.js
+++ b/content/main.js
@@ -147,3 +147,5 @@ if (!is_privileged_url(document.URL)) {
 
     start_activity_info_server();
 }
+
+console.log("content script");
diff --git a/content/page_actions.js b/content/page_actions.js
index bf76790..3799afd 100644
--- a/content/page_actions.js
+++ b/content/page_actions.js
@@ -11,12 +11,14 @@
  * IMPORT browser
  * IMPORT report_script
  * IMPORT report_settings
+ * IMPORT report_content_type
  * IMPORTS_END
  */
 
 let policy_received_callback;
-/* Snapshot url early because document.URL can be changed by other code. */
+/* Snapshot url and content type early; these can be changed by other code. */
 let url;
+let is_html;
 let port;
 let loaded = false;
 let scripts_awaiting = [];
@@ -52,6 +54,9 @@ function document_loaded(event)
 
 function add_script(script_text)
 {
+    if (!is_html)
+	return;
+
     let script = document.createElement("script");
     script.textContent = script_text;
     script.setAttribute("nonce", nonce);
@@ -64,6 +69,8 @@ function add_script(script_text)
 function handle_page_actions(script_nonce, policy_received_cb) {
     policy_received_callback = policy_received_cb;
     url = document.URL;
+    is_html = /html/.test(document.contentType);
+    report_content_type(document.contentType);
 
     document.addEventListener("DOMContentLoaded", document_loaded);
     port = browser.runtime.connect({name : CONNECTION_TYPE.PAGE_ACTIONS});
-- 
cgit v1.2.3