From f2cf9f1243ad131ae8194576b69f55c3612312bb Mon Sep 17 00:00:00 2001 From: Wojtek Kosior Date: Mon, 20 Jun 2022 14:41:54 +0200 Subject: prevent injected scripts from executing out of order --- content/content.js | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'content') diff --git a/content/content.js b/content/content.js index c492d53..998ff49 100644 --- a/content/content.js +++ b/content/content.js @@ -143,12 +143,17 @@ async function main() { for (const script_contents of scripts) { const html_ns = "http://www.w3.org/1999/xhtml"; const script = document.createElementNS(html_ns, "script"); + const load_prom = new Promise( + (...cbs) => [script.onload, script.onerror] = cbs + ); const blobby_opts = {type: "text/javascript;charset=UTF-8"}; const blobby = new Blob([script_contents], blobby_opts); script.src = URL.createObjectURL(blobby); script.setAttribute("nonce", policy.nonce); + document.documentElement.append(script); + await load_prom; script.remove(); } } -- cgit v1.2.3