summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2018-07-17 12:10:17 +0200
committerhackademix2018-07-17 12:10:17 +0200
commit5a60d58d247fe90ea6ff30e6789c09d5c892d80b (patch)
tree3d3af0b1b87e2a060790362112f33f93764fdf73
parent493d40021a8bd9178249f3e84cb411de2c2f0e54 (diff)
downloadnoscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.tar.gz
noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.tar.xz
noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.zip
Prevent script injection from messing with content-disposition=attachment responses.
-rw-r--r--src/bg/RequestUtil.js26
-rw-r--r--src/lib/ContentMetaData.js2
2 files changed, 16 insertions, 12 deletions
diff --git a/src/bg/RequestUtil.js b/src/bg/RequestUtil.js
index 2cd15c2..234ca4a 100644
--- a/src/bg/RequestUtil.js
+++ b/src/bg/RequestUtil.js
@@ -57,6 +57,21 @@
let {requestId, url, tabId, frameId, statusCode} = request;
if (statusCode >= 300 && statusCode < 400) return;
+ if (frameId === 0) {
+ let key = tabKey(tabId, url);
+ debug("Checking whether %s is a reloading tab...", key);
+ if (reloadingTabs.get(key)) {
+ reloadingTabs.set(key, false); // doom it for removal in cleanup
+ return;
+ }
+ }
+ let content = this.getContentMetaData(request);
+ if (content.disposition) {
+ debug("Skipping execute on start of %s %o", url, content);
+ return;
+ }
+ debug("Injecting script on start in %s (%o)", url, content);
+
let scripts = pendingRequests.get(requestId);
let scriptKey = JSON.stringify(details);
if (!scripts) {
@@ -67,17 +82,6 @@
return;
}
- if (frameId === 0) {
- let key = tabKey(tabId, url);
- debug("Checking whether %s is a reloading tab...", key);
- if (reloadingTabs.get(key)) {
- reloadingTabs.set(key, false); // doom it for removal in cleanup
- return;
- }
- }
-
- let content = this.getContentMetaData(request);
- debug(url, content.type, content.charset);
if (xmlFeedOrImage.test(content.type) && !/\/svg\b/i.test(content.type)) return;
if (typeof brokenOnLoad === "undefined") {
brokenOnLoad = await (async () => parseInt((await browser.runtime.getBrowserInfo()).version) < 61)();
diff --git a/src/lib/ContentMetaData.js b/src/lib/ContentMetaData.js
index da335ad..002a212 100644
--- a/src/lib/ContentMetaData.js
+++ b/src/lib/ContentMetaData.js
@@ -4,7 +4,7 @@ class ContentMetaData {
let {responseHeaders} = request;
for (let h of responseHeaders) {
if (/^\s*Content-(Type|Disposition)\s*$/i.test(h.name)) {
- this[h.name.split("-")[1].trim().toLowerCase()] = h.value;
+ this[RegExp.$1.toLowerCase()] = h.value;
}
}
}