summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2020-03-01 22:17:55 +0100
committerhackademix2020-03-01 22:17:55 +0100
commit8f2f845856dca93c87573fe63877b9201cf86570 (patch)
tree74f8dee06f7a5347b5a79c60744e2a0095b7eef8
parentacddfd8e79ce1624435f5b5e6239f6d0ccc2d8f2 (diff)
downloadnoscript-8f2f845856dca93c87573fe63877b9201cf86570.tar.gz
noscript-8f2f845856dca93c87573fe63877b9201cf86570.tar.xz
noscript-8f2f845856dca93c87573fe63877b9201cf86570.zip
Fixed CapsCSP bug allowing data: URLs to bypass font blocking (thanks dcent and skriptimaahinen).
-rw-r--r--src/common/CapsCSP.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/common/CapsCSP.js b/src/common/CapsCSP.js
index 6621c95..cc1be72 100644
--- a/src/common/CapsCSP.js
+++ b/src/common/CapsCSP.js
@@ -2,7 +2,7 @@
function CapsCSP(baseCSP = new CSP()) {
return Object.assign(baseCSP, {
- types: ["script", "object", "media"],
+ types: ["script", "object", "media", "font"],
dataUriTypes: ["font", "media", "object"],
buildFromCapabilities(capabilities, blockHttp = false) {
let forbidData = new Set(this.dataUriTypes.filter(t => !capabilities.has(t)));