diff options
| author | hackademix | 2018-12-17 16:32:53 +0100 |
|---|---|---|
| committer | hackademix | 2018-12-17 17:43:19 +0100 |
| commit | bbd050a1743dc0fb366ab9c7c1f60ed92cfc2905 (patch) | |
| tree | 0a9f4910c33d10c8e4b6f144fcf9d9c3fab2e867 | |
| parent | c3e803a7dc2325b1dd25c796268872f9ae7d76ad (diff) | |
| download | noscript-bbd050a1743dc0fb366ab9c7c1f60ed92cfc2905.tar.gz noscript-bbd050a1743dc0fb366ab9c7c1f60ed92cfc2905.tar.xz noscript-bbd050a1743dc0fb366ab9c7c1f60ed92cfc2905.zip | |
Cascade top document's restrictions to subframes (Tor issue #28873).
| -rw-r--r-- | src/bg/RequestGuard.js | 25 |
1 files changed, 20 insertions, 5 deletions
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 92f32b0..a174eba 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -310,18 +310,33 @@ var RequestGuard = (() => { pending = pendingRequests.get(request.requestId); } pending.headersProcessed = true; - let {url, documentUrl, statusCode, tabId, responseHeaders, type} = request; + let {url, documentUrl, frameAncestors, statusCode, tabId, + responseHeaders, type} = request; let isMainFrame = type === "main_frame"; try { let capabilities; if (ns.isEnforced(tabId)) { let policy = ns.policy; let perms = policy.get(url, documentUrl).perms; - if (policy.autoAllowTop && isMainFrame && perms === policy.DEFAULT) { - policy.set(Sites.optimalKey(url), perms = policy.TRUSTED.tempTwin); - await ChildPolicies.update(policy); + if (isMainFrame) { + if (policy.autoAllowTop && perms === policy.DEFAULT) { + policy.set(Sites.optimalKey(url), perms = policy.TRUSTED.tempTwin); + await ChildPolicies.update(policy); + } + capabilities = perms.capabilities; + } else { + capabilities = perms.capabilities; + if (frameAncestors.length > 0) { + // cascade top document's restrictions to subframes + let topUrl = frameAncestors.pop().url; + let topPerms = policy.get(topUrl, topUrl).perms; + if (topPerms !== perms) { + let topCaps = topPerms.capabilities; + // intersect capabilities + capabilities = new Set([...capabilities].filter(c => topCaps.has(c))); + } + } } - capabilities = perms.capabilities; } else { if (isMainFrame || type === "sub_frame") { let unrestricted = ns.unrestrictedTabs.has(tabId) && {unrestricted: true}; |