summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2018-09-04 22:43:00 +0200
committerhackademix2018-09-04 22:43:00 +0200
commitf95f7b809d994f4b581ea71885addbfa177b49fb (patch)
treebb1a162ec5c53e11700ac1f6c5ba696a04db2ef4
parent1814bfa03d090e7f0de7c68124c83fa3adacbfa5 (diff)
downloadnoscript-f95f7b809d994f4b581ea71885addbfa177b49fb.tar.gz
noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.tar.xz
noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.zip
Ensure we remove the HEAD element parent of our META CSP policy only if we created it.
-rw-r--r--src/content/DocumentCSP.js5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js
index 7fd666c..63f5d1e 100644
--- a/src/content/DocumentCSP.js
+++ b/src/content/DocumentCSP.js
@@ -19,7 +19,8 @@ class DocumentCSP {
let meta = createHTMLElement("meta");
meta.setAttribute("http-equiv", header.name);
meta.setAttribute("content", header.value);
- let parent = document.head ||
+ let {head} = document;
+ let parent = head ||
document.documentElement.appendChild(createHTMLElement("head"));
try {
@@ -27,7 +28,7 @@ class DocumentCSP {
debug(`Failsafe <meta> CSP inserted in the DOM: "%s"`, header.value);
if (capabilities.has("script")) {
meta.remove();
- if (!parent.firstChild) parent.remove();
+ if (!head) parent.remove();
}
} catch (e) {
error(e, "Error inserting CSP %s in the DOM", header && header.value);