diff options
| author | hackademix | 2018-09-04 22:43:00 +0200 |
|---|---|---|
| committer | hackademix | 2018-09-04 22:43:00 +0200 |
| commit | f95f7b809d994f4b581ea71885addbfa177b49fb (patch) | |
| tree | bb1a162ec5c53e11700ac1f6c5ba696a04db2ef4 | |
| parent | 1814bfa03d090e7f0de7c68124c83fa3adacbfa5 (diff) | |
| download | noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.tar.gz noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.tar.xz noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.zip | |
Ensure we remove the HEAD element parent of our META CSP policy only if we created it.
| -rw-r--r-- | src/content/DocumentCSP.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js index 7fd666c..63f5d1e 100644 --- a/src/content/DocumentCSP.js +++ b/src/content/DocumentCSP.js @@ -19,7 +19,8 @@ class DocumentCSP { let meta = createHTMLElement("meta"); meta.setAttribute("http-equiv", header.name); meta.setAttribute("content", header.value); - let parent = document.head || + let {head} = document; + let parent = head || document.documentElement.appendChild(createHTMLElement("head")); try { @@ -27,7 +28,7 @@ class DocumentCSP { debug(`Failsafe <meta> CSP inserted in the DOM: "%s"`, header.value); if (capabilities.has("script")) { meta.remove(); - if (!parent.firstChild) parent.remove(); + if (!head) parent.remove(); } } catch (e) { error(e, "Error inserting CSP %s in the DOM", header && header.value); |