diff options
| author | hackademix | 2018-08-25 11:29:43 +0200 |
|---|---|---|
| committer | hackademix | 2018-08-25 11:29:43 +0200 |
| commit | a1e567e9ec1f9d0ffd82a22c129165b60c499e0e (patch) | |
| tree | fc935a459393366546066afb3871290763e42cd7 /src/bg | |
| parent | 5e397a3bf88205c6300010e4d124c2621d167f74 (diff) | |
| download | noscript-a1e567e9ec1f9d0ffd82a22c129165b60c499e0e.tar.gz noscript-a1e567e9ec1f9d0ffd82a22c129165b60c499e0e.tar.xz noscript-a1e567e9ec1f9d0ffd82a22c129165b60c499e0e.zip | |
Hotfix for some possible reload loops before refactoring CSP management.
Diffstat (limited to 'src/bg')
| -rw-r--r-- | src/bg/RequestGuard.js | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 68b74b9..7bdc929 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -425,23 +425,25 @@ var RequestGuard = (() => { (!content.type || /^\s*(?:video|audio|application)\//.test(content.type))) { debug(`Suspicious content type "%s" in request %o with capabilities %o`, content.type, request, capabilities); - blockedTypes = CSP.types.filter(t => !capabilities.has(t)); + blockedTypes = new Set(CSP.types.filter(t => !capabilities.has(t))); } else if(!canScript) { - blockedTypes = ["script"]; + blockedTypes = new Set(["script"]); forbidData.add("object"); // data: URIs loaded in objects may run scripts + } else { + blockedTypes = new Set(); } for (let type of forbidData) { // object, font, media - if (blockedTypes.includes(type)) continue; + if (blockedTypes.has(type)) continue; // HTTP is blocked in onBeforeRequest, let's allow it only and block // for instance data: and blob: URIs let dataBlocker = {name: type, value: "http: https:"}; - if (blockedTypes) blockedTypes.push(dataBlocker) - else blockedTypes = [dataBlocker]; + blockedTypes.add(dataBlocker) } - debug("Blocked types", blockedTypes); - if (blockedTypes && blockedTypes.length) { + + if (blockedTypes.size) { + debug("Blocked types", blockedTypes); blocker = CSP.createBlocker(...blockedTypes); } |