diff options
author | hackademix | 2018-08-28 23:28:06 +0200 |
---|---|---|
committer | hackademix | 2018-08-28 23:28:06 +0200 |
commit | 5c3d5354f2aa3d9cc4ab7fcdf15c3350122851cb (patch) | |
tree | a44463a533753e84c04ec3c413f366b318932ad8 /src/common | |
parent | 9b32ee87946b4aff80114d4372a768ed1a9af887 (diff) | |
download | noscript-5c3d5354f2aa3d9cc4ab7fcdf15c3350122851cb.tar.gz noscript-5c3d5354f2aa3d9cc4ab7fcdf15c3350122851cb.tar.xz noscript-5c3d5354f2aa3d9cc4ab7fcdf15c3350122851cb.zip |
Reload-less service worker busting.
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/CapsCSP.js | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/src/common/CapsCSP.js b/src/common/CapsCSP.js index 17a949c..4b8fde6 100644 --- a/src/common/CapsCSP.js +++ b/src/common/CapsCSP.js @@ -4,24 +4,25 @@ function CapsCSP(baseCSP = new CSP()) { return Object.assign(baseCSP, { types: ["script", "object", "media"], dataUriTypes: ["font", "media", "object"], - buildFromCapabilities(capabilities, netBlocker = false) { + buildFromCapabilities(capabilities, blockHttp = false) { let forbidData = new Set(this.dataUriTypes.filter(t => !capabilities.has(t))); - let blockedTypes; - if (netBlocker) { - blockedTypes = new Set(this.types.filter(t => !capabilities.has(t))); - } else if(!capabilities.has("script")) { - blockedTypes = new Set(["script"]); - forbidData.add("object"); // data: URIs loaded in objects may run scripts - } else { - blockedTypes = new Set(); + let blockedTypes = new Set(this.types.filter(t => !capabilities.has(t))); + if(!capabilities.has("script")) { + blockedTypes.add("worker"); + if (!blockedTypes.has("object")) { + // data: URIs loaded in objects may run scripts + blockedTypes.add({name: "object", value: "http: https:"}); + } } - - for (let type of forbidData) { - if (blockedTypes.has(type)) continue; + + if (!blockHttp) { // HTTP is blocked in onBeforeRequest, let's allow it only and block // for instance data: and blob: URIs - let dataBlocker = {name: type, value: "http: https:"}; - blockedTypes.add(dataBlocker) + for (let type of this.dataUriTypes) { + if (blockedTypes.delete(type)) { + blockedTypes.add({name: type, value: "http: https:"}); + } + } } return blockedTypes.size ? this.buildBlocker(...blockedTypes) : null; |