Let content script inject failsafe CSP in the DOM.

author: hackademix 2018-08-26 17:43:01 +0200
committer: hackademix 2018-08-27 18:55:00 +0200
commit: 6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a (patch)
tree: ed610783c9f36b5625179bff318194bd118c53f0 /src/content/DocumentCSP.js
parent: e82e961dd75401cd78c5b46c7dde4e197557b385 (diff)
download: noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.tar.gz
noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.tar.xz
noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.zip
1 files changed, 26 insertions, 0 deletions
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js
new file mode 100644
index 0000000..228b2a2
--- /dev/null
+++ b/src/content/DocumentCSP.js
@@ -0,0 +1,26 @@
+'use strict';
+
+class DocumentCSP {
+  constructor(document) {
+    this.document = document;
+    this.builder = new CapsCSP();
+  }
+  
+  apply(capabilities) {
+    let csp = this.builder;
+    let blocker = csp.buildFromCapabilities(capabilities);
+    if (!blocker) return;
+    
+    let document = this.document;
+    let header = csp.asHeader(blocker);
+    let meta = document.createElementNS("http://www.w3.org/1999/xhtml", "meta");
+    meta.setAttribute("http-equiv", header.name);
+    meta.setAttribute("content", header.value);
+    let parent = document.head || document.documentElement;
+    try {
+      parent.insertBefore(meta, parent.firstChild);
+    } catch (e) {
+      error(e, "Error inserting CSP %s in the DOM", header && header.value);
+    }
+  }
+}
author	hackademix	2018-08-26 17:43:01 +0200
committer	hackademix	2018-08-27 18:55:00 +0200
commit	6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a (patch)
tree	ed610783c9f36b5625179bff318194bd118c53f0 /src/content/DocumentCSP.js
parent	e82e961dd75401cd78c5b46c7dde4e197557b385 (diff)
download	noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.tar.gz noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.tar.xz noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.zip