diff options
author | hackademix | 2018-09-04 19:48:07 +0200 |
---|---|---|
committer | hackademix | 2018-09-04 19:48:07 +0200 |
commit | 1814bfa03d090e7f0de7c68124c83fa3adacbfa5 (patch) | |
tree | 93c2ec4320638596427ce82c4f7b2088e94f8c35 /src/content/onScriptDisabled.js | |
parent | 26470b84f681b7db9e500bb4503eab7b8b202879 (diff) | |
download | noscript-1814bfa03d090e7f0de7c68124c83fa3adacbfa5.tar.gz noscript-1814bfa03d090e7f0de7c68124c83fa3adacbfa5.tar.xz noscript-1814bfa03d090e7f0de7c68124c83fa3adacbfa5.zip |
Work-around for CSP not being honored when the HEAD element has not been inserted yet.
Diffstat (limited to 'src/content/onScriptDisabled.js')
-rw-r--r-- | src/content/onScriptDisabled.js | 16 |
1 files changed, 0 insertions, 16 deletions
diff --git a/src/content/onScriptDisabled.js b/src/content/onScriptDisabled.js index 79912c9..3606ede 100644 --- a/src/content/onScriptDisabled.js +++ b/src/content/onScriptDisabled.js @@ -1,20 +1,4 @@ function onScriptDisabled() { - if (document.URL.startsWith("file:")) { - // file: documents are loaded synchronously and may not be affected by - // CSP. We already intercept onbeforeexecutescript event, let's cope with - // event and URL attributes. - for (let e of document.all) { - for (let a of e.attributes) { - if (/^on\w+/i.test(a.name)) { - debug(`Removed %s.%sevent`, e.tagName, a.name); - a.value = ""; - } else if (/^\s*(?:data|javascript):/i.test(unescape(a.value))) { - debug(`Neutralized %s.%s="%s" attribute`, e.tagName, a.name, a.value); - a.value = "data:"; - } - } - } - } for (let noscript of document.querySelectorAll("noscript")) { // force show NOSCRIPT elements content let replacement = createHTMLElement("span"); |