diff options
author | hackademix | 2018-09-04 22:43:00 +0200 |
---|---|---|
committer | hackademix | 2018-09-04 22:43:00 +0200 |
commit | f95f7b809d994f4b581ea71885addbfa177b49fb (patch) | |
tree | bb1a162ec5c53e11700ac1f6c5ba696a04db2ef4 /src/content | |
parent | 1814bfa03d090e7f0de7c68124c83fa3adacbfa5 (diff) | |
download | noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.tar.gz noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.tar.xz noscript-f95f7b809d994f4b581ea71885addbfa177b49fb.zip |
Ensure we remove the HEAD element parent of our META CSP policy only if we created it.
Diffstat (limited to 'src/content')
-rw-r--r-- | src/content/DocumentCSP.js | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js index 7fd666c..63f5d1e 100644 --- a/src/content/DocumentCSP.js +++ b/src/content/DocumentCSP.js @@ -19,7 +19,8 @@ class DocumentCSP { let meta = createHTMLElement("meta"); meta.setAttribute("http-equiv", header.name); meta.setAttribute("content", header.value); - let parent = document.head || + let {head} = document; + let parent = head || document.documentElement.appendChild(createHTMLElement("head")); try { @@ -27,7 +28,7 @@ class DocumentCSP { debug(`Failsafe <meta> CSP inserted in the DOM: "%s"`, header.value); if (capabilities.has("script")) { meta.remove(); - if (!parent.firstChild) parent.remove(); + if (!head) parent.remove(); } } catch (e) { error(e, "Error inserting CSP %s in the DOM", header && header.value); |