diff options
| author | hackademix | 2020-03-25 14:58:34 +0100 |
|---|---|---|
| committer | hackademix | 2020-03-25 14:59:48 +0100 |
| commit | 24aedad38c9d8fd97107031570a5bab007f3d0c2 (patch) | |
| tree | 3f2522e9a6d47e6b6fb729550bd5c117c1f516ae /src | |
| parent | f10166117553bb36f0348e3c57f395abfff82e1a (diff) | |
| download | noscript-24aedad38c9d8fd97107031570a5bab007f3d0c2.tar.gz noscript-24aedad38c9d8fd97107031570a5bab007f3d0c2.tar.xz noscript-24aedad38c9d8fd97107031570a5bab007f3d0c2.zip | |
Further refresh syntax parsing leniency (thanks insertscript).
Diffstat (limited to 'src')
| -rw-r--r-- | src/bg/ReportingCSP.js | 2 | ||||
| -rw-r--r-- | src/content/content.js | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/src/bg/ReportingCSP.js b/src/bg/ReportingCSP.js index 08e7a90..fc08527 100644 --- a/src/bg/ReportingCSP.js +++ b/src/bg/ReportingCSP.js @@ -37,7 +37,7 @@ function ReportingCSP(reportURI, reportGroup) { } else if (blocker && /^(Location|Refresh)$/i.test(h.name)) { // neutralize any HTTP redirection to data: URLs, like Chromium let url = /^R/i.test(h.name) - ? h.value.replace(/^[^,;]*[,;]\W*url[^=]*=[^!#$%&()*+,/:;=?@[\]\w.,~-]*/i, "") : h.value; + ? h.value.replace(/^[^,;]*[,;](?:\W*url[^=]*=)?[^!#$%&()*+,/:;=?@[\]\w.,~-]*/i, "") : h.value; if (/^data:/i.test(url)) { h.value = h.value.slice(0, -url.length) + "data:"; } diff --git a/src/content/content.js b/src/content/content.js index 46c6fc5..d13d13e 100644 --- a/src/content/content.js +++ b/src/content/content.js @@ -118,7 +118,7 @@ notifyPage(); addEventListener("DOMContentLoaded", e => { if (ns.canScript) return; for (let m of document.querySelectorAll("meta[http-equiv=refresh]")) { - if (/^[^,;]*[,;]\W*url[^=]*=[^!#$%&()*+,/:;=?@[\]\w.,~-]*data:/i.test(m.getAttribute("content"))) { + if (/^[^,;]*[,;](?:\W*url[^=]*=)?[^!#$%&()*+,/:;=?@[\]\w.,~-]*data:/i.test(m.getAttribute("content"))) { let url = m.getAttribute("content").replace(/.*?(?=data:)/i, ""); log(`Blocking refresh to ${url}`); window.stop(); |