diff options
| author | hackademix | 2018-08-26 17:43:01 +0200 |
|---|---|---|
| committer | hackademix | 2018-08-27 18:55:00 +0200 |
| commit | 6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a (patch) | |
| tree | ed610783c9f36b5625179bff318194bd118c53f0 /src | |
| parent | e82e961dd75401cd78c5b46c7dde4e197557b385 (diff) | |
| download | noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.tar.gz noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.tar.xz noscript-6e80d3f130773fc9a9123c5c4c2e97d63e90fa2a.zip | |
Let content script inject failsafe CSP in the DOM.
Diffstat (limited to 'src')
| -rw-r--r-- | src/content/DocumentCSP.js | 26 | ||||
| -rw-r--r-- | src/content/content.js | 11 | ||||
| -rw-r--r-- | src/manifest.json | 3 |
3 files changed, 38 insertions, 2 deletions
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js new file mode 100644 index 0000000..228b2a2 --- /dev/null +++ b/src/content/DocumentCSP.js @@ -0,0 +1,26 @@ +'use strict'; + +class DocumentCSP { + constructor(document) { + this.document = document; + this.builder = new CapsCSP(); + } + + apply(capabilities) { + let csp = this.builder; + let blocker = csp.buildFromCapabilities(capabilities); + if (!blocker) return; + + let document = this.document; + let header = csp.asHeader(blocker); + let meta = document.createElementNS("http://www.w3.org/1999/xhtml", "meta"); + meta.setAttribute("http-equiv", header.name); + meta.setAttribute("content", header.value); + let parent = document.head || document.documentElement; + try { + parent.insertBefore(meta, parent.firstChild); + } catch (e) { + error(e, "Error inserting CSP %s in the DOM", header && header.value); + } + } +} diff --git a/src/content/content.js b/src/content/content.js index 8ab3654..a5d996d 100644 --- a/src/content/content.js +++ b/src/content/content.js @@ -61,14 +61,21 @@ if (!this.perms.DEFAULT || this.perms.tabInfo.unrestricted) { this.allows = () => true; + this.capabilities = Object.assign( + new Set(["script"]), { has() { return true; } }); + } else { + let perms = this.perms.CURRENT || this.perms.DEFAULT; + this.capabilities = new Set(perms.capabilities); + new DocumentCSP(document).apply(this.capabilities); } ns.fire("perms"); }, perms: { DEFAULT: null, CURRENT: null, tabInfo: {}, MARKER: "" }, + allows(cap) { - let perms = this.perms.CURRENT; - return perms && perms.capabilities.includes(cap); + return this.capabilities && this.capabilities.has(cap); }, + getWindowName() { return top !== window || !this.perms.MARKER ? window.name : window.name.split(this.perms.MARKER + ",").pop(); diff --git a/src/manifest.json b/src/manifest.json index 5870812..143a776 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -67,6 +67,9 @@ "js": [ "lib/log.js", "lib/Messages.js", + "lib/CSP.js", + "common/CapsCSP.js", + "content/DocumentCSP.js", "content/onScriptDisabled.js", "content/content.js", "content/webglHook.js", |