diff options
| author | hackademix | 2019-04-08 15:46:52 +0200 |
|---|---|---|
| committer | hackademix | 2019-04-08 15:46:52 +0200 |
| commit | 7ab201e13360dbd118a98ab46cf226bb1d249517 (patch) | |
| tree | fff0ba700f45d23da0f293f85e34c3dff01ed214 /src | |
| parent | a489c192d6ab3bc70cf6af90f4a60c04a2a76a9d (diff) | |
| download | noscript-7ab201e13360dbd118a98ab46cf226bb1d249517.tar.gz noscript-7ab201e13360dbd118a98ab46cf226bb1d249517.tar.xz noscript-7ab201e13360dbd118a98ab46cf226bb1d249517.zip | |
Catch SecurityException thrown on cross-origin wrappedJSObject access.
Diffstat (limited to 'src')
| -rw-r--r-- | src/content/staticNS.js | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/content/staticNS.js b/src/content/staticNS.js index 3561162..7959341 100644 --- a/src/content/staticNS.js +++ b/src/content/staticNS.js @@ -69,7 +69,12 @@ // The cookie hack won't work for non-HTTP subframes (issue #48), // or the cookie might have been deleted in a race condition, // so here we try to check the parent - let checkParent = parent.wrappedJSObject.checkNoScriptUnrestricted; + let checkParent = null; + try { + checkParent = parent.wrappedJSObject.checkNoScriptUnrestricted; + } catch (e) { + // may throw a SecurityException for cross-origin wrappedJSObject access + } if (typeof checkParent === "function") { try { let challenge = uuid(); |