diff options
| author | hackademix | 2018-08-25 11:29:43 +0200 |
|---|---|---|
| committer | hackademix | 2018-08-25 11:29:43 +0200 |
| commit | a1e567e9ec1f9d0ffd82a22c129165b60c499e0e (patch) | |
| tree | fc935a459393366546066afb3871290763e42cd7 /src | |
| parent | 5e397a3bf88205c6300010e4d124c2621d167f74 (diff) | |
| download | noscript-a1e567e9ec1f9d0ffd82a22c129165b60c499e0e.tar.gz noscript-a1e567e9ec1f9d0ffd82a22c129165b60c499e0e.tar.xz noscript-a1e567e9ec1f9d0ffd82a22c129165b60c499e0e.zip | |
Hotfix for some possible reload loops before refactoring CSP management.
Diffstat (limited to 'src')
| -rw-r--r-- | src/bg/RequestGuard.js | 16 | ||||
| -rw-r--r-- | src/content/content.js | 1 | ||||
| -rw-r--r-- | src/manifest.json | 2 |
3 files changed, 10 insertions, 9 deletions
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 68b74b9..7bdc929 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -425,23 +425,25 @@ var RequestGuard = (() => { (!content.type || /^\s*(?:video|audio|application)\//.test(content.type))) { debug(`Suspicious content type "%s" in request %o with capabilities %o`, content.type, request, capabilities); - blockedTypes = CSP.types.filter(t => !capabilities.has(t)); + blockedTypes = new Set(CSP.types.filter(t => !capabilities.has(t))); } else if(!canScript) { - blockedTypes = ["script"]; + blockedTypes = new Set(["script"]); forbidData.add("object"); // data: URIs loaded in objects may run scripts + } else { + blockedTypes = new Set(); } for (let type of forbidData) { // object, font, media - if (blockedTypes.includes(type)) continue; + if (blockedTypes.has(type)) continue; // HTTP is blocked in onBeforeRequest, let's allow it only and block // for instance data: and blob: URIs let dataBlocker = {name: type, value: "http: https:"}; - if (blockedTypes) blockedTypes.push(dataBlocker) - else blockedTypes = [dataBlocker]; + blockedTypes.add(dataBlocker) } - debug("Blocked types", blockedTypes); - if (blockedTypes && blockedTypes.length) { + + if (blockedTypes.size) { + debug("Blocked types", blockedTypes); blocker = CSP.createBlocker(...blockedTypes); } diff --git a/src/content/content.js b/src/content/content.js index 9e40cc1..8ab3654 100644 --- a/src/content/content.js +++ b/src/content/content.js @@ -180,7 +180,6 @@ async function init(oldPage = false) { if (canScript) { if (oldPage) { probe(); - setTimeout(() => init(), 200); return; } if (!shouldScript && diff --git a/src/manifest.json b/src/manifest.json index d23531a..ecf4867 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -8,7 +8,7 @@ "strict_min_version": "59.0" } }, - "version": "10.1.8.22", + "version": "10.1.8.23rc1", "description": "__MSG_Description__", "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'", |