diff options
author | hackademix | 2020-03-22 11:05:15 +0100 |
---|---|---|
committer | hackademix | 2020-03-22 11:05:15 +0100 |
commit | ab131302cd7ec773b1fa777cda42076a3301696f (patch) | |
tree | d1beb048f665ec19d92c3b40d94f7c15cf09d9b5 /src | |
parent | 3fc639245b83df82c2f9c2a5fa9b7a6cd2a384be (diff) | |
download | noscript-ab131302cd7ec773b1fa777cda42076a3301696f.tar.gz noscript-ab131302cd7ec773b1fa777cda42076a3301696f.tar.xz noscript-ab131302cd7ec773b1fa777cda42076a3301696f.zip |
Uniform refresh url matching across HTTP and DOM checks (thanks insertscript).
Diffstat (limited to 'src')
-rw-r--r-- | src/bg/ReportingCSP.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bg/ReportingCSP.js b/src/bg/ReportingCSP.js index e7ffe0a..08e7a90 100644 --- a/src/bg/ReportingCSP.js +++ b/src/bg/ReportingCSP.js @@ -37,7 +37,7 @@ function ReportingCSP(reportURI, reportGroup) { } else if (blocker && /^(Location|Refresh)$/i.test(h.name)) { // neutralize any HTTP redirection to data: URLs, like Chromium let url = /^R/i.test(h.name) - ? h.value.replace(/^[^,;]*[,;]url[^\w=]*=\s*/i, "") : h.value; + ? h.value.replace(/^[^,;]*[,;]\W*url[^=]*=[^!#$%&()*+,/:;=?@[\]\w.,~-]*/i, "") : h.value; if (/^data:/i.test(url)) { h.value = h.value.slice(0, -url.length) + "data:"; } |