summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorhackademix2020-03-22 11:05:15 +0100
committerhackademix2020-03-22 11:05:15 +0100
commitab131302cd7ec773b1fa777cda42076a3301696f (patch)
treed1beb048f665ec19d92c3b40d94f7c15cf09d9b5 /src
parent3fc639245b83df82c2f9c2a5fa9b7a6cd2a384be (diff)
downloadnoscript-ab131302cd7ec773b1fa777cda42076a3301696f.tar.gz
noscript-ab131302cd7ec773b1fa777cda42076a3301696f.tar.xz
noscript-ab131302cd7ec773b1fa777cda42076a3301696f.zip
Uniform refresh url matching across HTTP and DOM checks (thanks insertscript).
Diffstat (limited to 'src')
-rw-r--r--src/bg/ReportingCSP.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bg/ReportingCSP.js b/src/bg/ReportingCSP.js
index e7ffe0a..08e7a90 100644
--- a/src/bg/ReportingCSP.js
+++ b/src/bg/ReportingCSP.js
@@ -37,7 +37,7 @@ function ReportingCSP(reportURI, reportGroup) {
} else if (blocker && /^(Location|Refresh)$/i.test(h.name)) {
// neutralize any HTTP redirection to data: URLs, like Chromium
let url = /^R/i.test(h.name)
- ? h.value.replace(/^[^,;]*[,;]url[^\w=]*=\s*/i, "") : h.value;
+ ? h.value.replace(/^[^,;]*[,;]\W*url[^=]*=[^!#$%&()*+,/:;=?@[\]\w.,~-]*/i, "") : h.value;
if (/^data:/i.test(url)) {
h.value = h.value.slice(0, -url.length) + "data:";
}