diff options
| author | hackademix | 2018-12-05 09:35:42 +0100 |
|---|---|---|
| committer | hackademix | 2018-12-05 10:10:26 +0100 |
| commit | c94cd48752485bc2abc207c590aa8afce4d3b240 (patch) | |
| tree | 1c20859428268bd4df4b39b92dc0f3397035fa49 /src | |
| parent | 68d0cd056862131f255c1a362a3c6b3ec24c6625 (diff) | |
| download | noscript-c94cd48752485bc2abc207c590aa8afce4d3b240.tar.gz noscript-c94cd48752485bc2abc207c590aa8afce4d3b240.tar.xz noscript-c94cd48752485bc2abc207c590aa8afce4d3b240.zip | |
Fixed placeholders missing for some blocked embeddings (Tor ticket #28720).
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/CSP.js | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/CSP.js b/src/lib/CSP.js index 79590bc..666f4a1 100644 --- a/src/lib/CSP.js +++ b/src/lib/CSP.js @@ -1,23 +1,23 @@ "use strict"; class CSP { - + build(...directives) { return directives.join(';'); } - + buildBlocker(...types) { return this.build(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`))); } - + blocks(header, type) { return `;${header};`.includes(`;${type}-src 'none';`) } - + asHeader(value) { return {name: CSP.headerName, value}; } } -CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type); +CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type) && type !== "application/xhtml+xml"; CSP.headerName = "content-security-policy"; |