summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorhackademix2019-07-21 23:29:19 +0200
committerhackademix2019-07-23 18:11:14 +0200
commite7c1761f7ca2710a398997c5d2efae32ad701ffd (patch)
treede024dea4263533cbc6b56941cd90f5e91451e0b /src
parent8f71c8f4d35f3af21b59439e7afb6ebf3b6ea8e8 (diff)
downloadnoscript-e7c1761f7ca2710a398997c5d2efae32ad701ffd.tar.gz
noscript-e7c1761f7ca2710a398997c5d2efae32ad701ffd.tar.xz
noscript-e7c1761f7ca2710a398997c5d2efae32ad701ffd.zip
Restore "classic" pasted HTML sanitization feature (patch by barbaz with slight modifications).
Diffstat (limited to 'src')
-rw-r--r--src/content/sanitizePaste.js58
-rw-r--r--src/manifest.json3
2 files changed, 60 insertions, 1 deletions
diff --git a/src/content/sanitizePaste.js b/src/content/sanitizePaste.js
new file mode 100644
index 0000000..703f5b3
--- /dev/null
+++ b/src/content/sanitizePaste.js
@@ -0,0 +1,58 @@
+'use strict';
+
+window.addEventListener("paste", e => {
+ let data = e.clipboardData;
+ let html = data.getData("text/html");
+ let t = e.target;
+ if (t.nodeType !== 1) t = t.parentElement;
+
+ try {
+ let node = t.cloneNode();
+
+ node.innerHTML = html;
+
+ if (sanitizeExtras(node)) {
+ let sanitized = node.innerHTML;
+ setTimeout(function() { try {
+ if (sanitizeExtras(t)) {
+ console.log(`[NoScript] Sanitized\n<PASTE>\n${html}\n</PASTE>to\n<PASTE>\n${t.innerHTML}\n</PASTE>`, t);
+ }
+ } catch(ex) {
+ console.log(ex);
+ }}, 0);
+ }
+ } catch(ex) {
+ console.log(ex);
+ }
+
+ function removeAttribute(node, name, value = node.getAttribute(name)) {
+ node.setAttribute(`data-noscript-removed-${name}`, value);
+ node.removeAttribute(name);
+ }
+
+ function sanitizeExtras(el) {
+ let ret = false;
+
+ // remove attributes from forms
+ for (let f of el.getElementsByTagName("form")) {
+ for (let a of f.attributes) {
+ f.removeAttribute(a.name);
+ ret = true;
+ }
+ }
+
+ let urlAttributes = ['href', 'to', 'from', 'by', 'values'];
+ let selector = urlAttributes.map(a => `[${a}]`).join(',');
+ for (let node of el.querySelectorAll(selector)) {
+ for (let name of urlAttributes) {
+ let value = node.getAttribute(name);
+ if (/^\W*(?:(?:javascript|data):|https?:[\s\S]+[[(<])/i.test(unescape(value))) {
+ node.setAttribute(`data-noscript-removed-${name}`, value);
+ node.removeAttribute(name);
+ ret = true;
+ }
+ }
+ }
+ return ret;
+ }
+}, true);
diff --git a/src/manifest.json b/src/manifest.json
index caba4ce..c0fdcb2 100644
--- a/src/manifest.json
+++ b/src/manifest.json
@@ -94,7 +94,8 @@
"content/PlaceHolder.js",
"content/embeddingDocument.js",
"content/webglHook.js",
- "content/media.js"
+ "content/media.js",
+ "content/sanitizePaste.js"
]
},
{