diff options
author | hackademix | 2019-07-21 23:29:19 +0200 |
---|---|---|
committer | hackademix | 2019-07-23 18:11:14 +0200 |
commit | e7c1761f7ca2710a398997c5d2efae32ad701ffd (patch) | |
tree | de024dea4263533cbc6b56941cd90f5e91451e0b /src | |
parent | 8f71c8f4d35f3af21b59439e7afb6ebf3b6ea8e8 (diff) | |
download | noscript-e7c1761f7ca2710a398997c5d2efae32ad701ffd.tar.gz noscript-e7c1761f7ca2710a398997c5d2efae32ad701ffd.tar.xz noscript-e7c1761f7ca2710a398997c5d2efae32ad701ffd.zip |
Restore "classic" pasted HTML sanitization feature (patch by barbaz with slight modifications).
Diffstat (limited to 'src')
-rw-r--r-- | src/content/sanitizePaste.js | 58 | ||||
-rw-r--r-- | src/manifest.json | 3 |
2 files changed, 60 insertions, 1 deletions
diff --git a/src/content/sanitizePaste.js b/src/content/sanitizePaste.js new file mode 100644 index 0000000..703f5b3 --- /dev/null +++ b/src/content/sanitizePaste.js @@ -0,0 +1,58 @@ +'use strict'; + +window.addEventListener("paste", e => { + let data = e.clipboardData; + let html = data.getData("text/html"); + let t = e.target; + if (t.nodeType !== 1) t = t.parentElement; + + try { + let node = t.cloneNode(); + + node.innerHTML = html; + + if (sanitizeExtras(node)) { + let sanitized = node.innerHTML; + setTimeout(function() { try { + if (sanitizeExtras(t)) { + console.log(`[NoScript] Sanitized\n<PASTE>\n${html}\n</PASTE>to\n<PASTE>\n${t.innerHTML}\n</PASTE>`, t); + } + } catch(ex) { + console.log(ex); + }}, 0); + } + } catch(ex) { + console.log(ex); + } + + function removeAttribute(node, name, value = node.getAttribute(name)) { + node.setAttribute(`data-noscript-removed-${name}`, value); + node.removeAttribute(name); + } + + function sanitizeExtras(el) { + let ret = false; + + // remove attributes from forms + for (let f of el.getElementsByTagName("form")) { + for (let a of f.attributes) { + f.removeAttribute(a.name); + ret = true; + } + } + + let urlAttributes = ['href', 'to', 'from', 'by', 'values']; + let selector = urlAttributes.map(a => `[${a}]`).join(','); + for (let node of el.querySelectorAll(selector)) { + for (let name of urlAttributes) { + let value = node.getAttribute(name); + if (/^\W*(?:(?:javascript|data):|https?:[\s\S]+[[(<])/i.test(unescape(value))) { + node.setAttribute(`data-noscript-removed-${name}`, value); + node.removeAttribute(name); + ret = true; + } + } + } + return ret; + } +}, true); diff --git a/src/manifest.json b/src/manifest.json index caba4ce..c0fdcb2 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -94,7 +94,8 @@ "content/PlaceHolder.js", "content/embeddingDocument.js", "content/webglHook.js", - "content/media.js" + "content/media.js", + "content/sanitizePaste.js" ] }, { |