diff options
author | hackademix | 2019-09-30 07:33:22 +0200 |
---|---|---|
committer | hackademix | 2019-09-30 07:37:03 +0200 |
commit | f9f116e65cacc44de9148ed0d81773c7dc082417 (patch) | |
tree | 75d742086940b4655d03e7312669d014d11bfe58 /src | |
parent | 6c60ab2710b90f9eac993357281d55c6dd073118 (diff) | |
download | noscript-f9f116e65cacc44de9148ed0d81773c7dc082417.tar.gz noscript-f9f116e65cacc44de9148ed0d81773c7dc082417.tar.xz noscript-f9f116e65cacc44de9148ed0d81773c7dc082417.zip |
Fix CSP violation reporting management of "fake" blocked-uri like "eval".
Diffstat (limited to 'src')
-rw-r--r-- | src/bg/RequestGuard.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 3936df9..8f4df67 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -443,7 +443,7 @@ var RequestGuard = (() => { let blockedURI = report['blocked-uri']; if (blockedURI && blockedURI !== 'self') { let r = fakeRequestFromCSP(report, request); - if (r.url === 'inline') r.url = request.documentUrl; + if (!/:/.test(r.url)) r.url = request.documentUrl; Content.reportTo(r, false, policyTypesMap[r.type]); TabStatus.record(r, "blocked"); } else if (report["violated-directive"] === "script-src" && /; script-src 'none'/.test(report["original-policy"])) { |