summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/bg/RequestGuard.js16
-rw-r--r--src/content/content.js1
-rw-r--r--src/manifest.json2
3 files changed, 10 insertions, 9 deletions
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index 68b74b9..7bdc929 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -425,23 +425,25 @@ var RequestGuard = (() => {
(!content.type || /^\s*(?:video|audio|application)\//.test(content.type))) {
debug(`Suspicious content type "%s" in request %o with capabilities %o`,
content.type, request, capabilities);
- blockedTypes = CSP.types.filter(t => !capabilities.has(t));
+ blockedTypes = new Set(CSP.types.filter(t => !capabilities.has(t)));
} else if(!canScript) {
- blockedTypes = ["script"];
+ blockedTypes = new Set(["script"]);
forbidData.add("object"); // data: URIs loaded in objects may run scripts
+ } else {
+ blockedTypes = new Set();
}
for (let type of forbidData) { // object, font, media
- if (blockedTypes.includes(type)) continue;
+ if (blockedTypes.has(type)) continue;
// HTTP is blocked in onBeforeRequest, let's allow it only and block
// for instance data: and blob: URIs
let dataBlocker = {name: type, value: "http: https:"};
- if (blockedTypes) blockedTypes.push(dataBlocker)
- else blockedTypes = [dataBlocker];
+ blockedTypes.add(dataBlocker)
}
- debug("Blocked types", blockedTypes);
- if (blockedTypes && blockedTypes.length) {
+
+ if (blockedTypes.size) {
+ debug("Blocked types", blockedTypes);
blocker = CSP.createBlocker(...blockedTypes);
}
diff --git a/src/content/content.js b/src/content/content.js
index 9e40cc1..8ab3654 100644
--- a/src/content/content.js
+++ b/src/content/content.js
@@ -180,7 +180,6 @@ async function init(oldPage = false) {
if (canScript) {
if (oldPage) {
probe();
- setTimeout(() => init(), 200);
return;
}
if (!shouldScript &&
diff --git a/src/manifest.json b/src/manifest.json
index d23531a..ecf4867 100644
--- a/src/manifest.json
+++ b/src/manifest.json
@@ -8,7 +8,7 @@
"strict_min_version": "59.0"
}
},
- "version": "10.1.8.22",
+ "version": "10.1.8.23rc1",
"description": "__MSG_Description__",
"content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'",