diff options
Diffstat (limited to 'src/bg')
-rw-r--r-- | src/bg/RequestGuard.js | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 68b74b9..7bdc929 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -425,23 +425,25 @@ var RequestGuard = (() => { (!content.type || /^\s*(?:video|audio|application)\//.test(content.type))) { debug(`Suspicious content type "%s" in request %o with capabilities %o`, content.type, request, capabilities); - blockedTypes = CSP.types.filter(t => !capabilities.has(t)); + blockedTypes = new Set(CSP.types.filter(t => !capabilities.has(t))); } else if(!canScript) { - blockedTypes = ["script"]; + blockedTypes = new Set(["script"]); forbidData.add("object"); // data: URIs loaded in objects may run scripts + } else { + blockedTypes = new Set(); } for (let type of forbidData) { // object, font, media - if (blockedTypes.includes(type)) continue; + if (blockedTypes.has(type)) continue; // HTTP is blocked in onBeforeRequest, let's allow it only and block // for instance data: and blob: URIs let dataBlocker = {name: type, value: "http: https:"}; - if (blockedTypes) blockedTypes.push(dataBlocker) - else blockedTypes = [dataBlocker]; + blockedTypes.add(dataBlocker) } - debug("Blocked types", blockedTypes); - if (blockedTypes && blockedTypes.length) { + + if (blockedTypes.size) { + debug("Blocked types", blockedTypes); blocker = CSP.createBlocker(...blockedTypes); } |