summaryrefslogtreecommitdiff
path: root/src/content/sanitizePaste.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/content/sanitizePaste.js')
-rw-r--r--src/content/sanitizePaste.js58
1 files changed, 58 insertions, 0 deletions
diff --git a/src/content/sanitizePaste.js b/src/content/sanitizePaste.js
new file mode 100644
index 0000000..703f5b3
--- /dev/null
+++ b/src/content/sanitizePaste.js
@@ -0,0 +1,58 @@
+'use strict';
+
+window.addEventListener("paste", e => {
+ let data = e.clipboardData;
+ let html = data.getData("text/html");
+ let t = e.target;
+ if (t.nodeType !== 1) t = t.parentElement;
+
+ try {
+ let node = t.cloneNode();
+
+ node.innerHTML = html;
+
+ if (sanitizeExtras(node)) {
+ let sanitized = node.innerHTML;
+ setTimeout(function() { try {
+ if (sanitizeExtras(t)) {
+ console.log(`[NoScript] Sanitized\n<PASTE>\n${html}\n</PASTE>to\n<PASTE>\n${t.innerHTML}\n</PASTE>`, t);
+ }
+ } catch(ex) {
+ console.log(ex);
+ }}, 0);
+ }
+ } catch(ex) {
+ console.log(ex);
+ }
+
+ function removeAttribute(node, name, value = node.getAttribute(name)) {
+ node.setAttribute(`data-noscript-removed-${name}`, value);
+ node.removeAttribute(name);
+ }
+
+ function sanitizeExtras(el) {
+ let ret = false;
+
+ // remove attributes from forms
+ for (let f of el.getElementsByTagName("form")) {
+ for (let a of f.attributes) {
+ f.removeAttribute(a.name);
+ ret = true;
+ }
+ }
+
+ let urlAttributes = ['href', 'to', 'from', 'by', 'values'];
+ let selector = urlAttributes.map(a => `[${a}]`).join(',');
+ for (let node of el.querySelectorAll(selector)) {
+ for (let name of urlAttributes) {
+ let value = node.getAttribute(name);
+ if (/^\W*(?:(?:javascript|data):|https?:[\s\S]+[[(<])/i.test(unescape(value))) {
+ node.setAttribute(`data-noscript-removed-${name}`, value);
+ node.removeAttribute(name);
+ ret = true;
+ }
+ }
+ }
+ return ret;
+ }
+}, true);