summaryrefslogtreecommitdiff
path: root/src/content
diff options
context:
space:
mode:
Diffstat (limited to 'src/content')
-rw-r--r--src/content/DocumentCSP.js26
-rw-r--r--src/content/content.js11
2 files changed, 35 insertions, 2 deletions
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js
new file mode 100644
index 0000000..228b2a2
--- /dev/null
+++ b/src/content/DocumentCSP.js
@@ -0,0 +1,26 @@
+'use strict';
+
+class DocumentCSP {
+ constructor(document) {
+ this.document = document;
+ this.builder = new CapsCSP();
+ }
+
+ apply(capabilities) {
+ let csp = this.builder;
+ let blocker = csp.buildFromCapabilities(capabilities);
+ if (!blocker) return;
+
+ let document = this.document;
+ let header = csp.asHeader(blocker);
+ let meta = document.createElementNS("http://www.w3.org/1999/xhtml", "meta");
+ meta.setAttribute("http-equiv", header.name);
+ meta.setAttribute("content", header.value);
+ let parent = document.head || document.documentElement;
+ try {
+ parent.insertBefore(meta, parent.firstChild);
+ } catch (e) {
+ error(e, "Error inserting CSP %s in the DOM", header && header.value);
+ }
+ }
+}
diff --git a/src/content/content.js b/src/content/content.js
index 8ab3654..a5d996d 100644
--- a/src/content/content.js
+++ b/src/content/content.js
@@ -61,14 +61,21 @@
if (!this.perms.DEFAULT || this.perms.tabInfo.unrestricted) {
this.allows = () => true;
+ this.capabilities = Object.assign(
+ new Set(["script"]), { has() { return true; } });
+ } else {
+ let perms = this.perms.CURRENT || this.perms.DEFAULT;
+ this.capabilities = new Set(perms.capabilities);
+ new DocumentCSP(document).apply(this.capabilities);
}
ns.fire("perms");
},
perms: { DEFAULT: null, CURRENT: null, tabInfo: {}, MARKER: "" },
+
allows(cap) {
- let perms = this.perms.CURRENT;
- return perms && perms.capabilities.includes(cap);
+ return this.capabilities && this.capabilities.has(cap);
},
+
getWindowName() {
return top !== window || !this.perms.MARKER ? window.name
: window.name.split(this.perms.MARKER + ",").pop();