summaryrefslogtreecommitdiff
path: root/src/lib/CSP.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/CSP.js')
-rw-r--r--src/lib/CSP.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/CSP.js b/src/lib/CSP.js
index f5a2161..ad0afa2 100644
--- a/src/lib/CSP.js
+++ b/src/lib/CSP.js
@@ -22,7 +22,7 @@ class CSP {
CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type) && type !== "application/xhtml+xml";
CSP.headerName = "content-security-policy";
CSP.patchDataURI = (uri, blocker) => {
- let parts = /^data:(?:[^,;]*ml)(;[^,]*)?,/i.exec(uri);
+ let parts = /^data:(?:[^,;]*ml|unknown-content-type)(;[^,]*)?,/i.exec(uri);
if (!(blocker && parts)) {
// not an interesting data: URI, return as it is
return uri;
@@ -33,6 +33,6 @@ CSP.patchDataURI = (uri, blocker) => {
}
// It's a HTML/XML page, let's prepend our CSP blocker to the document
let patch = parts[0] + encodeURIComponent(
- `<meta http-equiv="${CSP.headerName}" content="${blocker}">`);
+ `<meta http-equiv="${CSP.headerName}" content="${blocker}"/>`);
return uri.startsWith(patch) ? uri : patch + uri.substring(parts[0].length);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-13 09:29:40 +0000