summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/bg/ChildPolicies.js2
-rw-r--r--src/bg/RequestGuard.js6
-rw-r--r--src/bg/main.js6
-rw-r--r--src/common/Policy.js8
4 files changed, 13 insertions, 9 deletions
diff --git a/src/bg/ChildPolicies.js b/src/bg/ChildPolicies.js
index 5727762..e5024e7 100644
--- a/src/bg/ChildPolicies.js
+++ b/src/bg/ChildPolicies.js
@@ -190,7 +190,7 @@
getForDocument(policy, url, context = null) {
return {
- permissions: policy.get(url, context).perms.dry(),
+ permissions: policy && policy.get(url, context).perms.dry(),
MARKER: marker
};
},
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js
index 0731b7b..c1771aa 100644
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@@ -256,8 +256,8 @@ var RequestGuard = (() => {
});
return redirected;
}
+
const ABORT = {cancel: true}, ALLOW = {};
- const INTERNAL_SCHEME = /^(?:chrome|resource|(?:moz|chrome)-extension|about):/;
const listeners = {
onBeforeRequest(request) {
try {
@@ -272,7 +272,7 @@ var RequestGuard = (() => {
// some extensions make them both undefined,
// see https://github.com/eight04/image-picka/issues/150
) ||
- INTERNAL_SCHEME.test(originUrl))
+ Sites.isInternal(originUrl))
) {
// livemark request or similar browser-internal, always allow;
return ALLOW;
@@ -281,7 +281,7 @@ var RequestGuard = (() => {
request._dataUrl = url;
request.url = url = documentUrl;
}
- let allowed = INTERNAL_SCHEME.test(url) ||
+ let allowed = Sites.isInternal(url) ||
!ns.isEnforced(request.tabId) ||
policy.can(url, policyType, originUrl);
Content.reportTo(request, allowed, policyType);
diff --git a/src/bg/main.js b/src/bg/main.js
index 667be28..5d4f79f 100644
--- a/src/bg/main.js
+++ b/src/bg/main.js
@@ -142,8 +142,10 @@
},
async fetchChildPolicy({url, contextUrl}, sender) {
- return ChildPolicies.getForDocument(ns.policy,
- url || sender.url, contextUrl || sender.tab.url);
+ let {tab} = sender;
+ if (!url) url = sender.url;
+ let policy = !Sites.isInternal(url) && ns.isEnforced(tab.id) ? ns.policy : null;
+ return ChildPolicies.getForDocument(policy, url, contextUrl || tab.url);
},
async openStandalonePopup() {
diff --git a/src/common/Policy.js b/src/common/Policy.js
index 55e9ad1..4fbc4ec 100644
--- a/src/common/Policy.js
+++ b/src/common/Policy.js
@@ -1,10 +1,9 @@
var {Permissions, Policy, Sites} = (() => {
'use strict';
-
const SECURE_DOMAIN_PREFIX = "§:";
const SECURE_DOMAIN_RX = new RegExp(`^${SECURE_DOMAIN_PREFIX}`);
const DOMAIN_RX = new RegExp(`(?:^\\w+://|${SECURE_DOMAIN_PREFIX})?([^/]*)`, "i");
- const SKIP_RX = /^(?:(?:about|chrome|resource|moz-.*):|\[System)/;
+ const INTERNAL_SITE_RX = /^(?:(?:about|chrome|resource|(?:moz|chrome)-.*):|\[System)/;
const VALID_SITE_RX = /^(?:(?:(?:(?:http|ftp|ws)s?|file):)(?:(?:\/\/)[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000.](?:$|\/))?|[\w\u0100-\uf000][\w\u0100-\uf000.-]*[\w\u0100-\uf000]$)/;
let rxQuote = s => s.replace(/[.?*+^$[\]\\(){}|-]/g, "\\$&");
@@ -24,6 +23,9 @@ var {Permissions, Policy, Sites} = (() => {
return VALID_SITE_RX.test(site);
}
+ static isInternal(site) {
+ return INTERNAL_SITE_RX.test(site);
+ }
static originImplies(originKey, site) {
return originKey === site || site.startsWith(`${originKey}/`);
@@ -116,7 +118,7 @@ var {Permissions, Policy, Sites} = (() => {
}
set(k, v) {
- if (!k || SKIP_RX.test(k) || k === "§:") return this;
+ if (!k || Sites.isInternal(k) || k === "§:") return this;
let [,domain] = DOMAIN_RX.exec(k);
if (/[^\u0000-\u007f]/.test(domain)) {
k = k.replace(domain, punycode.toASCII(domain));