diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/bg/RequestGuard.js | 1 | ||||
-rw-r--r-- | src/bg/main.js | 23 | ||||
-rw-r--r-- | src/content/content.js | 3 | ||||
-rw-r--r-- | src/lib/Messages.js | 28 | ||||
-rw-r--r-- | src/lib/restricted.js | 4 |
5 files changed, 36 insertions, 23 deletions
diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 947a7c1..e507806 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -394,6 +394,7 @@ var RequestGuard = (() => { let blockedURI = report['blocked-uri']; if (blockedURI && blockedURI !== 'self') { let r = fakeRequestFromCSP(report, request); + if (r.url === 'inline') r.url = request.documentURI; Content.reportTo(r, false, policyTypesMap[r.type]); TabStatus.record(r, "blocked"); } else if (report["violated-directive"] === "script-src" && /; script-src 'none'/.test(report["original-policy"])) { diff --git a/src/bg/main.js b/src/bg/main.js index 9976f8f..376a981 100644 --- a/src/bg/main.js +++ b/src/bg/main.js @@ -24,7 +24,7 @@ async function init() { await Defaults.init(); - + let policyData = (await Storage.get("sync", "policy")).policy; if (policyData && policyData.DEFAULT) { ns.policy = new Policy(policyData); @@ -116,7 +116,7 @@ await Settings.update(settings); toggleCtxMenuItem(); }, - + async broadcastSettings({ tabId = -1 }) { @@ -140,12 +140,12 @@ async importSettings({data}) { return await Settings.import(data); }, - + async fetchChildPolicy({url, contextUrl}, sender) { - return ChildPolicies.getForDocument(ns.policy, + return ChildPolicies.getForDocument(ns.policy, url || sender.url, contextUrl || sender.tab.url); }, - + async openStandalonePopup() { let win = await browser.windows.getLastFocused(); let [tab] = (await browser.tabs.query({ @@ -184,10 +184,10 @@ if (this.running) return; this.running = true; - deferWebTraffic(init(), + deferWebTraffic(init(), async () => { Commands.install(); - + this.devMode = (await browser.management.getSelf()).installType === "development"; if (this.local.debug) { if (this.devMode) { @@ -231,16 +231,17 @@ }, async collectSeen(tabId) { - try { let seen = Array.from(await Messages.send("collect", {}, {tabId, frameId: 0})); debug("Collected seen", seen); return seen; } catch (e) { - // probably a page where content scripts cannot run, let's open the options instead - error(e, "Cannot collect noscript activity data"); + await include("/lib/restricted.js"); + if (!isRestrictedURL((await browser.tabs.get(tabId)).url)) { + // probably a page where content scripts cannot run, let's open the options instead + error(e, "Cannot collect noscript activity data"); + } } - return null; }, }; diff --git a/src/content/content.js b/src/content/content.js index 3709bd1..c501282 100644 --- a/src/content/content.js +++ b/src/content/content.js @@ -51,8 +51,7 @@ var notifyPage = async () => { if (!("canScript" in ns)) { let childPolicy = await Messages.send("fetchChildPolicy", {url: document.URL}); if (!childPolicy) { - debug(`No answer to fetchChildPolicy message. Still initializing?`); - setTimeout(notifyPage, 300); + debug(`No answer to fetchChildPolicy message. This should not be happening.`); return; } ns.config.CURRENT = childPolicy.CURRENT; diff --git a/src/lib/Messages.js b/src/lib/Messages.js index b8977cf..8152555 100644 --- a/src/lib/Messages.js +++ b/src/lib/Messages.js @@ -3,10 +3,11 @@ let handlers = new Set(); let dispatch = async (msg, sender) => { - let {_messageName} = msg; + let {__meta} = msg; + let {name} = __meta; let answers = []; for (let h of handlers) { - let f = h[_messageName]; + let f = h[name]; if (typeof f === "function") { answers.push(f(msg, sender)); } @@ -16,8 +17,17 @@ answers.length === 1 ? answers.pop(): Promise.all(answers) ); } - console.debug("Warning: no handler for message %s", _messageName); - return undefined; + let context = typeof window === "object" && window.location || null; + let originalSender = __meta.originalSender || sender; + console.debug("Warning: no handler for message %o in context %s", msg, context); + if (originalSender.tab && originalSender.tab.id) { + // if we're receiving a message from content, there might be another + // Messages instance in a different context (e.g. background page vs + // options page vs browser action) capable of processing it, and we've + // just "steal" it. Let's rebroadcast. + return await Messages.send(name, msg, {originalSender}); + } + throw new Error(`No handler registered for message "${name}" in context ${context}`); }; var Messages = { @@ -35,12 +45,12 @@ browser.runtime.onMessage.removeListener(dispatch); } }, - async send(name, args = {}, toContent = null) { - args._messageName = name; - if (toContent && "tabId" in toContent) { + async send(name, args = {}, recipientInfo = null) { + args.__meta = {name, recipientInfo}; + if (recipientInfo && "tabId" in recipientInfo) { let opts; - if ("frameId" in toContent) opts = {frameId: toContent.frameId}; - return await browser.tabs.sendMessage(toContent.tabId, args, opts); + if ("frameId" in recipientInfo) opts = {frameId: recipientInfo.frameId}; + return await browser.tabs.sendMessage(recipientInfo.tabId, args, opts); } return await browser.runtime.sendMessage(args); } diff --git a/src/lib/restricted.js b/src/lib/restricted.js index 6415221..b9bddae 100644 --- a/src/lib/restricted.js +++ b/src/lib/restricted.js @@ -21,7 +21,9 @@ function isRestrictedURL(u) { try { if (typeof u === "string") u = new URL(u); - return u.protocol === "https:" && domains.includes(tld.normalize(u.hostname || "")); + let {protocol, hostname} = u; + return (!/^(?:https?|file|data):$/.test(protocol)) + || protocol === "https:" && hostname && domains.includes(tld.normalize(hostname)); } catch (e) { return false; } |