From 5c3d5354f2aa3d9cc4ab7fcdf15c3350122851cb Mon Sep 17 00:00:00 2001
From: hackademix
Date: Tue, 28 Aug 2018 23:28:06 +0200
Subject: Reload-less service worker busting.

---
 src/common/CapsCSP.js  | 29 +++++++++++++++--------------
 src/content/content.js | 10 ++++++++++
 2 files changed, 25 insertions(+), 14 deletions(-)

diff --git a/src/common/CapsCSP.js b/src/common/CapsCSP.js
index 17a949c..4b8fde6 100644
--- a/src/common/CapsCSP.js
+++ b/src/common/CapsCSP.js
@@ -4,24 +4,25 @@ function CapsCSP(baseCSP = new CSP()) {
   return Object.assign(baseCSP, {
     types: ["script", "object", "media"],
     dataUriTypes: ["font", "media", "object"],
-    buildFromCapabilities(capabilities, netBlocker = false) {
+    buildFromCapabilities(capabilities, blockHttp = false) {
       let forbidData = new Set(this.dataUriTypes.filter(t => !capabilities.has(t)));
-      let blockedTypes;
-      if (netBlocker) {
-        blockedTypes = new Set(this.types.filter(t => !capabilities.has(t)));
-      } else if(!capabilities.has("script")) {
-        blockedTypes = new Set(["script"]);
-        forbidData.add("object"); // data: URIs loaded in objects may run scripts
-      } else {
-        blockedTypes = new Set();
+      let blockedTypes = new Set(this.types.filter(t => !capabilities.has(t)));
+      if(!capabilities.has("script")) {
+        blockedTypes.add("worker");
+        if (!blockedTypes.has("object")) {
+          // data: URIs loaded in objects may run scripts
+          blockedTypes.add({name: "object", value: "http: https:"}); 
+        }
       }
-
-      for (let type of forbidData) {
-        if (blockedTypes.has(type)) continue;
+      
+      if (!blockHttp) {
         // HTTP is blocked in onBeforeRequest, let's allow it only and block
         // for instance data: and blob: URIs
-        let dataBlocker = {name: type, value: "http: https:"};
-        blockedTypes.add(dataBlocker)
+        for (let type of this.dataUriTypes) {
+          if (blockedTypes.delete(type)) {
+            blockedTypes.add({name: type, value: "http: https:"});
+          }
+        }
       }
 
       return blockedTypes.size ? this.buildBlocker(...blockedTypes) : null;
diff --git a/src/content/content.js b/src/content/content.js
index c7fc045..eb4fcdd 100644
--- a/src/content/content.js
+++ b/src/content/content.js
@@ -84,6 +84,16 @@ ns.on("capabilities", () => {
     });
   
   if (!ns.canScript) {
+
+    if (!!navigator.serviceWorker.controller) {
+      addEventListener("beforescriptexecute", e => e.preventDefault());
+        (async () => {
+          for (let r of await navigator.serviceWorker.getRegistrations()) {
+            await r.unregister();
+          }
+        })();
+    }
+
     if (document.readyState !== "loading") onScriptDisabled();
     window.addEventListener("DOMContentLoaded", onScriptDisabled);
   }
-- 
cgit v1.2.3