From e0453b3f3ee03643be07c2a7039ccdad375f2a45 Mon Sep 17 00:00:00 2001 From: hackademix Date: Fri, 24 Aug 2018 22:46:58 +0200 Subject: Version bump: 10.1.8.21. --- src/manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manifest.json b/src/manifest.json index 703d2d9..e292b38 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -8,7 +8,7 @@ "strict_min_version": "59.0" } }, - "version": "10.1.8.21rc1", + "version": "10.1.8.21", "description": "__MSG_Description__", "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'", -- cgit v1.2.3 From 5e397a3bf88205c6300010e4d124c2621d167f74 Mon Sep 17 00:00:00 2001 From: hackademix Date: Fri, 24 Aug 2018 23:06:24 +0200 Subject: Version bump: 10.1.8.22. --- src/manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/manifest.json b/src/manifest.json index e292b38..d23531a 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -8,7 +8,7 @@ "strict_min_version": "59.0" } }, - "version": "10.1.8.21", + "version": "10.1.8.22", "description": "__MSG_Description__", "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'", -- cgit v1.2.3 From a1e567e9ec1f9d0ffd82a22c129165b60c499e0e Mon Sep 17 00:00:00 2001 From: hackademix Date: Sat, 25 Aug 2018 11:29:43 +0200 Subject: Hotfix for some possible reload loops before refactoring CSP management. --- src/bg/RequestGuard.js | 16 +++++++++------- src/content/content.js | 1 - src/manifest.json | 2 +- 3 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 68b74b9..7bdc929 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -425,23 +425,25 @@ var RequestGuard = (() => { (!content.type || /^\s*(?:video|audio|application)\//.test(content.type))) { debug(`Suspicious content type "%s" in request %o with capabilities %o`, content.type, request, capabilities); - blockedTypes = CSP.types.filter(t => !capabilities.has(t)); + blockedTypes = new Set(CSP.types.filter(t => !capabilities.has(t))); } else if(!canScript) { - blockedTypes = ["script"]; + blockedTypes = new Set(["script"]); forbidData.add("object"); // data: URIs loaded in objects may run scripts + } else { + blockedTypes = new Set(); } for (let type of forbidData) { // object, font, media - if (blockedTypes.includes(type)) continue; + if (blockedTypes.has(type)) continue; // HTTP is blocked in onBeforeRequest, let's allow it only and block // for instance data: and blob: URIs let dataBlocker = {name: type, value: "http: https:"}; - if (blockedTypes) blockedTypes.push(dataBlocker) - else blockedTypes = [dataBlocker]; + blockedTypes.add(dataBlocker) } - debug("Blocked types", blockedTypes); - if (blockedTypes && blockedTypes.length) { + + if (blockedTypes.size) { + debug("Blocked types", blockedTypes); blocker = CSP.createBlocker(...blockedTypes); } diff --git a/src/content/content.js b/src/content/content.js index 9e40cc1..8ab3654 100644 --- a/src/content/content.js +++ b/src/content/content.js @@ -180,7 +180,6 @@ async function init(oldPage = false) { if (canScript) { if (oldPage) { probe(); - setTimeout(() => init(), 200); return; } if (!shouldScript && diff --git a/src/manifest.json b/src/manifest.json index d23531a..ecf4867 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -8,7 +8,7 @@ "strict_min_version": "59.0" } }, - "version": "10.1.8.22", + "version": "10.1.8.23rc1", "description": "__MSG_Description__", "content_security_policy": "script-src 'self' 'unsafe-eval'; object-src 'none'", -- cgit v1.2.3