From f9f116e65cacc44de9148ed0d81773c7dc082417 Mon Sep 17 00:00:00 2001 From: hackademix Date: Mon, 30 Sep 2019 07:33:22 +0200 Subject: Fix CSP violation reporting management of "fake" blocked-uri like "eval". --- src/bg/RequestGuard.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/bg') diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index 3936df9..8f4df67 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -443,7 +443,7 @@ var RequestGuard = (() => { let blockedURI = report['blocked-uri']; if (blockedURI && blockedURI !== 'self') { let r = fakeRequestFromCSP(report, request); - if (r.url === 'inline') r.url = request.documentUrl; + if (!/:/.test(r.url)) r.url = request.documentUrl; Content.reportTo(r, false, policyTypesMap[r.type]); TabStatus.record(r, "blocked"); } else if (report["violated-directive"] === "script-src" && /; script-src 'none'/.test(report["original-policy"])) { -- cgit v1.2.3