From 1814bfa03d090e7f0de7c68124c83fa3adacbfa5 Mon Sep 17 00:00:00 2001
From: hackademix
Date: Tue, 4 Sep 2018 19:48:07 +0200
Subject: Work-around for CSP not being honored when the HEAD element has not
 been inserted yet.

---
 src/content/onScriptDisabled.js | 16 ----------------
 1 file changed, 16 deletions(-)

(limited to 'src/content/onScriptDisabled.js')

diff --git a/src/content/onScriptDisabled.js b/src/content/onScriptDisabled.js
index 79912c9..3606ede 100644
--- a/src/content/onScriptDisabled.js
+++ b/src/content/onScriptDisabled.js
@@ -1,20 +1,4 @@
 function onScriptDisabled() {
-  if (document.URL.startsWith("file:")) {
-    // file: documents are loaded synchronously and may not be affected by
-    // CSP. We already intercept onbeforeexecutescript event, let's cope with
-    // event and URL attributes.
-    for (let e of document.all) {
-      for (let a of e.attributes) {
-        if (/^on\w+/i.test(a.name)) {
-          debug(`Removed %s.%sevent`, e.tagName, a.name);
-          a.value = "";
-        } else if (/^\s*(?:data|javascript):/i.test(unescape(a.value))) {
-          debug(`Neutralized %s.%s="%s" attribute`, e.tagName, a.name, a.value);
-          a.value = "data:";
-        }
-      }
-    }
-  }
   for (let noscript of document.querySelectorAll("noscript")) {
     // force show NOSCRIPT elements content
     let replacement = createHTMLElement("span");
-- 
cgit v1.2.3