From 357906df784f62858e38826df6f995dc55bbbcad Mon Sep 17 00:00:00 2001
From: hackademix
Date: Wed, 26 Dec 2018 23:44:36 +0100
Subject: Fix for unrestricted tabs not affecting about:blank subframes (issue
#48).
---
src/content/DocumentCSP.js | 4 ++--
src/content/staticNS.js | 16 +++++++++++++++-
2 files changed, 17 insertions(+), 3 deletions(-)
(limited to 'src/content')
diff --git a/src/content/DocumentCSP.js b/src/content/DocumentCSP.js
index 7632ce7..ade9013 100644
--- a/src/content/DocumentCSP.js
+++ b/src/content/DocumentCSP.js
@@ -25,11 +25,11 @@ class DocumentCSP {
try {
parent.insertBefore(meta, parent.firstChild);
- debug(`Failsafe CSP inserted in the DOM: "%s"`, header.value);
+ debug(`Failsafe CSP inserted in %s: "%s"`, document.URL, header.value);
meta.remove();
if (!head) parent.remove();
} catch (e) {
- error(e, "Error inserting CSP %s in the DOM", header && header.value);
+ error(e, "Error inserting CSP %s in %s", document.URL, header && header.value);
}
}
diff --git a/src/content/staticNS.js b/src/content/staticNS.js
index 6002bfd..0cd254c 100644
--- a/src/content/staticNS.js
+++ b/src/content/staticNS.js
@@ -51,7 +51,9 @@
// to store per-tab information, erasing it as soon as we see it
// (before any content can access it)
- if (this.config.MARKER = MARKER) {
+ let checkUnrestricted = challenge => sha256(`${MARKER}:${challenge}`);
+
+ if ((this.config.MARKER = MARKER) && permissions) {
let cookieRx = new RegExp(`(?:^|;\\s*)(${MARKER}(?:_\\d+){2})=([^;]*)`);
let match = document.cookie.match(cookieRx);
if (match) {
@@ -63,9 +65,21 @@
} catch (e) {
error(e);
}
+ } else if (window !== window.top) {
+ // The cookie hack won't work for non-HTTP subframes (issue #48),
+ // or the cookie might have been deleted in a race condition,
+ // so here we try to check the parent
+ let checkParent = parent.wrappedJSObject.checkNoScriptUnrestricted;
+ if (checkParent) {
+ let challenge = uuid();
+ let unrestricted = checkParent(challenge) === checkUnrestricted(challenge);
+ this.config.tabInfo = {unrestricted, inherited: true};
+ }
}
}
+
if (!this.config.permissions || this.config.tabInfo.unrestricted) {
+ exportFunction(checkUnrestricted, window, {defineAs: "checkNoScriptUnrestricted"});
debug("%s is loading unrestricted by user's choice (%o).", document.URL, this.config);
this.allows = () => true;
this.capabilities = Object.assign(
--
cgit v1.2.3