From c94cd48752485bc2abc207c590aa8afce4d3b240 Mon Sep 17 00:00:00 2001 From: hackademix Date: Wed, 5 Dec 2018 09:35:42 +0100 Subject: Fixed placeholders missing for some blocked embeddings (Tor ticket #28720). --- src/lib/CSP.js | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/lib/CSP.js b/src/lib/CSP.js index 79590bc..666f4a1 100644 --- a/src/lib/CSP.js +++ b/src/lib/CSP.js @@ -1,23 +1,23 @@ "use strict"; class CSP { - + build(...directives) { return directives.join(';'); } - + buildBlocker(...types) { return this.build(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`))); } - + blocks(header, type) { return `;${header};`.includes(`;${type}-src 'none';`) } - + asHeader(value) { return {name: CSP.headerName, value}; } } -CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type); +CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type) && type !== "application/xhtml+xml"; CSP.headerName = "content-security-policy"; -- cgit v1.2.3