blob: cc1be72452684f9b83723b8d71304df3d310e2f8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
"use strict";
function CapsCSP(baseCSP = new CSP()) {
return Object.assign(baseCSP, {
types: ["script", "object", "media", "font"],
dataUriTypes: ["font", "media", "object"],
buildFromCapabilities(capabilities, blockHttp = false) {
let forbidData = new Set(this.dataUriTypes.filter(t => !capabilities.has(t)));
let blockedTypes = new Set(this.types.filter(t => !capabilities.has(t)));
if(!capabilities.has("script")) {
blockedTypes.add("worker");
if (!blockedTypes.has("object")) {
// data: URIs loaded in objects may run scripts
blockedTypes.add({name: "object", value: "http:"});
}
}
if (!blockHttp) {
// HTTP is blocked in onBeforeRequest, let's allow it only and block
// for instance data: and blob: URIs
for (let type of this.dataUriTypes) {
if (blockedTypes.delete(type)) {
blockedTypes.add({name: type, value: "http:"});
}
}
}
return blockedTypes.size ? this.buildBlocker(...blockedTypes) : null;
}
});
}
|