More graceful handling of internal and restricted URLs.

2018-07-09 01:36:28 +02:00 · 2018-07-09 01:36:28 +02:00 · 103324e5d2
parent 5217db79ce
commit 103324e5d2
2 changed files with 9 additions and 3 deletions
--- a/src/bg/RequestGuard.js
+++ b/src/bg/RequestGuard.js
@ -314,6 +314,7 @@ var RequestGuard = (() => {


  const ABORT = {cancel: true}, ALLOW = {};
+  const INTERNAL_SCHEME = /^(?:chrome|resource|moz-extension|about):/;
  const listeners = {
    onBeforeRequest(request) {
      try {
@ -324,7 +325,7 @@ var RequestGuard = (() => {
          let {url, originUrl, documentUrl} = request;
          if (("fetch" === policyType || "frame" === policyType) &&
            (url === originUrl && originUrl === documentUrl ||
-              /^(?:chrome|resource|moz-extension|about):/.test(originUrl))
+              INTERNAL_SCHEME.test(originUrl))
          ) {
            // livemark request or similar browser-internal, always allow;
            return ALLOW;
@ -334,7 +335,8 @@ var RequestGuard = (() => {
            request._dataUrl = url;
            request.url = url = documentUrl;
          }
-          let allowed = !ns.isEnforced(request.tabId) ||
+          let allowed = INTERNAL_SCHEME.test(url) ||
+            !ns.isEnforced(request.tabId) ||
            policy.can(url, policyType, originUrl);
          Content.reportTo(request, allowed, policyType);

--- a/src/ui/popup.js
+++ b/src/ui/popup.js
@ -130,10 +130,14 @@ addEventListener("unload", e => {
      } catch (e) {
        error(e, "Could not run scripts on %s: privileged page?", tab.url);
      }
-      if (!isHttp) {
+
+      await include("/lib/restricted.js");
+      let isRestricted = isRestrictedURL(tab.url);
+      if (!isHttp || isRestricted) {
        showMessage("warning", _("privilegedPage"));
        let tempTrust = document.getElementById("temp-trust-page");
        tempTrust.disabled = true;
+        return;
      }
      if (!UI.seen) {
        if (!isHttp) return;