From 103324e5d2ea5ac2ea589a44b822a997ff503be3 Mon Sep 17 00:00:00 2001 From: hackademix Date: Mon, 9 Jul 2018 01:36:28 +0200 Subject: [PATCH] More graceful handling of internal and restricted URLs. --- src/bg/RequestGuard.js | 6 ++++-- src/ui/popup.js | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/bg/RequestGuard.js b/src/bg/RequestGuard.js index dcb79a7..d7994f1 100644 --- a/src/bg/RequestGuard.js +++ b/src/bg/RequestGuard.js @@ -314,6 +314,7 @@ var RequestGuard = (() => { const ABORT = {cancel: true}, ALLOW = {}; + const INTERNAL_SCHEME = /^(?:chrome|resource|moz-extension|about):/; const listeners = { onBeforeRequest(request) { try { @@ -324,7 +325,7 @@ var RequestGuard = (() => { let {url, originUrl, documentUrl} = request; if (("fetch" === policyType || "frame" === policyType) && (url === originUrl && originUrl === documentUrl || - /^(?:chrome|resource|moz-extension|about):/.test(originUrl)) + INTERNAL_SCHEME.test(originUrl)) ) { // livemark request or similar browser-internal, always allow; return ALLOW; @@ -334,7 +335,8 @@ var RequestGuard = (() => { request._dataUrl = url; request.url = url = documentUrl; } - let allowed = !ns.isEnforced(request.tabId) || + let allowed = INTERNAL_SCHEME.test(url) || + !ns.isEnforced(request.tabId) || policy.can(url, policyType, originUrl); Content.reportTo(request, allowed, policyType); diff --git a/src/ui/popup.js b/src/ui/popup.js index 8ca4f44..059e3df 100644 --- a/src/ui/popup.js +++ b/src/ui/popup.js @@ -130,10 +130,14 @@ addEventListener("unload", e => { } catch (e) { error(e, "Could not run scripts on %s: privileged page?", tab.url); } - if (!isHttp) { + + await include("/lib/restricted.js"); + let isRestricted = isRestrictedURL(tab.url); + if (!isHttp || isRestricted) { showMessage("warning", _("privilegedPage")); let tempTrust = document.getElementById("temp-trust-page"); tempTrust.disabled = true; + return; } if (!UI.seen) { if (!isHttp) return;