Further refresh syntax parsing leniency (thanks insertscript).

This commit is contained in:
hackademix 2020-03-25 14:58:34 +01:00
parent f101661175
commit 24aedad38c
2 changed files with 2 additions and 2 deletions

View File

@ -37,7 +37,7 @@ function ReportingCSP(reportURI, reportGroup) {
} else if (blocker && /^(Location|Refresh)$/i.test(h.name)) {
// neutralize any HTTP redirection to data: URLs, like Chromium
let url = /^R/i.test(h.name)
? h.value.replace(/^[^,;]*[,;]\W*url[^=]*=[^!#$%&()*+,/:;=?@[\]\w.,~-]*/i, "") : h.value;
? h.value.replace(/^[^,;]*[,;](?:\W*url[^=]*=)?[^!#$%&()*+,/:;=?@[\]\w.,~-]*/i, "") : h.value;
if (/^data:/i.test(url)) {
h.value = h.value.slice(0, -url.length) + "data:";
}

View File

@ -118,7 +118,7 @@ notifyPage();
addEventListener("DOMContentLoaded", e => {
if (ns.canScript) return;
for (let m of document.querySelectorAll("meta[http-equiv=refresh]")) {
if (/^[^,;]*[,;]\W*url[^=]*=[^!#$%&()*+,/:;=?@[\]\w.,~-]*data:/i.test(m.getAttribute("content"))) {
if (/^[^,;]*[,;](?:\W*url[^=]*=)?[^!#$%&()*+,/:;=?@[\]\w.,~-]*data:/i.test(m.getAttribute("content"))) {
let url = m.getAttribute("content").replace(/.*?(?=data:)/i, "");
log(`Blocking refresh to ${url}`);
window.stop();