Uniformed indexed directory Firefox UI emulation to prevent a script blocking bypass on file:// resources (thanks RyotaK for reporting).
This commit is contained in:
parent
ee876f67c8
commit
4921db70d6
|
@ -19,13 +19,13 @@
|
|||
*/
|
||||
|
||||
if (UA.isMozilla) (() => {
|
||||
// see https://dxr.mozilla.org/mozilla-central/rev/d03b538b6b417ba892d0a92fd693945b741246e1/netwerk/streamconv/converters/nsIndexedToHTML.cpp#381
|
||||
// see https://searchfox.org/mozilla-central/rev/76c1ff5f0de23366fe952ab228610ee695a56e68/netwerk/streamconv/converters/nsIndexedToHTML.cpp#334
|
||||
'use strict';
|
||||
var gTable, gOrderBy, gTBody, gRows, gUI_showHidden;
|
||||
document.addEventListener("DOMContentLoaded", function() {
|
||||
if ("gUI_showHidden" in window.wrappedJSObject || // scripts are enabled
|
||||
!(document.scripts[0] &&
|
||||
/\bgUI_showHidden\b/.test(document.scripts[0].textContent)) // not a FTP dir listing
|
||||
/\bgUI_showHidden\b/.test(document.scripts[0].textContent)) // not a FTP / file:// dir listing
|
||||
) {
|
||||
return;
|
||||
}
|
||||
|
|
|
@ -152,8 +152,10 @@
|
|||
new Set(["script"]), { has() { return true; } });
|
||||
} else {
|
||||
let perms = policy.permissions;
|
||||
if (!perms.capabilities.includes("script") && /^file:\/\/\/(?:[^#?]+\/)?$/.test(document.URL)) {
|
||||
// allow browser UI scripts for directory navigation
|
||||
if (!(UA.isMozilla || perms.capabilities.includes("script")) &&
|
||||
/^file:\/\/\/(?:[^#?]+\/)?$/.test(document.URL)) {
|
||||
// Allow Chromium browser UI scripts for directory navigation
|
||||
// (for Firefox we rely on emulation in content/ftp.js).
|
||||
perms.capabilities.push("script");
|
||||
}
|
||||
this.capabilities = new Set(perms.capabilities);
|
||||
|
|
|
@ -112,18 +112,12 @@
|
|||
"content/content.js"
|
||||
]
|
||||
},
|
||||
{
|
||||
"run_at": "document_start",
|
||||
"matches": ["ftp://*/*"],
|
||||
"js": [
|
||||
"content/ftp.js"
|
||||
]
|
||||
},
|
||||
{
|
||||
"run_at": "document_start",
|
||||
"matches": ["file://*/*", "ftp://*/*"],
|
||||
"all_frames": true,
|
||||
"js": [
|
||||
"content/ftp.js",
|
||||
"lib/DocumentFreezer.js",
|
||||
"content/syncFetchPolicy.js"
|
||||
]
|
||||
|
|
Loading…
Reference in New Issue