Prevent script injection from messing with content-disposition=attachment responses.

This commit is contained in:
hackademix 2018-07-17 12:10:17 +02:00
parent 493d40021a
commit 5a60d58d24
2 changed files with 16 additions and 12 deletions

View File

@ -57,6 +57,21 @@
let {requestId, url, tabId, frameId, statusCode} = request; let {requestId, url, tabId, frameId, statusCode} = request;
if (statusCode >= 300 && statusCode < 400) return; if (statusCode >= 300 && statusCode < 400) return;
if (frameId === 0) {
let key = tabKey(tabId, url);
debug("Checking whether %s is a reloading tab...", key);
if (reloadingTabs.get(key)) {
reloadingTabs.set(key, false); // doom it for removal in cleanup
return;
}
}
let content = this.getContentMetaData(request);
if (content.disposition) {
debug("Skipping execute on start of %s %o", url, content);
return;
}
debug("Injecting script on start in %s (%o)", url, content);
let scripts = pendingRequests.get(requestId); let scripts = pendingRequests.get(requestId);
let scriptKey = JSON.stringify(details); let scriptKey = JSON.stringify(details);
if (!scripts) { if (!scripts) {
@ -67,17 +82,6 @@
return; return;
} }
if (frameId === 0) {
let key = tabKey(tabId, url);
debug("Checking whether %s is a reloading tab...", key);
if (reloadingTabs.get(key)) {
reloadingTabs.set(key, false); // doom it for removal in cleanup
return;
}
}
let content = this.getContentMetaData(request);
debug(url, content.type, content.charset);
if (xmlFeedOrImage.test(content.type) && !/\/svg\b/i.test(content.type)) return; if (xmlFeedOrImage.test(content.type) && !/\/svg\b/i.test(content.type)) return;
if (typeof brokenOnLoad === "undefined") { if (typeof brokenOnLoad === "undefined") {
brokenOnLoad = await (async () => parseInt((await browser.runtime.getBrowserInfo()).version) < 61)(); brokenOnLoad = await (async () => parseInt((await browser.runtime.getBrowserInfo()).version) < 61)();

View File

@ -4,7 +4,7 @@ class ContentMetaData {
let {responseHeaders} = request; let {responseHeaders} = request;
for (let h of responseHeaders) { for (let h of responseHeaders) {
if (/^\s*Content-(Type|Disposition)\s*$/i.test(h.name)) { if (/^\s*Content-(Type|Disposition)\s*$/i.test(h.name)) {
this[h.name.split("-")[1].trim().toLowerCase()] = h.value; this[RegExp.$1.toLowerCase()] = h.value;
} }
} }
} }