Prevent ANY redirection to data: URIs in documents.
This commit is contained in:
parent
9b3a12f9a3
commit
5aff2e1d83
|
@ -35,11 +35,11 @@ function ReportingCSP(reportURI, reportGroup) {
|
|||
h.name === REPORT_TO.name && h.value === REPORT_TO.value) {
|
||||
needsReportTo = false;
|
||||
} else if (blocker && /^(Location|Refresh)$/i.test(h.name)) {
|
||||
// neutralize any HTTP redirection to data: URLs, like Chromium
|
||||
let url = /^R/i.test(h.name)
|
||||
? h.value.replace(/^[^,;]*[,;]url[^\w=]*=\s*/i, "") : h.value;
|
||||
let patched = CSP.patchDataURI(url, blocker);
|
||||
if (patched !== url) {
|
||||
h.value = h.value.slice(0, -url.length) + patched;
|
||||
if (/^data:/i.test(url)) {
|
||||
h.value = h.value.slice(0, -url.length) + "data:";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -114,3 +114,14 @@ ns.on("capabilities", () => {
|
|||
|
||||
ns.fetchPolicy();
|
||||
notifyPage();
|
||||
|
||||
addEventListener("DOMContentLoaded", e => {
|
||||
if (ns.canScript) return;
|
||||
for (let m of document.querySelectorAll("meta[http-equiv=refresh]")) {
|
||||
if (/^[^,;]*[,;]url[^\w=]*=\s*data:/.test(m.getAttribute("content"))) {
|
||||
let url = m.getAttribute("content").replace(/.*?(?=data:)/, "");
|
||||
log(`Blocking refresh to ${url}`);
|
||||
window.stop();
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
|
@ -22,7 +22,7 @@ class CSP {
|
|||
CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type) && type !== "application/xhtml+xml";
|
||||
CSP.headerName = "content-security-policy";
|
||||
CSP.patchDataURI = (uri, blocker) => {
|
||||
let parts = /^data:(?:[^,;]*ml)(;[^,]*)?,/i.exec(uri);
|
||||
let parts = /^data:(?:[^,;]*ml|unknown-content-type)(;[^,]*)?,/i.exec(uri);
|
||||
if (!(blocker && parts)) {
|
||||
// not an interesting data: URI, return as it is
|
||||
return uri;
|
||||
|
@ -33,6 +33,6 @@ CSP.patchDataURI = (uri, blocker) => {
|
|||
}
|
||||
// It's a HTML/XML page, let's prepend our CSP blocker to the document
|
||||
let patch = parts[0] + encodeURIComponent(
|
||||
`<meta http-equiv="${CSP.headerName}" content="${blocker}">`);
|
||||
`<meta http-equiv="${CSP.headerName}" content="${blocker}"/>`);
|
||||
return uri.startsWith(patch) ? uri : patch + uri.substring(parts[0].length);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue