Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Anticipate onScriptDisabled surrogates to first script-src 'none' CSP violation.

This commit is contained in:
hackademix 2020-07-28 23:45:10 +02:00
parent 67d4a97fdc
commit 5d92d1b974
2 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/content/content.js
View File

@ -87,7 +87,10 @@ window.addEventListener("pageshow", notifyPage);
let violations = new Set(); let violations = new Set();
window.addEventListener("securitypolicyviolation", e => { window.addEventListener("securitypolicyviolation", e => {
if (!e.isTrusted) return; if (!e.isTrusted) return;
let type = e.violatedDirective.split("-", 1)[0]; // e.g. script-src 'none' => script let {violatedDirective} = e;
if (violatedDirective === `script-src 'none'`) onScriptDisabled();
let type = violatedDirective.split("-", 1)[0]; // e.g. script-src 'none' => script
let url = e.blockedURI; let url = e.blockedURI;
if (!(url && url.includes(":"))) { if (!(url && url.includes(":"))) {
url = document.URL; url = document.URL;
@ -120,8 +123,7 @@ ns.on("capabilities", () => {
})(); })();
} }
if (document.readyState !== "loading") onScriptDisabled(); onScriptDisabled();
window.addEventListener("DOMContentLoaded", onScriptDisabled);
} }
notifyPage(); notifyPage();

5
src/content/onScriptDisabled.js
View File

@ -1,4 +1,9 @@
function onScriptDisabled() { function onScriptDisabled() {
if (document.readyState === "loading") {
window.addEventListener("DOMContentLoaded", e => onScriptDisabled());
return;
}
onScriptDisabled = () => {};
let refresh = false; let refresh = false;
for (let noscript of document.querySelectorAll("noscript")) { for (let noscript of document.querySelectorAll("noscript")) {
// force show NOSCRIPT elements content // force show NOSCRIPT elements content