Anticipate onScriptDisabled surrogates to first script-src 'none' CSP violation.

2020-07-28 23:45:10 +02:00 · 2020-07-28 23:45:10 +02:00 · 5d92d1b974
parent 67d4a97fdc
commit 5d92d1b974
2 changed files with 10 additions and 3 deletions
--- a/src/content/content.js
+++ b/src/content/content.js
@ -87,7 +87,10 @@ window.addEventListener("pageshow", notifyPage);
 let violations = new Set();
 window.addEventListener("securitypolicyviolation", e => {
  if (!e.isTrusted) return;
-  let type = e.violatedDirective.split("-", 1)[0]; // e.g. script-src 'none' => script
+  let {violatedDirective} = e;
+  if (violatedDirective === `script-src 'none'`) onScriptDisabled();
+
+  let type = violatedDirective.split("-", 1)[0]; // e.g. script-src 'none' => script
  let url = e.blockedURI;
  if (!(url && url.includes(":"))) {
    url = document.URL;
@ -120,8 +123,7 @@ ns.on("capabilities", () => {
      })();
    }

-    if (document.readyState !== "loading") onScriptDisabled();
-    window.addEventListener("DOMContentLoaded", onScriptDisabled);
+    onScriptDisabled();
  }

  notifyPage();
--- a/src/content/onScriptDisabled.js
+++ b/src/content/onScriptDisabled.js
@ -1,4 +1,9 @@
 function onScriptDisabled() {
+  if (document.readyState === "loading") {
+    window.addEventListener("DOMContentLoaded", e => onScriptDisabled());
+    return;
+  }
+  onScriptDisabled = () => {};
  let refresh = false;
  for (let noscript of document.querySelectorAll("noscript")) {
    // force show NOSCRIPT elements content