Document freezing to handle SVG and other XML documents impervious to CSP on Mozilla.

2020-09-03 13:19:08 +02:00 · 2020-09-03 13:19:08 +02:00 · 8518443e3d
parent 1c76173df2
commit 8518443e3d
5 changed files with 160 additions and 105 deletions
--- a/build.sh
+++ b/build.sh
@ -71,8 +71,8 @@ fi

 if ./html5_events/html5_events.pl; then
  # update full event list as an array in src/content/syncFetchPolicy.js
-  EVENTS=$(egrep '^on[a-z]+$' html5_events/html5_events_archive.txt | sed "s/^on//;s/.*/'&'/;H;1h;"'$!d;x;s/\n/, /g');
-  perl -pi -e 's/(\blet eventTypes\s*=\s*)\[.*?\]/$1['"$EVENTS"']/' src/content/syncFetchPolicy.js
+  EVENTS=$(grep '^on[a-z]\+$' html5_events/html5_events_archive.txt | sed "s/^on//;s/.*/'&'/;H;1h;"'$!d;x;s/\n/, /g');
+  perl -pi -e 's/(\bconst eventTypes\s*=\s*)\[.*?\]/$1['"$EVENTS"']/' src/lib/DocumentFreezer.js
 fi

 rm -rf "$BUILD" "$XPI"
--- a/src/content/DocumentCSP.js
+++ b/src/content/DocumentCSP.js
@ -3,7 +3,6 @@ class DocumentCSP {
  constructor(document) {
    this.document = document;
    this.builder = new CapsCSP();
-    this.root = document.documentElement;
  }

  apply(capabilities, embedding = CSP.isEmbedType(this.document.contentType)) {
@ -17,10 +16,7 @@ class DocumentCSP {
        debug("Fallback beforexecutescript listener blocked ", e.target);
      }, true);
    }
-    if (!(document instanceof HTMLDocument)) {
-      // this is not HTML, hence we cannot inject a <meta> CSP
-      return false;
-    }
+
    let csp = this.builder;
    let blocker = csp.buildFromCapabilities(capabilities, embedding);
    if (!blocker) return true;
@ -35,10 +31,7 @@ class DocumentCSP {
    let root = document.documentElement;

    let {head} = document;
-    let parent = head ||
-      (root instanceof HTMLElement
-        ? document.documentElement.appendChild(createHTMLElement("head"))
-        : root);
+    let parent = head || document.documentElement.appendChild(createHTMLElement("head"))

    try {
      parent.insertBefore(meta, parent.firstElementChild);
--- a/src/content/syncFetchPolicy.js
+++ b/src/content/syncFetchPolicy.js
--- a/src/lib/DocumentFreezer.js
+++ b/src/lib/DocumentFreezer.js
--- a/src/manifest.json
+++ b/src/manifest.json
@ -77,6 +77,7 @@
      "run_at": "document_start",
      "matches": ["file://*/*", "ftp://*/*"],
      "js": [
+        "lib/DocumentFreezer.js",
        "content/syncFetchPolicy.js"
      ]
    },