Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better origin guess for requests from sandboxed iframes (thanks NDevTK for reporting).

This commit is contained in:
hackademix 2022-08-30 00:34:53 +02:00
parent 96ec2c2a6c
commit aa8962ebb7
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/bg/RequestGuard.js
View File

@ -355,13 +355,29 @@ var RequestGuard = (() => {
return redirected;
}
let normalizeRequest = UA.isMozilla ? () => {} : request => {
let normalizeRequest = request => {
if ("initiator" in request && !("originUrl" in request)) {
if (request.frameId > 0 && request.initiator === "null") {
// Chromium sandboxed frame?
try {
request.initiator = request.originUrl = request.documentUrl = TabCache.get(request.tabId).url;
} catch (e) {}
}
request.originUrl = request.initiator;
if (request.type !== "main_frame" && !("documentUrl" in request)) {
request.documentUrl = request.initiator;
}
}
if ("frameAncestors" in request && (!request.originUrl || request.documentUrl) && request.frameAncestors.length > 0) {
// Gecko sandboxed frame?
for (let f of request.frameAncestors) {
if (f.url !== "null" && !f.url.startsWith("moz-nullprincipal:")) {
request.originUrl = request.documentUrl = f.url;
break;
}
}
}
};
function intersectCapabilities(perms, request) {