Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Better cross-browser media handling.

This commit is contained in:
hackademix 2020-09-28 23:21:33 +02:00
parent d802bf226f
commit b73b590964
5 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
build.sh
View File

@ -19,7 +19,7 @@ strip_rc_ver() {
VER=$(grep '"version":' "$MANIFEST_IN" | sed -re 's/.*": "(.*?)".*/\1/') VER=$(grep '"version":' "$MANIFEST_IN" | sed -re 's/.*": "(.*?)".*/\1/')
if [ "$1" == "tag" ]; then if [ "$1" == "tag" ]; then
echo "Tagging at $VER" echo "Tagging at $VER"
git tag -a "$VER" git tag -a "$VER"
git push origin "$VER" git push origin "$VER"
exit 0 exit 0
fi fi
@ -140,9 +140,9 @@ ln -fs $XPI.xpi "$BASE/latest.xpi"
# create chromium pre-release # create chromium pre-release
rm -rf "$CHROMIUM" rm -rf "$CHROMIUM"
strip_rc_ver "$MANIFEST_OUT" strip_rc_ver "$MANIFEST_OUT"
# skip "application" manifest key # skip "application" manifest key and embeddingDocument.js
(grep -B1000 '"name": "NoScript"' "$MANIFEST_OUT"; \ (grep -B1000 '"name": "NoScript"' "$MANIFEST_OUT"; \
grep -A2000 '"version":' "$MANIFEST_OUT") > "$MANIFEST_OUT".tmp && \ grep -A2000 '"version":' "$MANIFEST_OUT" | grep -v 'content/embeddingDocument.js') > "$MANIFEST_OUT".tmp && \
mv "$MANIFEST_OUT.tmp" "$MANIFEST_OUT" mv "$MANIFEST_OUT.tmp" "$MANIFEST_OUT"
mv "$BUILD" "$CHROMIUM" mv "$BUILD" "$CHROMIUM"
web-ext $CHROMIUM_BUILD_OPTS --source-dir="$CHROMIUM" --artifacts-dir="$WEBEXT_OUT" $COMMON_BUILD_OPTS web-ext $CHROMIUM_BUILD_OPTS --source-dir="$CHROMIUM" --artifacts-dir="$WEBEXT_OUT" $COMMON_BUILD_OPTS

6
src/content/content.js
View File

@ -113,12 +113,14 @@ window.addEventListener("pageshow", notifyPage);
let violations = new Set(); let violations = new Set();
window.addEventListener("securitypolicyviolation", e => { window.addEventListener("securitypolicyviolation", e => {
if (!e.isTrusted) return; if (!e.isTrusted) return;
let {violatedDirective} = e; let {violatedDirective, originalPolicy} = e;
if (violatedDirective === `script-src 'none'`) onScriptDisabled(); if (violatedDirective === `script-src 'none'`) onScriptDisabled();
let type = violatedDirective.split("-", 1)[0]; // e.g. script-src 'none' => script let type = violatedDirective.split("-", 1)[0]; // e.g. script-src 'none' => script
let url = e.blockedURI; let url = e.blockedURI;
if (/^data\b/.test(url) && !document.querySelector("video,audio")) return; if (type === "media" && /^data\b/.test(url) && (!CSP.isMediaBlocker(originalPolicy) ||
ns.embeddingDocument || !document.querySelector("video,audio")))
return;
if (!(url && url.includes(":"))) { if (!(url && url.includes(":"))) {
url = document.URL; url = document.URL;
} }

4
src/content/embeddingDocument.js
View File

@ -1,4 +1,5 @@
if (ns.embeddingDocument) { if (ns.embeddingDocument) {
let replace = () => { let replace = () => {
for (let policyType of ["object", "media"]) { for (let policyType of ["object", "media"]) {
let request = { let request = {
@ -23,8 +24,9 @@ if (ns.embeddingDocument) {
} }
} }
}; };
ns.on("capabilities", () => { ns.on("capabilities", () => {
if (!document.body.firstChild) { // we've been called early if (!(document.body && document.body.firstChild)) { // we've been called early
setTimeout(replace, 0); setTimeout(replace, 0);
let types = { let types = {
// Reminder: order is important because media matches also for // Reminder: order is important because media matches also for

4
src/content/media.js
View File

@ -35,8 +35,8 @@ if ("MediaSource" in window) {
} }
let processedURIs = new Set(); let processedURIs = new Set();
addEventListener("securitypolicyviolation", e => { addEventListener("securitypolicyviolation", e => {
let {blockedURI, violatedDirective} = e; let {blockedURI, violatedDirective, originalPolicy} = e;
if (!(e.isTrusted && violatedDirective.startsWith("media-src"))) return; if (!(e.isTrusted && violatedDirective === "media-src" && CSP.isMediaBlocker(originalPolicy))) return;
if (mediaBlocker === undefined && /^data\b/.test(blockedURI)) { // Firefox 81 reports just "data" if (mediaBlocker === undefined && /^data\b/.test(blockedURI)) { // Firefox 81 reports just "data"
debug("mediaBlocker set via CSP listener.") debug("mediaBlocker set via CSP listener.")
mediaBlocker = true; mediaBlocker = true;

3
src/lib/CSP.js
View File

@ -1,6 +1,9 @@
"use strict"; "use strict";
class CSP { class CSP {
static isMediaBlocker(csp) {
return /(?:^| )media-src (?:'none'|http)(?:;|$)/.test(csp);
}
build(...directives) { build(...directives) {
return directives.join(';'); return directives.join(';');