Better cross-browser media handling.
This commit is contained in:
parent
d802bf226f
commit
b73b590964
4
build.sh
4
build.sh
|
@ -140,9 +140,9 @@ ln -fs $XPI.xpi "$BASE/latest.xpi"
|
|||
# create chromium pre-release
|
||||
rm -rf "$CHROMIUM"
|
||||
strip_rc_ver "$MANIFEST_OUT"
|
||||
# skip "application" manifest key
|
||||
# skip "application" manifest key and embeddingDocument.js
|
||||
(grep -B1000 '"name": "NoScript"' "$MANIFEST_OUT"; \
|
||||
grep -A2000 '"version":' "$MANIFEST_OUT") > "$MANIFEST_OUT".tmp && \
|
||||
grep -A2000 '"version":' "$MANIFEST_OUT" | grep -v 'content/embeddingDocument.js') > "$MANIFEST_OUT".tmp && \
|
||||
mv "$MANIFEST_OUT.tmp" "$MANIFEST_OUT"
|
||||
mv "$BUILD" "$CHROMIUM"
|
||||
web-ext $CHROMIUM_BUILD_OPTS --source-dir="$CHROMIUM" --artifacts-dir="$WEBEXT_OUT" $COMMON_BUILD_OPTS
|
||||
|
|
|
@ -113,12 +113,14 @@ window.addEventListener("pageshow", notifyPage);
|
|||
let violations = new Set();
|
||||
window.addEventListener("securitypolicyviolation", e => {
|
||||
if (!e.isTrusted) return;
|
||||
let {violatedDirective} = e;
|
||||
let {violatedDirective, originalPolicy} = e;
|
||||
if (violatedDirective === `script-src 'none'`) onScriptDisabled();
|
||||
|
||||
let type = violatedDirective.split("-", 1)[0]; // e.g. script-src 'none' => script
|
||||
let url = e.blockedURI;
|
||||
if (/^data\b/.test(url) && !document.querySelector("video,audio")) return;
|
||||
if (type === "media" && /^data\b/.test(url) && (!CSP.isMediaBlocker(originalPolicy) ||
|
||||
ns.embeddingDocument || !document.querySelector("video,audio")))
|
||||
return;
|
||||
if (!(url && url.includes(":"))) {
|
||||
url = document.URL;
|
||||
}
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
if (ns.embeddingDocument) {
|
||||
|
||||
let replace = () => {
|
||||
for (let policyType of ["object", "media"]) {
|
||||
let request = {
|
||||
|
@ -23,8 +24,9 @@ if (ns.embeddingDocument) {
|
|||
}
|
||||
}
|
||||
};
|
||||
|
||||
ns.on("capabilities", () => {
|
||||
if (!document.body.firstChild) { // we've been called early
|
||||
if (!(document.body && document.body.firstChild)) { // we've been called early
|
||||
setTimeout(replace, 0);
|
||||
let types = {
|
||||
// Reminder: order is important because media matches also for
|
||||
|
|
|
@ -35,8 +35,8 @@ if ("MediaSource" in window) {
|
|||
}
|
||||
let processedURIs = new Set();
|
||||
addEventListener("securitypolicyviolation", e => {
|
||||
let {blockedURI, violatedDirective} = e;
|
||||
if (!(e.isTrusted && violatedDirective.startsWith("media-src"))) return;
|
||||
let {blockedURI, violatedDirective, originalPolicy} = e;
|
||||
if (!(e.isTrusted && violatedDirective === "media-src" && CSP.isMediaBlocker(originalPolicy))) return;
|
||||
if (mediaBlocker === undefined && /^data\b/.test(blockedURI)) { // Firefox 81 reports just "data"
|
||||
debug("mediaBlocker set via CSP listener.")
|
||||
mediaBlocker = true;
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
"use strict";
|
||||
|
||||
class CSP {
|
||||
static isMediaBlocker(csp) {
|
||||
return /(?:^| )media-src (?:'none'|http)(?:;|$)/.test(csp);
|
||||
}
|
||||
|
||||
build(...directives) {
|
||||
return directives.join(';');
|
||||
|
|
Loading…
Reference in New Issue