Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ensure we remove the HEAD element parent of our META CSP policy only if we created it.

This commit is contained in:
hackademix 2018-09-04 22:43:00 +02:00
parent 1814bfa03d
commit f95f7b809d
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/content/DocumentCSP.js
View File

@ -19,7 +19,8 @@ class DocumentCSP {
let meta = createHTMLElement("meta");
meta.setAttribute("http-equiv", header.name);
meta.setAttribute("content", header.value);
let parent = document.head ||
let {head} = document;
let parent = head ||
document.documentElement.appendChild(createHTMLElement("head"));
try {
@ -27,7 +28,7 @@ class DocumentCSP {
debug(`Failsafe <meta> CSP inserted in the DOM: "%s"`, header.value);
if (capabilities.has("script")) {
meta.remove();
if (!parent.firstChild) parent.remove();
if (!head) parent.remove();
}
} catch (e) {
error(e, "Error inserting CSP %s in the DOM", header && header.value);