Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix CSP violation reporting management of "fake" blocked-uri like "eval".

This commit is contained in:
hackademix 2019-09-30 07:33:22 +02:00
parent 6c60ab2710
commit f9f116e65c
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/bg/RequestGuard.js
View File

@ -443,7 +443,7 @@ var RequestGuard = (() => {
let blockedURI = report['blocked-uri']; let blockedURI = report['blocked-uri'];
if (blockedURI && blockedURI !== 'self') { if (blockedURI && blockedURI !== 'self') {
let r = fakeRequestFromCSP(report, request); let r = fakeRequestFromCSP(report, request);
if (r.url === 'inline') r.url = request.documentUrl; if (!/:/.test(r.url)) r.url = request.documentUrl;
Content.reportTo(r, false, policyTypesMap[r.type]); Content.reportTo(r, false, policyTypesMap[r.type]);
TabStatus.record(r, "blocked"); TabStatus.record(r, "blocked");
} else if (report["violated-directive"] === "script-src" && /; script-src 'none'/.test(report["original-policy"])) { } else if (report["violated-directive"] === "script-src" && /; script-src 'none'/.test(report["original-policy"])) {