Safari: inline-script blocking!

This commit is contained in:
Chris 2015-04-22 19:32:54 -06:00
parent 82b97760db
commit 82118cb075
2 changed files with 13 additions and 5 deletions

View File

@ -700,10 +700,10 @@
// Until Safari has more specific events, those are instead handled
// in the onBeforeRequestAdapter; clean them up so they're garbage-collected
vAPI.net.onBeforeSendHeaders = null;
vAPI.net.onHeadersReceived = null;
var onBeforeRequest = vAPI.net.onBeforeRequest,
onBeforeRequestClient = onBeforeRequest.callback,
onHeadersReceivedClient = vAPI.net.onHeadersReceived.callback,
blockableTypes = onBeforeRequest.types;
var onBeforeRequestAdapter = function(e) {
@ -719,9 +719,10 @@
});
e.message.hostname = µb.URI.hostnameFromURI(e.message.url);
e.message.tabId = vAPI.tabs.getTabId(e.target);
var blockVerdict = onBeforeRequestClient(e.message);
if(blockVerdict && blockVerdict.redirectUrl) {
e.target.url = blockVerdict.redirectUrl;
e.message.responseHeaders = [];
onBeforeRequestClient(e.message);
var blockVerdict = onHeadersReceivedClient(e.message);
if(blockVerdict && blockVerdict.responseHeaders) {
e.message = false;
}
else {

View File

@ -174,8 +174,9 @@
}
// Inform that we've navigated
var shouldBlockScript = false;
if(frameId === 0) {
safari.self.tab.canLoad(beforeLoadEvent, {
shouldBlockScript = !safari.self.tab.canLoad(beforeLoadEvent, {
url: location.href,
type: "main_frame"
});
@ -225,6 +226,12 @@
var firstMutation = function() {
document.removeEventListener("DOMContentLoaded", firstMutation, true);
firstMutation = false;
if(shouldBlockScript) {
var meta = document.createElement('meta');
meta.setAttribute("http-equiv", "content-security-policy");
meta.setAttribute("content", "script-src 'unsafe-eval' *");
}
document.documentElement.insertBefore(meta, document.documentElement.firstChild);
document.addEventListener(vAPI.sessionId, function(e) {
if(shouldBlockDetailedRequest(e.detail)) {
e.detail.url = false;