Safari: inline-script blocking!

This commit is contained in:
Chris 2015-04-22 19:32:54 -06:00
parent 82b97760db
commit 82118cb075
2 changed files with 13 additions and 5 deletions

View File

@ -700,10 +700,10 @@
// Until Safari has more specific events, those are instead handled // Until Safari has more specific events, those are instead handled
// in the onBeforeRequestAdapter; clean them up so they're garbage-collected // in the onBeforeRequestAdapter; clean them up so they're garbage-collected
vAPI.net.onBeforeSendHeaders = null; vAPI.net.onBeforeSendHeaders = null;
vAPI.net.onHeadersReceived = null;
var onBeforeRequest = vAPI.net.onBeforeRequest, var onBeforeRequest = vAPI.net.onBeforeRequest,
onBeforeRequestClient = onBeforeRequest.callback, onBeforeRequestClient = onBeforeRequest.callback,
onHeadersReceivedClient = vAPI.net.onHeadersReceived.callback,
blockableTypes = onBeforeRequest.types; blockableTypes = onBeforeRequest.types;
var onBeforeRequestAdapter = function(e) { var onBeforeRequestAdapter = function(e) {
@ -719,9 +719,10 @@
}); });
e.message.hostname = µb.URI.hostnameFromURI(e.message.url); e.message.hostname = µb.URI.hostnameFromURI(e.message.url);
e.message.tabId = vAPI.tabs.getTabId(e.target); e.message.tabId = vAPI.tabs.getTabId(e.target);
var blockVerdict = onBeforeRequestClient(e.message); e.message.responseHeaders = [];
if(blockVerdict && blockVerdict.redirectUrl) { onBeforeRequestClient(e.message);
e.target.url = blockVerdict.redirectUrl; var blockVerdict = onHeadersReceivedClient(e.message);
if(blockVerdict && blockVerdict.responseHeaders) {
e.message = false; e.message = false;
} }
else { else {

View File

@ -174,8 +174,9 @@
} }
// Inform that we've navigated // Inform that we've navigated
var shouldBlockScript = false;
if(frameId === 0) { if(frameId === 0) {
safari.self.tab.canLoad(beforeLoadEvent, { shouldBlockScript = !safari.self.tab.canLoad(beforeLoadEvent, {
url: location.href, url: location.href,
type: "main_frame" type: "main_frame"
}); });
@ -225,6 +226,12 @@
var firstMutation = function() { var firstMutation = function() {
document.removeEventListener("DOMContentLoaded", firstMutation, true); document.removeEventListener("DOMContentLoaded", firstMutation, true);
firstMutation = false; firstMutation = false;
if(shouldBlockScript) {
var meta = document.createElement('meta');
meta.setAttribute("http-equiv", "content-security-policy");
meta.setAttribute("content", "script-src 'unsafe-eval' *");
}
document.documentElement.insertBefore(meta, document.documentElement.firstChild);
document.addEventListener(vAPI.sessionId, function(e) { document.addEventListener(vAPI.sessionId, function(e) {
if(shouldBlockDetailedRequest(e.detail)) { if(shouldBlockDetailedRequest(e.detail)) {
e.detail.url = false; e.detail.url = false;