bug-librejs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Don't modify allowed inline scripts, to avoid breaking CSP


From: Andreas Gattringer
Subject: [PATCH] Don't modify allowed inline scripts, to avoid breaking CSP
Date: Mon, 26 Aug 2024 11:08:22 +0000

This patch fixes LibreJS breaking CSP of accepted inline scripts,

---
 main_background.js | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/main_background.js b/main_background.js
index 87b80ae..ea6909b 100644
--- a/main_background.js
+++ b/main_background.js
@@ -383,10 +383,7 @@ async function checkScriptAndUpdateReport(scriptSrc, url, tabId, whitelisted, is
         : 'Address whitelisted by user';
addReportEntry(tabId, { 'whitelisted': [site || url, reason], url });
     }
-    if (scriptSrc.startsWith('javascript:') || passAccWlist)
-      return scriptSrc;
-    else
- return `/* LibreJS: script whitelisted by user preference. */\n${scriptSrc}`;
+    return scriptSrc;
   }

const [accepted, editedSource, reason] = listManager.builtInHashes.has(hash(scriptSrc)) ? [true, scriptSrc, 'Common script known to be free software.'] : checkLib.checkScriptSource(scriptSrc, scriptName, isExternal); @@ -407,10 +404,7 @@ async function checkScriptAndUpdateReport(scriptSrc, url, tabId, whitelisted, is
     }
     case 'whitelisted':
     case 'accepted':
-      {
-        return (scriptSrc.startsWith('javascript:') || passAccWlist)
- ? scriptSrc : `/* LibreJS: script ${actionType} by user. */\n${scriptSrc}`;
-      }
+      return scriptSrc;
     // blocked
     default: {
       return scriptSrc.startsWith('javascript:')
@@ -778,7 +772,6 @@ async function checkInlineScripts(html, documentUrl, tabId, htmlDoc, dejaVu) {
       } else {
const url = `view-source:${documentUrl}#line${line}(<SCRIPT>)\n${source}`; const edited = await checkScriptAndUpdateReport(source, url, tabId, false);
-        editedSource = edited.trim();
         dejaVu.set(url, editedSource);
       }
       if (editedSource) {
--
2.46.0




reply via email to

[Prev in Thread] Current Thread [Next in Thread]