[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Don't modify allowed inline scripts, to avoid breaking CSP
From: |
Andreas Gattringer |
Subject: |
[PATCH] Don't modify allowed inline scripts, to avoid breaking CSP |
Date: |
Mon, 26 Aug 2024 11:08:22 +0000 |
This patch fixes LibreJS breaking CSP of accepted inline scripts,
---
main_background.js | 11 ++---------
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/main_background.js b/main_background.js
index 87b80ae..ea6909b 100644
--- a/main_background.js
+++ b/main_background.js
@@ -383,10 +383,7 @@ async function
checkScriptAndUpdateReport(scriptSrc, url, tabId, whitelisted, is
: 'Address whitelisted by user';
addReportEntry(tabId, { 'whitelisted': [site || url, reason], url
});
}
- if (scriptSrc.startsWith('javascript:') || passAccWlist)
- return scriptSrc;
- else
- return `/* LibreJS: script whitelisted by user preference.
*/\n${scriptSrc}`;
+ return scriptSrc;
}
const [accepted, editedSource, reason] =
listManager.builtInHashes.has(hash(scriptSrc)) ? [true, scriptSrc,
'Common script known to be free software.'] :
checkLib.checkScriptSource(scriptSrc, scriptName, isExternal);
@@ -407,10 +404,7 @@ async function
checkScriptAndUpdateReport(scriptSrc, url, tabId, whitelisted, is
}
case 'whitelisted':
case 'accepted':
- {
- return (scriptSrc.startsWith('javascript:') || passAccWlist)
- ? scriptSrc : `/* LibreJS: script ${actionType} by user.
*/\n${scriptSrc}`;
- }
+ return scriptSrc;
// blocked
default: {
return scriptSrc.startsWith('javascript:')
@@ -778,7 +772,6 @@ async function checkInlineScripts(html, documentUrl,
tabId, htmlDoc, dejaVu) {
} else {
const url =
`view-source:${documentUrl}#line${line}(<SCRIPT>)\n${source}`;
const edited = await checkScriptAndUpdateReport(source, url,
tabId, false);
- editedSource = edited.trim();
dejaVu.set(url, editedSource);
}
if (editedSource) {
--
2.46.0
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [PATCH] Don't modify allowed inline scripts, to avoid breaking CSP,
Andreas Gattringer <=