Mirrors/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-05 18:32:30 +01:00
Code Issues Releases Wiki Activity

Use proper embedding context when evluating inline-script

Browse Source 
Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/422
This commit is contained in:
Raymond Hill 2019-02-15 07:37:43 -05:00
parent acda682153
commit 515b7cdcfc
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/js/traffic.js
View File

@ -777,14 +777,21 @@ const injectCSP = function(fctxt, pageStore, responseHeaders) {
if ( loggerEnabled ) {
fctxt.setRealm('network').setType('scripting').toLogger();
}
} else {
fctxt.type = 'inline-script';
const result = pageStore.filterRequest(fctxt);
}
// https://github.com/uBlockOrigin/uBlock-issues/issues/422
// We need to derive a special context for filtering `inline-script`,
// as the embedding document for this "resource" will always be the
// frame itself, not that of the parent of the frame.
else {
const fctxt2 = fctxt.duplicate();
fctxt2.type = 'inline-script';
fctxt2.setDocOriginFromURL(fctxt.url);
const result = pageStore.filterRequest(fctxt2);
if ( result === 1 ) {
builtinDirectives.push("script-src 'unsafe-eval' * blob: data:");
}
if ( result !== 0 && loggerEnabled ) {
fctxt.setRealm('network').toLogger();
fctxt2.setRealm('network').toLogger();
}
}