From 515b7cdcfc79549c973bfd6293c94b7842c86396 Mon Sep 17 00:00:00 2001
From: Raymond Hill <rhill@raymondhill.net>
Date: Fri, 15 Feb 2019 07:37:43 -0500
Subject: [PATCH] Use proper embedding context when evluating `inline-script`

Related issue:
- https://github.com/uBlockOrigin/uBlock-issues/issues/422
---
 src/js/traffic.js | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/js/traffic.js b/src/js/traffic.js
index 000f76e14..372e5bd7a 100644
--- a/src/js/traffic.js
+++ b/src/js/traffic.js
@@ -777,14 +777,21 @@ const injectCSP = function(fctxt, pageStore, responseHeaders) {
         if ( loggerEnabled ) {
             fctxt.setRealm('network').setType('scripting').toLogger();
         }
-    } else {
-        fctxt.type = 'inline-script';
-        const result = pageStore.filterRequest(fctxt);
+    }
+    // https://github.com/uBlockOrigin/uBlock-issues/issues/422
+    //   We need to derive a special context for filtering `inline-script`,
+    //   as the embedding document for this "resource" will always be the
+    //   frame itself, not that of the parent of the frame.
+    else {
+        const fctxt2 = fctxt.duplicate();
+        fctxt2.type = 'inline-script';
+        fctxt2.setDocOriginFromURL(fctxt.url);
+        const result = pageStore.filterRequest(fctxt2);
         if ( result === 1 ) {
             builtinDirectives.push("script-src 'unsafe-eval' * blob: data:");
         }
         if ( result !== 0 && loggerEnabled ) {
-            fctxt.setRealm('network').toLogger();
+            fctxt2.setRealm('network').toLogger();
         }
     }