Mirrors/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2024-07-08 12:57:57 +02:00
Code Issues Releases Wiki Activity

Add virtuous signal that remote code execution is not possible

Browse Source 
Related Chromium issue:
- https://bugs.chromium.org/p/chromium/issues/detail?id=985759

By expressly restricting JavaScript execution to only code
from the extension package, this explicitly tells code reviewer
that uBO can't execute remote code.

I also had to add `object-src 'self'`, otherwise Chromium
refused to load the extension with the following error message:

> 'content_security_policy': CSP directive 'object-src' must be specified

`object-src 'self'` is the default value.
This commit is contained in:
Raymond Hill 2019-07-21 10:37:58 -04:00
parent 22330e5afd
commit 7e1868b1c3
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
platform/chromium/manifest.json
View File

@ -51,6 +51,7 @@
"all_frames": false
}
],
"content_security_policy": "script-src 'self'; object-src 'self'",
"default_locale": "en",
"description": "__MSG_extShortDesc__",
"icons": {