mirror of
https://github.com/gorhill/uBlock.git
synced 2024-10-06 09:37:12 +02:00
Add virtuous signal that remote code execution is not possible
Related Chromium issue: - https://bugs.chromium.org/p/chromium/issues/detail?id=985759 By expressly restricting JavaScript execution to only code from the extension package, this explicitly tells code reviewer that uBO can't execute remote code. I also had to add `object-src 'self'`, otherwise Chromium refused to load the extension with the following error message: > 'content_security_policy': CSP directive 'object-src' must be specified `object-src 'self'` is the default value.
This commit is contained in:
parent
22330e5afd
commit
7e1868b1c3
@ -51,6 +51,7 @@
|
|||||||
"all_frames": false
|
"all_frames": false
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
"content_security_policy": "script-src 'self'; object-src 'self'",
|
||||||
"default_locale": "en",
|
"default_locale": "en",
|
||||||
"description": "__MSG_extShortDesc__",
|
"description": "__MSG_extShortDesc__",
|
||||||
"icons": {
|
"icons": {
|
||||||
|
Loading…
Reference in New Issue
Block a user