Mirrors/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2025-01-31 20:21:35 +01:00
Code Issues Releases Wiki Activity

Add advanced setting noScriptingCSP

Browse Source 
Related discussion:
https://github.com/uBlockOrigin/uBlock-issues/issues/2642#issuecomment-2520096503

Specify which CSP directive to inject when no-scripting switch is
toggled on. If this hidden setting is changed, uBO will not try
to spoof `noscript` elements.

For internal use at the moment, not to be documented.
This commit is contained in:
Raymond Hill 2024-12-05 09:04:31 -05:00
parent f80143a8ee
commit a86e802afc
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/js/background.js
View File

@ -73,6 +73,7 @@ const hiddenSettingsDefault = {
loggerPopupType: 'popup', loggerPopupType: 'popup',
manualUpdateAssetFetchPeriod: 500, manualUpdateAssetFetchPeriod: 500,
modifyWebextFlavor: 'unset', modifyWebextFlavor: 'unset',
noScriptingCSP: 'script-src http: https:',
popupFontSize: 'unset', popupFontSize: 'unset',
popupPanelDisabledSections: 0, popupPanelDisabledSections: 0,
popupPanelHeightMode: 0, popupPanelHeightMode: 0,
@ -254,7 +255,6 @@ const µBlock = { // jshint ignore:line
scriptlets: {}, scriptlets: {},
cspNoInlineScript: "script-src 'unsafe-eval' * blob: data:", cspNoInlineScript: "script-src 'unsafe-eval' * blob: data:",
cspNoScripting: 'script-src http: https:',
cspNoInlineFont: 'font-src *', cspNoInlineFont: 'font-src *',
liveBlockingProfiles: [], liveBlockingProfiles: [],

5
src/js/messaging.js
View File

@ -804,6 +804,9 @@ const onMessage = function(request, sender, callback) {
case 'shouldRenderNoscriptTags': { case 'shouldRenderNoscriptTags': {
if ( pageStore === null ) { break; } if ( pageStore === null ) { break; }
if ( µb.hiddenSettings.noScriptingCSP !== µb.hiddenSettingsDefault.noScriptingCSP ) {
break;
}
const fctxt = µb.filteringContext.fromTabId(sender.tabId); const fctxt = µb.filteringContext.fromTabId(sender.tabId);
if ( pageStore.filterScripting(fctxt, undefined) ) { if ( pageStore.filterScripting(fctxt, undefined) ) {
vAPI.tabs.executeScript(sender.tabId, { vAPI.tabs.executeScript(sender.tabId, {
@ -2009,7 +2012,7 @@ const logCSPViolations = function(pageStore, request) {
fctxt.type = 'script'; fctxt.type = 'script';
fctxt.filter = undefined; fctxt.filter = undefined;
if ( pageStore.filterScripting(fctxt, true) === 1 ) { if ( pageStore.filterScripting(fctxt, true) === 1 ) {
cspData.set(µb.cspNoScripting, fctxt.filter); cspData.set(µb.hiddenSettings.noScriptingCSP, fctxt.filter);
} }
fctxt.type = 'inline-font'; fctxt.type = 'inline-font';

2
src/js/traffic.js
View File

@ -969,7 +969,7 @@ const injectCSP = function(fctxt, pageStore, responseHeaders) {
const builtinDirectives = []; const builtinDirectives = [];
if ( pageStore.filterScripting(fctxt, true) === 1 ) { if ( pageStore.filterScripting(fctxt, true) === 1 ) {
builtinDirectives.push(µb.cspNoScripting); builtinDirectives.push(µb.hiddenSettings.noScriptingCSP);
if ( logger.enabled ) { if ( logger.enabled ) {
fctxt.setRealm('network').setType('scripting').toLogger(); fctxt.setRealm('network').setType('scripting').toLogger();
} }