Mirrors/uBlock
1
0
Fork 0
mirror of https://github.com/gorhill/uBlock.git synced 2024-11-07 03:12:33 +01:00
Code Issues Releases Wiki Activity

code review "csp=" parsing: reject if "report-" directive present

Browse Source
This commit is contained in:
gorhill 2017-05-16 12:44:12 -04:00
parent 29b1e87a92
commit da71918112
No known key found for this signature in database
GPG Key ID: 25E1490B761470C2
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/js/static-net-filtering.js
View File

@ -1252,6 +1252,7 @@ var FilterParser = function() {
this.reIsolateHostname = /^(\*?\.)?([^\x00-\x24\x26-\x2C\x2F\x3A-\x5E\x60\x7B-\x7F]+)(.*)/; this.reIsolateHostname = /^(\*?\.)?([^\x00-\x24\x26-\x2C\x2F\x3A-\x5E\x60\x7B-\x7F]+)(.*)/;
this.reHasUnicode = /[^\x00-\x7F]/; this.reHasUnicode = /[^\x00-\x7F]/;
this.reWebsocketAny = /^ws[s*]?(?::\/?\/?)?\*?$/; this.reWebsocketAny = /^ws[s*]?(?::\/?\/?)?\*?$/;
this.reBadCSP = /(?:^|;)\s*report-(?:to|uri)\b/;
this.domainOpt = ''; this.domainOpt = '';
this.reset(); this.reset();
}; };
@ -1451,7 +1452,7 @@ FilterParser.prototype.parseOptions = function(s) {
break; break;
} }
if ( opt.startsWith('csp=') ) { if ( opt.startsWith('csp=') ) {
if ( opt.length > 4 ) { if ( opt.length > 4 && this.reBadCSP.test(opt) === false ) {
this.parseTypeOption('data', not); this.parseTypeOption('data', not);
this.dataType = 'csp'; this.dataType = 'csp';
this.dataStr = opt.slice(4).trim(); this.dataStr = opt.slice(4).trim();