mirror of
https://github.com/gorhill/uBlock.git
synced 2024-11-11 17:41:03 +01:00
Use proper embedding context when evluating inline-script
Related issue: - https://github.com/uBlockOrigin/uBlock-issues/issues/422
This commit is contained in:
parent
acda682153
commit
515b7cdcfc
1 changed files with 11 additions and 4 deletions
|
@ -777,14 +777,21 @@ const injectCSP = function(fctxt, pageStore, responseHeaders) {
|
||||||
if ( loggerEnabled ) {
|
if ( loggerEnabled ) {
|
||||||
fctxt.setRealm('network').setType('scripting').toLogger();
|
fctxt.setRealm('network').setType('scripting').toLogger();
|
||||||
}
|
}
|
||||||
} else {
|
}
|
||||||
fctxt.type = 'inline-script';
|
// https://github.com/uBlockOrigin/uBlock-issues/issues/422
|
||||||
const result = pageStore.filterRequest(fctxt);
|
// We need to derive a special context for filtering `inline-script`,
|
||||||
|
// as the embedding document for this "resource" will always be the
|
||||||
|
// frame itself, not that of the parent of the frame.
|
||||||
|
else {
|
||||||
|
const fctxt2 = fctxt.duplicate();
|
||||||
|
fctxt2.type = 'inline-script';
|
||||||
|
fctxt2.setDocOriginFromURL(fctxt.url);
|
||||||
|
const result = pageStore.filterRequest(fctxt2);
|
||||||
if ( result === 1 ) {
|
if ( result === 1 ) {
|
||||||
builtinDirectives.push("script-src 'unsafe-eval' * blob: data:");
|
builtinDirectives.push("script-src 'unsafe-eval' * blob: data:");
|
||||||
}
|
}
|
||||||
if ( result !== 0 && loggerEnabled ) {
|
if ( result !== 0 && loggerEnabled ) {
|
||||||
fctxt.setRealm('network').toLogger();
|
fctxt2.setRealm('network').toLogger();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue