From 6abc89dfd52b3cd3fe97327a7960e65caa1f919b Mon Sep 17 00:00:00 2001 From: Raymond Hill Date: Mon, 22 Jan 2018 13:58:35 -0500 Subject: [PATCH] fix #924 --- src/js/contentscript.js | 17 ++++++++++++++--- src/js/messaging.js | 38 ++++++++++++++++++++------------------ 2 files changed, 34 insertions(+), 21 deletions(-) diff --git a/src/js/contentscript.js b/src/js/contentscript.js index 1ff7d17..c15731d 100644 --- a/src/js/contentscript.js +++ b/src/js/contentscript.js @@ -413,14 +413,17 @@ var collapser = (function() { /******************************************************************************/ // Executed only once. - +// // https://github.com/gorhill/httpswitchboard/issues/25 - +// // https://github.com/gorhill/httpswitchboard/issues/131 // Looks for inline javascript also in at least one a[href] element. - +// // https://github.com/gorhill/uMatrix/issues/485 // Mind "on..." attributes. +// +// https://github.com/gorhill/uMatrix/issues/924 +// Report inline styles. (function() { if ( @@ -435,6 +438,14 @@ var collapser = (function() { }); } + if ( document.querySelector('style,[style]') !== null ) { + vAPI.messaging.send('contentscript.js', { + what: 'securityPolicyViolation', + directive: 'style-src', + documentURI: window.location.href + }); + } + collapser.addMany(document.querySelectorAll('img')); collapser.addIFrames(document.querySelectorAll('iframe')); collapser.process(); diff --git a/src/js/messaging.js b/src/js/messaging.js index c888a9b..86ba338 100644 --- a/src/js/messaging.js +++ b/src/js/messaging.js @@ -399,28 +399,28 @@ var µm = µMatrix; /******************************************************************************/ -var contentScriptSummaryHandler = function(tabId, pageStore, details) { +var foundInlineCode = function(tabId, pageStore, details, type) { if ( pageStore === null ) { return; } - var pageHostname = pageStore.pageHostname; - var µmuri = µm.URI.set(details.documentURI); - var frameURL = µmuri.normalizedURI(); + var pageHostname = pageStore.pageHostname, + µmuri = µm.URI.set(details.documentURI), + frameURL = µmuri.normalizedURI(); var blocked = details.blocked; if ( blocked === undefined ) { - blocked = µm.mustBlock(pageHostname, µmuri.hostname, 'script'); + blocked = µm.mustBlock(pageHostname, µmuri.hostname, type); } + var mapTo = { + css: 'style', + script: 'script' + }; + // https://github.com/gorhill/httpswitchboard/issues/333 // Look-up here whether inline scripting is blocked for the frame. - var url = frameURL + '{inline_script}'; - pageStore.recordRequest('script', url, blocked); - µm.logger.writeOne(tabId, 'net', pageHostname, url, 'script', blocked); - - // https://github.com/gorhill/uMatrix/issues/225 - // A good place to force an update of the page title, as at this point - // the DOM has been loaded. - µm.updateTitle(tabId); + var url = frameURL + '{inline_' + mapTo[type] + '}'; + pageStore.recordRequest(type, url, blocked); + µm.logger.writeOne(tabId, 'net', pageHostname, url, type, blocked); }; /******************************************************************************/ @@ -531,10 +531,6 @@ var onMessage = function(request, sender, callback) { response = contentScriptLocalStorageHandler(tabId, request.originURL); break; - case 'contentScriptSummary': - contentScriptSummaryHandler(tabId, request); - break; - case 'lookupBlockedCollapsibles': response = lookupBlockedCollapsibles(tabId, request); break; @@ -547,6 +543,10 @@ var onMessage = function(request, sender, callback) { if ( pageStore !== null ) { pageStore.hasNoscriptTags = true; } + // https://github.com/gorhill/uMatrix/issues/225 + // A good place to force an update of the page title, as at + // this point the DOM has been loaded. + µm.updateTitle(tabId); break; case 'securityPolicyViolation': @@ -562,7 +562,9 @@ var onMessage = function(request, sender, callback) { µm.logger.writeOne(tabId, 'net', rootHostname, url, 'worker', request.blocked); } } else if ( request.directive === 'script-src' ) { - contentScriptSummaryHandler(tabId, pageStore, request); + foundInlineCode(tabId, pageStore, request, 'script'); + } else if ( request.directive === 'style-src' ) { + foundInlineCode(tabId, pageStore, request, 'css'); } break;