|
@@ -19,26 +19,39 @@ const policyState = {__proto__: null
|
|
|
,debug: false
|
|
|
,exposedResourceDomains: new Set
|
|
|
,exposedChromeDomains: new Set
|
|
|
+ ,exposedMozextDomains: new Set
|
|
|
+ ,exposedExtDomains: new Set
|
|
|
,blockResourceUris: true
|
|
|
+ ,blockMozextUris: true
|
|
|
+ ,blockExtUris: true
|
|
|
,blockChromeUris: true
|
|
|
,filterRedirects: true
|
|
|
,whitelistAboutUris: false
|
|
|
,secureAboutUris: new Set (['addons', 'home', 'preferences', 'support', 'newtab', 'debugging', 'config', 'downloads', 'profiles', 'sessionrestore', 'privatebrowsing', 'plugins'])
|
|
|
,veryInsecureAboutUris: new Set (['blank', 'srcdoc'])
|
|
|
+ ,mozextWhitelist: new Set
|
|
|
+ ,extWhitelist: new Set
|
|
|
};
|
|
|
|
|
|
|
|
|
// Note: view-source: scheme is no longer accessible from content (thus no leaks)
|
|
|
const isWhitelistedOrigin = u => (!u)
|
|
|
|| u.schemeIs ('chrome') || u.schemeIs ('resource') || u.schemeIs ('view-source')
|
|
|
- || u.schemeIs ('about') && (!policyState.veryInsecureAboutUris.has (u.path))
|
|
|
- && (policyState.secureAboutUris.has (u.path) || policyState.whitelistAboutUris);
|
|
|
+ || u.schemeIs ('extension') || u.schemeIs ('moz-extension') || u.schemeIs ('about')
|
|
|
+ && (!policyState.veryInsecureAboutUris.has (u.path))
|
|
|
+ && (policyState.secureAboutUris.has (u.path) || policyState.mozextWhitelist.has (u.path)
|
|
|
+ || policyState.extWhitelist.has (u.path) || policyState.whitelistAboutUris);
|
|
|
|
|
|
const shouldBeBlocked = u => (!u)
|
|
|
|| policyState.blockResourceUris
|
|
|
&& u.schemeIs ('resource') && (!policyState.exposedResourceDomains.has (u.host))
|
|
|
|| policyState.blockChromeUris
|
|
|
- && u.schemeIs ('chrome') && (!policyState.exposedChromeDomains.has (u.host));
|
|
|
+ && u.schemeIs ('chrome') && (!policyState.exposedChromeDomains.has (u.host))
|
|
|
+ || policyState.blockMozextUris
|
|
|
+ && u.schemeIs ('moz-extension') && (!policyState.exposedMozextDomains.has (u.host))
|
|
|
+ || policyState.exposedExtDomains
|
|
|
+ && u.schemeIs ('extension') && (!policyState.exposedExtDomains.has (u.host));
|
|
|
+
|
|
|
|
|
|
registerContentPolicy ({__proto__: null
|
|
|
,contractId: '@addons.mozilla.org/resource-masking-policy;1'
|
|
@@ -92,7 +105,7 @@ const requestObserver = {__proto__: null
|
|
|
}
|
|
|
}
|
|
|
} catch (e) {
|
|
|
- console.exception (e);
|
|
|
+ //console.exception (e);
|
|
|
}
|
|
|
}
|
|
|
};
|
|
@@ -103,16 +116,20 @@ try {
|
|
|
observerService.removeObserver (requestObserver, 'http-on-examine-response'));
|
|
|
} catch (e) {}
|
|
|
|
|
|
-const setPolicy = ({enableRedirectMasking, blockChromeURIs, blockResourceURIs
|
|
|
- , enableDebug, restrictAboutPages, exposedResourceDomains, exposedChromeDomains}) =>
|
|
|
+const setPolicy = ({enableRedirectMasking, blockChromeURIs, blockMozextUris, blocExtUris, blockResourceURIs
|
|
|
+ , enableDebug, restrictAboutPages, exposedResourceDomains, exposedChromeDomains, exposedMozextDomains, exposedExtDomains}) =>
|
|
|
{
|
|
|
policyState.filterRedirects = !!enableRedirectMasking;
|
|
|
policyState.blockChromeUris = !!blockChromeURIs;
|
|
|
policyState.blockResourceUris = !!blockResourceURIs;
|
|
|
+ policyState.blockMozextUris = !!blockMozextURIs;
|
|
|
+ policyState.blockExtUris = !!blockExtURIs;
|
|
|
policyState.debug = !!enableDebug;
|
|
|
policyState.whitelistAboutUris = !restrictAboutPages;
|
|
|
policyState.exposedResourceDomains = new Set (exposedResourceDomains || []);
|
|
|
policyState.exposedChromeDomains = new Set (exposedChromeDomains || []);
|
|
|
+ policyState.exposedMozextDomains = new Set (exposedMozextDomains || []);
|
|
|
+ policyState.exposedExtDomains = new Set (exposedExtDomains || []);
|
|
|
};
|
|
|
|
|
|
try {
|