inject.preload.js - Issue 29451568: Issue 4494 - Avoid causing some sandbox related warnings

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: inject.preload.js

Issue 29451568: Issue 4494 - Avoid causing some sandbox related warnings (Closed)

Patch Set: Created May 30, 2017, 9:22 a.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Index: inject.preload.js

diff --git a/inject.preload.js b/inject.preload.js

index c35c071ce48f748401a0e3a3de6f267b51712f37..3b1e1f61bb9da682e7202f8a9549c82ad2fcb248 100644

--- a/inject.preload.js

+++ b/inject.preload.js

@@ -387,10 +387,15 @@ function injected(eventName, injectedIntoContentWindow)

if (document instanceof HTMLDocument)

{

- let script = document.createElement("script");

- script.type = "application/javascript";

- script.async = false;

- script.textContent = "(" + injected + ")('" + randomEventName + "');";

- document.documentElement.appendChild(script);

- document.documentElement.removeChild(script);

+ let sandbox = window.frameElement &&

+ window.frameElement.getAttribute("sandbox");

Sebastian Noack 2017/05/30 09:41:16 Nit: The indentation looks a bit off here.

kzar 2017/05/30 10:20:31 Done.

+ if (typeof sandbox != "string" || sandbox.includes("allow-scripts"))

Sebastian Noack 2017/05/30 09:41:16 What if allow-scripts is misspelled like "allow-sc

kzar 2017/05/30 10:20:31 Well a false-positive doesn't matter here, it just

Sebastian Noack 2017/05/30 10:36:46 I wonder whether we even need this check. If scrip

Sebastian Noack 2017/05/30 10:43:34 Never mind. We are in the extension's content scri

kzar 2017/05/30 12:27:15 Doing some further reading I realised that window.

+ {

+ let script = document.createElement("script");

+ script.type = "application/javascript";

+ script.async = false;

+ script.textContent = "(" + injected + ")('" + randomEventName + "');";

+ document.documentElement.appendChild(script);

+ document.documentElement.removeChild(script);

+ }

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »