inject.preload.js - Issue 29590611: Issue 5953 - Bypass site CSP for script injection in Firefox

Keyboard Shortcuts

	File
u :	up to issue
m :	publish + mail comments
M :	edit review message
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line
<Enter> :	respond to / edit current comment
d :	mark current comment as done

	Issue
u :	up to list of issues
m :	publish + mail comments
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue
# :	close issue

	Comment/message editing
<Ctrl> + s or <Ctrl> + Enter :	save comment
<Esc> :	cancel edit

Unified Diff: inject.preload.js

Issue 29590611: Issue 5953 - Bypass site CSP for script injection in Firefox (Closed)

Patch Set: Created Nov. 3, 2017, 6:16 p.m.

Use n/p to move between diff chunks; N/P to move between comments.

Jump to:

Index: inject.preload.js

===================================================================

--- a/inject.preload.js

+++ b/inject.preload.js

@@ -393,13 +393,17 @@ if (document instanceof HTMLDocument)

let sandbox = window.frameElement &&

window.frameElement.getAttribute("sandbox");

if (typeof sandbox != "string" || /(^|\s)allow-scripts(\s|$)/i.test(sandbox))

{

let script = document.createElement("script");

script.type = "application/javascript";

script.async = false;

- script.textContent = "(" + injected + ")('" + randomEventName + "');";

+ let code = "(" + injected + ")('" + randomEventName + "');";

+ let blob = new Blob([code]);

Sebastian Noack 2017/11/03 21:12:15 Nit: At least this temporary variable can be avoid

kzar 2017/11/06 11:32:51 Yea, how about this? let url = URL.createObjectUR

+ let url = URL.createObjectURL(blob);

+ script.src = url;

document.documentElement.appendChild(script);

document.documentElement.removeChild(script);

+ URL.revokeObjectURL(url);

}

« no previous file with comments | « no previous file | no next file » | no next file with comments »