fix #1539

gorhill · Sep 11, 2017 · dfe1811 · dfe1811
1 parent 462406e
commit dfe1811
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 9 deletions.
diff --git a/src/js/pagestore.js b/src/js/pagestore.js
@@ -598,8 +598,10 @@ PageStore.prototype.filterRequest = function(context) {
         }
     }
 
-    if ( requestType === 'font' ) {
-        this.remoteFontCount += 1;
+    if ( requestType.endsWith('font') ) {
+        if ( requestType === 'font' ) {
+            this.remoteFontCount += 1;
+        }
         if ( µb.hnSwitches.evaluateZ('no-remote-fonts', context.rootHostname) !== false ) {
             if ( µb.logger.isEnabled() ) {
                 this.logData = µb.hnSwitches.toLogData();

diff --git a/src/js/traffic.js b/src/js/traffic.js
@@ -443,20 +443,17 @@ var injectCSP = function(pageStore, details) {
     if ( details.type !== 'main_frame' ) {
         context.pageHostname = context.pageDomain = context.requestHostname;
     }
+    context.requestURL = requestURL;
 
     // Start collecting policies >>>>>>>>
 
     // ======== built-in policies
 
+    var builtinDirectives = [];
+
     context.requestType = 'inline-script';
-    context.requestURL = requestURL;
     if ( pageStore.filterRequest(context) === 1 ) {
-        cspSubsets[0] = "script-src 'unsafe-eval' * blob: data:";
-        // https://bugs.chromium.org/p/chromium/issues/detail?id=669086
-        // TODO: remove when most users are beyond Chromium v56
-        if ( vAPI.chromiumVersion < 57 ) {
-            cspSubsets[0] += '; frame-src *';
-        }
+        builtinDirectives.push("script-src 'unsafe-eval' * blob: data:");
     }
     if ( loggerEnabled === true ) {
         logger.writeOne(
@@ -470,6 +467,28 @@ var injectCSP = function(pageStore, details) {
         );
     }
 
+    // https://github.com/gorhill/uBlock/issues/1539
+    // - Use a CSP to also forbid inline fonts if remote fonts are blocked.
+    context.requestType = 'inline-font';
+    if ( pageStore.filterRequest(context) === 1 ) {
+        builtinDirectives.push('font-src *');
+        if ( loggerEnabled === true ) {
+            logger.writeOne(
+                tabId,
+                'net',
+                pageStore.logData,
+                'inline-font',
+                requestURL,
+                context.rootHostname,
+                context.pageHostname
+            );
+        }
+    }
+
+    if ( builtinDirectives.length !== 0 ) {
+        cspSubsets[0] = builtinDirectives.join('; ');
+    }
+
     // ======== filter-based policies
 
     // Static filtering.