From dfe18111b9b65293bf6fe2e6a102959b3719ff61 Mon Sep 17 00:00:00 2001 From: gorhill Date: Mon, 11 Sep 2017 09:53:42 -0400 Subject: [PATCH] fix #1539 --- src/js/pagestore.js | 6 ++++-- src/js/traffic.js | 33 ++++++++++++++++++++++++++------- 2 files changed, 30 insertions(+), 9 deletions(-) diff --git a/src/js/pagestore.js b/src/js/pagestore.js index 3689748a0be46..ea3a428165617 100644 --- a/src/js/pagestore.js +++ b/src/js/pagestore.js @@ -598,8 +598,10 @@ PageStore.prototype.filterRequest = function(context) { } } - if ( requestType === 'font' ) { - this.remoteFontCount += 1; + if ( requestType.endsWith('font') ) { + if ( requestType === 'font' ) { + this.remoteFontCount += 1; + } if ( µb.hnSwitches.evaluateZ('no-remote-fonts', context.rootHostname) !== false ) { if ( µb.logger.isEnabled() ) { this.logData = µb.hnSwitches.toLogData(); diff --git a/src/js/traffic.js b/src/js/traffic.js index 6467c0ea6ea54..9519502d22d60 100644 --- a/src/js/traffic.js +++ b/src/js/traffic.js @@ -443,20 +443,17 @@ var injectCSP = function(pageStore, details) { if ( details.type !== 'main_frame' ) { context.pageHostname = context.pageDomain = context.requestHostname; } + context.requestURL = requestURL; // Start collecting policies >>>>>>>> // ======== built-in policies + var builtinDirectives = []; + context.requestType = 'inline-script'; - context.requestURL = requestURL; if ( pageStore.filterRequest(context) === 1 ) { - cspSubsets[0] = "script-src 'unsafe-eval' * blob: data:"; - // https://bugs.chromium.org/p/chromium/issues/detail?id=669086 - // TODO: remove when most users are beyond Chromium v56 - if ( vAPI.chromiumVersion < 57 ) { - cspSubsets[0] += '; frame-src *'; - } + builtinDirectives.push("script-src 'unsafe-eval' * blob: data:"); } if ( loggerEnabled === true ) { logger.writeOne( @@ -470,6 +467,28 @@ var injectCSP = function(pageStore, details) { ); } + // https://github.com/gorhill/uBlock/issues/1539 + // - Use a CSP to also forbid inline fonts if remote fonts are blocked. + context.requestType = 'inline-font'; + if ( pageStore.filterRequest(context) === 1 ) { + builtinDirectives.push('font-src *'); + if ( loggerEnabled === true ) { + logger.writeOne( + tabId, + 'net', + pageStore.logData, + 'inline-font', + requestURL, + context.rootHostname, + context.pageHostname + ); + } + } + + if ( builtinDirectives.length !== 0 ) { + cspSubsets[0] = builtinDirectives.join('; '); + } + // ======== filter-based policies // Static filtering.