liangsheng8708
/
ruffle
mirror of https://mirror.ghproxy.com/https://github.com/ruffle-rs/ruffle.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

extension: Avoid script injection in XML documents 

document.xmlVersion doesn't exist in Firefox, so use another method
to detect XML documents, described in MDN:
https://developer.mozilla.org/en-US/docs/Web/API/Document/xmlVersion
This commit is contained in:
relrelb 2021-04-24 12:56:35 +03:00 committed by Mike Welsh
parent 10b014bf18
commit 24dcad9546
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
web/packages/extension/src/content.ts
View File

@ -90,17 +90,19 @@ function checkPageOptout(): boolean {
return false;
}
declare global {
interface Document {
xmlVersion: string | null;
}
/**
* @returns {boolean} Whether the current page is an XML document or not.
*/
function isXMLDocument(): boolean {
// Based on https://developer.mozilla.org/en-US/docs/Web/API/Document/xmlVersion
return document.createElement("foo").tagName !== "FOO";
}
(async () => {
const options = await utils.getOptions(["ruffleEnable", "ignoreOptout"]);
const pageOptout = checkPageOptout();
const shouldLoad =
!document.xmlVersion &&
!isXMLDocument() &&
options.ruffleEnable &&
!window.RufflePlayer &&
(options.ignoreOptout || !pageOptout);