InformAction Forums

onScriptDisabled.js wrote:file: documents are loaded synchronously and may not be affected by
CSP. We already intercept onbeforeexecutescript event, let's cope with
event and URL attributes.

There appears to be a workaround. One that you yourself introduced just a while back! That is, the "CSP meta tag" injected with content script.

However, there appears to currently be a slight problem with the approach, namely, if the head element is not available at the time the content script is loaded, the meta element will get placed in the documentElement. Unfortunately Firefox seems to disregard the meta element completely if placed there.

So what needs to be done is to ensure the meta goes to the head element. The most direct approach, and the only one I got to actually work, is to make the head element if it is not there already. Sure, we will end up with two heads, but as far as I know, Firefox is not too picky about that.

No need for onbeforeexecutescript, on-event hunting or mutationobservers.

It works great, thanks, and you actually are not even required to keep a second HEAD around.

Done in latest development build,
v 10.1.9.2rc2
=============================================================
+ [L10n] Transifex integration
x Work-around for DOM-injected CSP not being honored when
appended to the root element, rather than HEAD
+ Transparent support for FQDNs
+ Better UI support for file:// URLs