Re: Help documentation for Noscript
Posted: Mon Nov 02, 2015 5:05 pm
You're welcome, but I'm thinking I should bring the apparent status of noscript.forbidData to Giorgio's attention.
NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/
Code: Select all
Hacks: {
allowLocalLinks: function() {
let ns = noscriptOverlay.ns;
if (ns.geckoVersionCheck("30") >= 0) return;
if ("urlSecurityCheck" in window) {
let usc = window.urlSecurityCheck;
window.urlSecurityCheck = function(aURL, aPrincipal, aFlags) {
if (!ns.checkLocalLink(aURL, aPrincipal)) {
usc.apply(this, arguments);
}
}
}
if ("handleLinkClick" in window) {
let hlc = window.handleLinkClick;
window.handleLinkClick = function(ev, href, linkNode) {
let ret = hlc.apply(this, arguments);
if (!ret && ns.checkLocalLink(linkNode.href, linkNode.nodePrincipal)) {
try {
let w = ev.view.open("about:blank", linkNode.target || "_self");
w.location.href = linkNode.href;
ev.preventDefault();
ret = true;
} catch (e) {
ret = false;
}
}
return ret;
}
}
},
Code: Select all
checkLocalLink: function(url, principal, fromPolicy) {
if (!this.allowLocalLinks || this.supportsCAPS && !fromPolicy)
return fromPolicy;
if (url instanceof Ci.nsIURI) {
if (!url.schemeIs("file")) return fromPolicy;
url = url.spec;
} else if (typeof url !== "string" || url.indexOf("file:///") !== 0) return fromPolicy;
let site = principal.URI ? principal.URI.spec : principal.origin;
if (!/^(ht|f)tps?:/.test(site)) return fromPolicy;
let [to, from] = ["to", "from"].map(function(n) AddressMatcher.create(ns.getPref("allowLocalLinks." + n, "")));
return ((from
? from.test(site)
: this.isJSEnabled(this.getSite(principal.origin)))
&& (!to || to.test(url))
);
},