mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-09-30 03:58:07 +00:00
#517: more complete workaround for Rocket Loader
This commit is contained in:
parent
09256df984
commit
3926185105
@ -1168,17 +1168,6 @@ Element::GetDestinationInsertionPoints()
|
||||
void
|
||||
Element::GetAttribute(const nsAString& aName, DOMString& aReturn)
|
||||
{
|
||||
// Complete the illusion of TenFourFox issue 517 by preventing Rocket Loader
|
||||
// from seeing the data-cf-nonce attribute. This doesn't seem to be used
|
||||
// anywhere else in the Cloudflare stack.
|
||||
if (!IsXULElement() && MOZ_UNLIKELY(aName.LowerCaseEqualsASCII("data-cf-nonce"))) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "TenFourFox: blocked access to proscribed property data-cf-nonce.\n");
|
||||
#endif
|
||||
aReturn.SetNull();
|
||||
return;
|
||||
}
|
||||
|
||||
const nsAttrValue* val =
|
||||
mAttrsAndChildren.GetAttr(aName,
|
||||
IsHTMLElement() && IsInHTMLDocument() ?
|
||||
|
@ -7216,10 +7216,10 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType)
|
||||
}
|
||||
}
|
||||
|
||||
// Workaround for Rocket Script; current versions do not load properly.
|
||||
// Workaround for Rocket Loader; current versions do not work properly.
|
||||
// This version just relaxes the limits on the MIME type so that the
|
||||
// browser loads the scripts for us and RocketScript is not involved.
|
||||
// Old-school Rocket Script that used text/rocketscript is OK; we don't
|
||||
// browser loads the scripts for us and Rocket Loader is not involved.
|
||||
// Old-school Rocket Loader that used text/rocketscript works OK; we don't
|
||||
// interfere with that.
|
||||
// (TenFourFox issue 517.)
|
||||
if (StringEndsWith(aMIMEType, NS_LITERAL_STRING("-text/javascript"),
|
||||
@ -7227,7 +7227,7 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType)
|
||||
// Don't use Find(). We really care just if it's at the end.
|
||||
// If we need to look elsewhere, use FindInReadable().
|
||||
#if DEBUG
|
||||
fprintf(stderr, "TenFourFox: Rocket Script detected\n");
|
||||
fprintf(stderr, "TenFourFox: Rocket Loader dependent script detected\n");
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
@ -467,6 +467,26 @@ nsScriptLoader::ProcessScriptElement(nsIScriptElement *aElement)
|
||||
|
||||
NS_ASSERTION(!aElement->IsMalformed(), "Executing malformed script");
|
||||
|
||||
// TenFourFox issue 517. Complete the illusion by just not loading
|
||||
// the Rocket Loader script in the first place. Not only is this much
|
||||
// faster, but it also can be very reliably detected by looking for a
|
||||
// |data-cf-nonce| property on the script tag which appears nowhere else
|
||||
// in the Cloudflare stack presently, eliminates a hack in querying
|
||||
// attributes for that property, and works better for certain sites
|
||||
// where the load can clash with certain inline script elements.
|
||||
nsCOMPtr<nsIDOMElement> domElement = do_QueryInterface(aElement);
|
||||
NS_ASSERTION(domElement, "script could not be QIed to nsIDOMElement");
|
||||
if (MOZ_LIKELY(domElement)) {
|
||||
nsAutoString foo;
|
||||
domElement->GetAttribute(NS_LITERAL_STRING("data-cf-nonce"), foo);
|
||||
if (MOZ_UNLIKELY(!foo.IsEmpty())) {
|
||||
#if DEBUG
|
||||
fprintf(stderr, "TenFourFox blocking Rocket Loader main script.\n");
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
nsCOMPtr<nsIContent> scriptContent = do_QueryInterface(aElement);
|
||||
|
||||
// Step 12. Check that the script is not an eventhandler
|
||||
|
Loading…
Reference in New Issue
Block a user