#517: fake out current Rocket Loader

dom/base/Element.cpp

@@ -1168,6 +1168,17 @@ Element::GetDestinationInsertionPoints()
 void
 Element::GetAttribute(const nsAString& aName, DOMString& aReturn)
 {
+  // Complete the illusion of issue 517 by preventing Rocket Loader from
+  // seeing the data-cf-nonce attribute. This doesn't seem to be used
+  // anywhere else in the Cloudflare stack.
+  if (MOZ_UNLIKELY(aName.LowerCaseEqualsASCII("data-cf-nonce"))) {
+#if DEBUG
+    fprintf(stderr, "TenFourFox: blocked access to proscribed property data-cf-nonce.\n");
+#endif
+    aReturn.SetNull();
+    return;
+  }
+
   const nsAttrValue* val =
     mAttrsAndChildren.GetAttr(aName,
                               IsHTMLElement() && IsInHTMLDocument() ?

dom/base/nsContentUtils.cpp

@@ -7108,9 +7108,6 @@ nsContentUtils::IsForbiddenSystemRequestHeader(const nsACString& aHeader)
   };
   for (uint32_t i = 0; i < ArrayLength(kInvalidHeaders); ++i) {
     if (aHeader.LowerCaseEqualsASCII(kInvalidHeaders[i])) {
-#if DEBUG
-      fprintf(stderr, "offending header was %s\n", kInvalidHeaders[i]);
-#endif
       return true;
     }
   }
@@ -7219,6 +7216,22 @@ nsContentUtils::IsJavascriptMIMEType(const nsAString& aMIMEType)
     }
   }
 
+  // Workaround for Rocket Script; current versions do not load properly.
+  // This version just relaxes the limits on the MIME type so that the
+  // browser loads the scripts for us and RocketScript is not involved.
+  // Old-school Rocket Script that used text/rocketscript is OK; we don't
+  // interfere with that.
+  // (TenFourFox issue 517.)
+  if (StringEndsWith(aMIMEType, NS_LITERAL_STRING("-text/javascript"),
+                     nsCaseInsensitiveStringComparator())) {
+      // Don't use Find(). We really care just if it's at the end.
+      // If we need to look elsewhere, use FindInReadable().
+#if DEBUG
+    fprintf(stderr, "TenFourFox: Rocket Script detected\n");
+#endif
+    return true;
+  }
+
   return false;
 }