Skip to content

Commit 373db2b

Browse files
hackademixhackademix
committed
Let injected CSP prevent onload events from firing on unfrozen embedded elements.
1 parent 681d00e commit 373db2b

1 file changed

Lines changed: 17 additions & 7 deletions

File tree

src/lib/DocumentFreezer.js

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,8 @@ var DocumentFreezer = (() => {
1414
}
1515

1616
function freezeAttributes() {
17-
try {
1817
for (let element of document.querySelectorAll("*")) {
19-
if (element._frozenAttributes) continue;
18+
if (element._frozen) continue;
2019
let fa = [];
2120
let loaders = [];
2221
for (let a of element.attributes) {
@@ -41,16 +40,19 @@ var DocumentFreezer = (() => {
4140
element.replaceWith(element = element.cloneNode(true));
4241
}
4342
}
44-
element._frozenAttributes = fa;
43+
if (fa.length) element._frozenAttributes = fa;
44+
element._frozen = true;
4545
}
46-
} catch(e) { console.error(e )}
4746
}
4847

4948
function unfreezeAttributes() {
5049
for (let element of document.querySelectorAll("*")) {
5150
if (!element._frozenAttributes) continue;
5251
for (let a of element._frozenAttributes) {
53-
element.setAttributeNodeNS(a);
52+
element.setAttributeNS(a.namespaceURI, a.name, a.value);
53+
}
54+
if ("contentWindow" in element) {
55+
element.replaceWith(element.cloneNode(true));
5456
}
5557
}
5658
}
@@ -74,7 +76,11 @@ var DocumentFreezer = (() => {
7476
console.debug("Freezing", document.URL);
7577
document._frozen = true;
7678
for (let et of eventTypes) document.addEventListener(et, suppressEvents, true);
77-
freezeAttributes();
79+
try {
80+
freezeAttributes();
81+
} catch(e) {
82+
console.error(e);
83+
}
7884
domFreezer.observe(document, {childList: true, subtree: true});
7985
suppressedScripts = 0;
8086
addEventListener("beforescriptexecute", scriptSuppressor, true);
@@ -84,7 +90,11 @@ var DocumentFreezer = (() => {
8490
if (!document._frozen) return false;
8591
console.debug("Unfreezing", document.URL);
8692
domFreezer.disconnect();
87-
unfreezeAttributes();
93+
try {
94+
unfreezeAttributes();
95+
} catch(e) {
96+
console.error(e);
97+
}
8898
removeEventListener("beforescriptexecute", scriptSuppressor, true);
8999
for (let et of eventTypes) document.removeEventListener(et, suppressEvents, true);
90100
document._frozen = false;

0 commit comments

Comments
 (0)