Fixed placeholders missing for some blocked embeddings (Tor ticket #28720).

hackademix · hackademix · commit c94cd4875248 · 2018-12-05T10:10:26.000+01:00
diff --git a/src/lib/CSP.js b/src/lib/CSP.js
@@ -1,23 +1,23 @@
 "use strict";
 
 class CSP {
-    
+
   build(...directives) {
     return directives.join(';');
   }
-  
+
   buildBlocker(...types) {
       return this.build(...(types.map(type => `${type.name || type}-src ${type.value || "'none'"}`)));
   }
-  
+
   blocks(header, type) {
     return `;${header};`.includes(`;${type}-src 'none';`)
   }
-  
+
   asHeader(value) {
     return {name: CSP.headerName, value};
   }
 }
 
-CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type);
+CSP.isEmbedType = type => /\b(?:application|video|audio)\b/.test(type) && type !== "application/xhtml+xml";
 CSP.headerName = "content-security-policy";

Original file line number	Diff line number	Diff line change
`@@ -1,23 +1,23 @@`
`1`	`1`	`"use strict";`
`2`	`2`
`3`	`3`	`class CSP {`
`4`		`-`
	`4`	`+`
`5`	`5`	`build(...directives) {`
`6`	`6`	`return directives.join(';');`
`7`	`7`	`}`
`8`		`-`
	`8`	`+`
`9`	`9`	`buildBlocker(...types) {`
`10`	`10`	return this.build(...(types.map(type => `${type.name \|\| type}-src ${type.value \|\| "'none'"}`)));
`11`	`11`	`}`
`12`		`-`
	`12`	`+`
`13`	`13`	`blocks(header, type) {`
`14`	`14`	return `;${header};`.includes(`;${type}-src 'none';`)
`15`	`15`	`}`
`16`		`-`
	`16`	`+`
`17`	`17`	`asHeader(value) {`
`18`	`18`	`return {name: CSP.headerName, value};`
`19`	`19`	`}`
`20`	`20`	`}`
`21`	`21`
`22`		`-CSP.isEmbedType = type => /\b(?:application\|video\|audio)\b/.test(type);`
	`22`	`+CSP.isEmbedType = type => /\b(?:application\|video\|audio)\b/.test(type) && type !== "application/xhtml+xml";`
`23`	`23`	`CSP.headerName = "content-security-policy";`