From 28fddef5f90a72caf3eb31085c21fc6411942893 Mon Sep 17 00:00:00 2001 From: Matthew Hodgson Date: Sat, 23 Jan 2016 19:46:00 +0000 Subject: [PATCH] only try to tint our CSS, otherwise random extensions which have inserted CSS may cause untrappable XSS SecurityErrors to throw --- src/Tinter.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/Tinter.js b/src/Tinter.js index 7773be4502..909cbcd33d 100644 --- a/src/Tinter.js +++ b/src/Tinter.js @@ -78,6 +78,11 @@ function calcCssFixups() { var ss = document.styleSheets[i]; // Chromium apparently sometimes returns null here; unsure why. // see $14534907369972FRXBx:matrix.org in HQ + // ...ah, it's because there's a third party extension like + // privacybadger inserting its own stylesheet in there with a + // resource:// URI or something which results in a XSS error. + // See also #vector:matrix.org/$145357669685386ebCfr:matrix.org + if (!ss.href.endsWith("/bundle.css")) continue; if (!ss.cssRules) continue; for (var j = 0; j < ss.cssRules.length; j++) { var rule = ss.cssRules[j];