PrivateCoffee/element-web
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3

only try to tint our CSS, otherwise random extensions which have inserted CSS may cause untrappable XSS SecurityErrors to throw

Browse source
This commit is contained in:
Matthew Hodgson 2016-01-23 19:46:00 +00:00
parent 001b9ad7cc
commit 28fddef5f9
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/Tinter.js
View file

@ -78,6 +78,11 @@ function calcCssFixups() {
var ss = document.styleSheets[i]; var ss = document.styleSheets[i];
// Chromium apparently sometimes returns null here; unsure why. // Chromium apparently sometimes returns null here; unsure why.
// see $14534907369972FRXBx:matrix.org in HQ // see $14534907369972FRXBx:matrix.org in HQ
// ...ah, it's because there's a third party extension like
// privacybadger inserting its own stylesheet in there with a
// resource:// URI or something which results in a XSS error.
// See also #vector:matrix.org/$145357669685386ebCfr:matrix.org
if (!ss.href.endsWith("/bundle.css")) continue;
if (!ss.cssRules) continue; if (!ss.cssRules) continue;
for (var j = 0; j < ss.cssRules.length; j++) { for (var j = 0; j < ss.cssRules.length; j++) {
var rule = ss.cssRules[j]; var rule = ss.cssRules[j];