()
| 12676 | } |
| 12677 | |
| 12678 | async function getCspTrustedTypesInfo() { |
| 12679 | const combinedPolicies = new Set(); |
| 12680 | let combinedAllowDuplicates = false; |
| 12681 | let combinedTtDirectiveFound = false; |
| 12682 | |
| 12683 | const meta = document.querySelector('meta[http-equiv="Content-Security-Policy"]'); |
| 12684 | if (meta) { |
| 12685 | const metaResult = parseTrustedTypes(meta.content); |
| 12686 | metaResult.names.forEach(name => combinedPolicies.add(name)); |
| 12687 | if (metaResult.allowDuplicates) { |
| 12688 | combinedAllowDuplicates = true; |
| 12689 | } |
| 12690 | if (metaResult.ttDirectiveFound) { |
| 12691 | combinedTtDirectiveFound = true; |
| 12692 | } |
| 12693 | } |
| 12694 | |
| 12695 | return new Promise((resolve) => { |
| 12696 | GM_xmlhttpRequest({ |
| 12697 | method: "HEAD", |
| 12698 | url: window.location.href, |
| 12699 | onload: function(response) { |
| 12700 | const cspHeader = response.responseHeaders.split('\r\n') |
| 12701 | .filter(h => h.toLowerCase().startsWith('content-security-policy:')) |
| 12702 | .map(h => h.substring(26).trim()) |
| 12703 | .join('; '); |
| 12704 | |
| 12705 | const headerResult = parseTrustedTypes(cspHeader); |
| 12706 | headerResult.names.forEach(name => combinedPolicies.add(name)); |
| 12707 | if (headerResult.allowDuplicates) { |
| 12708 | combinedAllowDuplicates = true; |
| 12709 | } |
| 12710 | if (headerResult.ttDirectiveFound) { |
| 12711 | combinedTtDirectiveFound = true; |
| 12712 | } |
| 12713 | |
| 12714 | resolve({ |
| 12715 | names: combinedPolicies, |
| 12716 | allowDuplicates: combinedAllowDuplicates, |
| 12717 | ttDirectiveFound: combinedTtDirectiveFound |
| 12718 | }); |
| 12719 | }, |
| 12720 | onerror: function(error) { |
| 12721 | resolve({ |
| 12722 | names: combinedPolicies, |
| 12723 | allowDuplicates: combinedAllowDuplicates, |
| 12724 | ttDirectiveFound: combinedTtDirectiveFound |
| 12725 | }); |
| 12726 | } |
| 12727 | }); |
| 12728 | }); |
| 12729 | } |
| 12730 | |
| 12731 | function isTrustedTypesEnforced() { |
| 12732 | try { |
no test coverage detected