html_rewriter: added the nullification of meta tag delivered CSP poli…

…cies to HTMLRewriterMixin, treat it like the integrity attribute (#274) rewrite test: updated the html_rewriter test to cover the changes made for meta CSP rewriting fixes #273
webrecorder · Jan 8, 2018 · 3c05f27 · 3c05f27
1 parent d3b379e
commit 3c05f27
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 0 deletions.
diff --git a/pywb/rewrite/html_rewriter.py b/pywb/rewrite/html_rewriter.py
@@ -333,6 +333,8 @@ def _rewrite_tag_attrs(self, tag, tag_attrs):
             elif (tag == 'meta') and (attr_name == 'content'):
                 if self.has_attr(tag_attrs, ('http-equiv', 'refresh')):
                     attr_value = self._rewrite_meta_refresh(attr_value)
+                elif self.has_attr(tag_attrs, ('http-equiv', 'content-security-policy')):
+                    attr_name = '_' + attr_name
                 elif self.has_attr(tag_attrs, ('name', 'referrer')):
                     attr_value = 'no-referrer-when-downgrade'
                 elif attr_value.startswith(self.DATA_RW_PROTOCOLS):

diff --git a/pywb/rewrite/test/test_html_rewriter.py b/pywb/rewrite/test/test_html_rewriter.py
@@ -129,6 +129,9 @@
 >>> parse('<meta name="referrer" content="origin">')
 <meta name="referrer" content="no-referrer-when-downgrade">
 
+>>> parse('<meta http-equiv="Content-Security-Policy" content="default-src http://example.com" />')
+<meta http-equiv="Content-Security-Policy" _content="default-src http://example.com"/>
+
 # Custom -data attribs
 >>> parse('<div data-url="http://example.com/a/b/c.html" data-some-other-value="http://example.com/img.gif">')
 <div data-url="/web/20131226101010oe_/http://example.com/a/b/c.html" data-some-other-value="/web/20131226101010oe_/http://example.com/img.gif">