/
shield.min.js
1 lines (1 loc) · 1.52 KB
/
shield.min.js
1
{let e=[],t=(document.currentScript.getAttribute("allowlist")||"").split(","),r="true"===(document.currentScript.getAttribute("reportOnly")||"false"),i=document.currentScript.getAttribute("reportTo")||"";if(r&&!i.startsWith("https:"))throw Error("when reportOnly is turned on, reportTo must be provided as a legitimate URL.until fixed, dom clobbering protection is off");function o(e){fetch(i,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({"csp-report":{"blocked-property":e,disposition:"report","document-uri":document.documentURI,"effective-directive":"dom-clobbering","original-policy":"no-access",referrer:document.referrer,"violated-directive":"dom-clobbering"}})})}function n(t){e.push(t),Object.defineProperty(window,t,{get:function e(){if(r)o(t);else throw Error(`window["${t}"] access attempt was intercepted:`)}})}function c(r){let{name:i,value:o}=r;if(!(t?.includes(o)||e.includes(o))&&("id"===i||"name"===i)&&window[o]&&(window[o]instanceof Element||window[o]instanceof HTMLCollection||window[o]===window[o]?.window&&"name"===i))return n(o)}function s(e){switch(e.nodeType){case Node.ELEMENT_NODE:let t=Array.from(e.querySelectorAll("*[id],*[name]")).concat(e);t.forEach(e=>Array.from(e.attributes).forEach(s));break;case Node.ATTRIBUTE_NODE:c(e)}}function a(e){let t=new MutationObserver(e=>{e.forEach(e=>{switch(e.type){case"childList":e.addedNodes.forEach(e=>{s(e)});break;case"attributes":s(e.target)}})});t.observe(e,{attributes:!0,childList:!0,subtree:!0,attributeFilter:["id"]})}a(document.documentElement)}