Support comments in JS Whitelist.

2016-09-11 18:28:32 -07:00 · 2016-09-11 18:28:32 -07:00 · f92e12acaa
commit f92e12acaa
parent 901652e17e
2 changed files with 5 additions and 2 deletions
--- a/src/General/Settings/Advanced.html
+++ b/src/General/Settings/Advanced.html
@ -143,6 +143,9 @@

 <fieldset>
  <legend>Javascript Whitelist</legend>
-  <div>Sources from which Javascript is allowed to be loaded by <a href="http://content-security-policy.com/#source_list" target="_blank">Content Security Policy</a>.</div>
+  <div>
+    Sources from which Javascript is allowed to be loaded by <a href="http://content-security-policy.com/#source_list" target="_blank">Content Security Policy</a>.<br>
+    Lines starting with a <code>#</code> will be ignored.
+  </div>
  <textarea name="jsWhitelist" class="field" spellcheck="false"></textarea>
 </fieldset>
--- a/src/main/Main.coffee
+++ b/src/main/Main.coffee
@ -60,7 +60,7 @@ Main =

    # Enforce JS whitelist
    ($.getSync or $.get) {'jsWhitelist': Conf['jsWhitelist']}, ({jsWhitelist}) ->
-      $.addCSP "script-src #{jsWhitelist.replace(/[\s;]+/g, ' ')}"
+      $.addCSP "script-src #{jsWhitelist.replace(/^#.*$/mg, '').replace(/[\s;]+/g, ' ').trim()}"

    # Get saved values as items
    items = {}