From f92e12acaaaf2112fdb9b0396dba8cd3ca8238b1 Mon Sep 17 00:00:00 2001
From: ccd0 <admin@containerchan.org>
Date: Sun, 11 Sep 2016 18:28:32 -0700
Subject: [PATCH] Support comments in JS Whitelist.

---
 src/General/Settings/Advanced.html | 5 ++++-
 src/main/Main.coffee               | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/General/Settings/Advanced.html b/src/General/Settings/Advanced.html
index cc246798d..def01adf4 100644
--- a/src/General/Settings/Advanced.html
+++ b/src/General/Settings/Advanced.html
@@ -143,6 +143,9 @@
 
 <fieldset>
   <legend>Javascript Whitelist</legend>
-  <div>Sources from which Javascript is allowed to be loaded by <a href="http://content-security-policy.com/#source_list" target="_blank">Content Security Policy</a>.</div>
+  <div>
+    Sources from which Javascript is allowed to be loaded by <a href="http://content-security-policy.com/#source_list" target="_blank">Content Security Policy</a>.<br>
+    Lines starting with a <code>#</code> will be ignored.
+  </div>
   <textarea name="jsWhitelist" class="field" spellcheck="false"></textarea>
 </fieldset>
diff --git a/src/main/Main.coffee b/src/main/Main.coffee
index 2cb290aae..5d1066fdb 100644
--- a/src/main/Main.coffee
+++ b/src/main/Main.coffee
@@ -60,7 +60,7 @@ Main =
 
     # Enforce JS whitelist
     ($.getSync or $.get) {'jsWhitelist': Conf['jsWhitelist']}, ({jsWhitelist}) ->
-      $.addCSP "script-src #{jsWhitelist.replace(/[\s;]+/g, ' ')}"
+      $.addCSP "script-src #{jsWhitelist.replace(/^#.*$/mg, '').replace(/[\s;]+/g, ' ').trim()}"
 
     # Get saved values as items
     items = {}