in src/js/contentUtils.js [427:459]
export function hasViolatingJavaScriptURI(htmlElement) {
let checkURL = '';
const lowerCaseNodeName = htmlElement.nodeName.toLowerCase();
AttributeCheckPairs.forEach(checkPair => {
checkURL = getAttributeValue(
lowerCaseNodeName,
checkPair.nodeName,
htmlElement,
checkPair.attributeName,
checkURL
);
});
if (checkURL !== '') {
// make sure anchor tags don't have javascript urls
if (checkURL.indexOf('javascript:') == 0) {
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.DEBUG,
log: 'violating attribute: javascript url in anchor tag',
});
currentState = ICON_STATE.INVALID_SOFT;
chrome.runtime.sendMessage({
type: MESSAGE_TYPE.UPDATE_ICON,
icon: ICON_STATE.INVALID_SOFT,
});
}
}
if (typeof htmlElement.childNodes !== 'undefined') {
htmlElement.childNodes.forEach(element => {
hasViolatingJavaScriptURI(element);
});
}
}