Index: inject.preload.js |
=================================================================== |
--- a/inject.preload.js |
+++ b/inject.preload.js |
@@ -393,13 +393,17 @@ if (document instanceof HTMLDocument) |
let sandbox = window.frameElement && |
window.frameElement.getAttribute("sandbox"); |
if (typeof sandbox != "string" || /(^|\s)allow-scripts(\s|$)/i.test(sandbox)) |
{ |
let script = document.createElement("script"); |
script.type = "application/javascript"; |
script.async = false; |
- script.textContent = "(" + injected + ")('" + randomEventName + "');"; |
+ let code = "(" + injected + ")('" + randomEventName + "');"; |
+ let blob = new Blob([code]); |
Sebastian Noack
2017/11/03 21:12:15
Nit: At least this temporary variable can be avoid
kzar
2017/11/06 11:32:51
Yea, how about this?
let url = URL.createObjectUR
|
+ let url = URL.createObjectURL(blob); |
+ script.src = url; |
document.documentElement.appendChild(script); |
document.documentElement.removeChild(script); |
+ URL.revokeObjectURL(url); |
} |
} |