reader-handler: unbreak reader mode and add CSP (!1047) · Merge requests · GNOME / Epiphany

Michael Catanzaro requested to merge mcatanzaro/unbreak-reader-mode into master Dec 16, 2021

HTML-encoding the content passed to reader mode does not work because it contains HTML markup generated by Readability.js. Oops. I must have seriously screwed up when testing this yesterday, because there is no way this could ever have worked.

Upstream recommends use of a DOM purifier, but in theory, if we completely block all script execution, we can avoid the need for that. So add a CSP recommended by Patrick.

We'll sneak in a couple bonus fixes: use ' rather than " to improve readability, and close the

Edited Dec 16, 2021 by Michael Catanzaro

reader-handler: unbreak reader mode and add CSP

Merge request reports