add option "set content security policy" (see #724)

_locales/de/messages.json

@@ -471,6 +471,10 @@
 		"message": "Originalseite sichern",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "In die Zwischenablage speichern",
 		"description": "Options page label: 'copy to clipboard'"

_locales/en/messages.json

@@ -471,6 +471,10 @@
 		"message": "save raw page",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "copy to clipboard",
 		"description": "Options page label: 'copy to clipboard'"

_locales/es/messages.json

@@ -471,6 +471,10 @@
 		"message": "guardar página en crudo",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "establecer la política de seguridad del contenido",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "guardar en el portapapeles",
 		"description": "Options page label: 'copy to clipboard'"

_locales/fr/messages.json

@@ -471,6 +471,10 @@
 		"message": "sauvegarder la page brute",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "définir la stratégie de sécurité du contenu",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "copier dans le presse-papiers",
 		"description": "Options page label: 'copy to clipboard'"

_locales/ja/messages.json

@@ -471,6 +471,10 @@
 		"message": "生のページを保存",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "クリップボードに保存する",
 		"description": "Options page label: 'copy to clipboard'"

_locales/pl/messages.json

@@ -471,6 +471,10 @@
 		"message": "zapisuj surową stronę",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "kopiuj do schowka",
 		"description": "Options page label: 'copy to clipboard'"

_locales/ru/messages.json

@@ -471,6 +471,10 @@
 		"message": "сохранить исходную страницу",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "копировать в буфер обмена",
 		"description": "Options page label: 'copy to clipboard'"

_locales/uk/messages.json

@@ -471,6 +471,10 @@
 		"message": "зберегти вихідну сторінку",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "зберегти в буфер обміну",
 		"description": "Options page label: 'copy to clipboard'"

_locales/zh_CN/messages.json

@@ -471,6 +471,10 @@
 		"message": "保存原始页面",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "保存到剪切板",
 		"description": "Options page label: 'copy to clipboard'"

_locales/zh_TW/messages.json

@@ -471,6 +471,10 @@
 		"message": "保存原始頁面",
 		"description": "Options page label: 'save raw page'"
 	},
+	"optionInsertMetaCSP": {
+		"message": "set content security policy",
+		"description": "Options page label: 'set content security policy'"
+	},
 	"optionSaveToClipboard": {
 		"message": "保存到剪切板",
 		"description": "Options page label: 'copy to clipboard'"

cli/single-file-cli-api.js

@@ -61,6 +61,7 @@ const DEFAULT_OPTIONS = {
 	userScriptEnabled: false,
 	saveFavicon: true,
 	includeBOM: false,
+	insertMetaCSP: true,
 	insertMetaNoIndex: false,
 	insertSingleFileComment: true
 };

extension/core/bg/config.js

@@ -102,6 +102,7 @@ const DEFAULT_CONFIG = {
 	warnUnsavedPage: true,
 	autoSaveExternalSave: false,
 	insertMetaNoIndex: false,
+	insertMetaCSP: true,
 	passReferrerOnError: false,
 	insertSingleFileComment: true
 };

extension/ui/bg/ui-options.js

@@ -34,6 +34,7 @@ const removeFramesLabel = document.getElementById("removeFramesLabel");
 const removeImportsLabel = document.getElementById("removeImportsLabel");
 const removeScriptsLabel = document.getElementById("removeScriptsLabel");
 const saveRawPageLabel = document.getElementById("saveRawPageLabel");
+const insertMetaCSPLabel = document.getElementById("insertMetaCSPLabel");
 const saveToClipboardLabel = document.getElementById("saveToClipboardLabel");
 const saveToFilesystemLabel = document.getElementById("saveToFilesystemLabel");
 const addProofLabel = document.getElementById("addProofLabel");
@@ -123,6 +124,7 @@ const removeFramesInput = document.getElementById("removeFramesInput");
 const removeImportsInput = document.getElementById("removeImportsInput");
 const removeScriptsInput = document.getElementById("removeScriptsInput");
 const saveRawPageInput = document.getElementById("saveRawPageInput");
+const insertMetaCSPInput = document.getElementById("insertMetaCSPInput");
 const saveToClipboardInput = document.getElementById("saveToClipboardInput");
 const addProofInput = document.getElementById("addProofInput");
 const saveToGDriveInput = document.getElementById("saveToGDriveInput");
@@ -462,6 +464,7 @@ removeFramesLabel.textContent = browser.i18n.getMessage("optionRemoveFrames");
 removeImportsLabel.textContent = browser.i18n.getMessage("optionRemoveImports");
 removeScriptsLabel.textContent = browser.i18n.getMessage("optionRemoveScripts");
 saveRawPageLabel.textContent = browser.i18n.getMessage("optionSaveRawPage");
+insertMetaCSPLabel.textContent = browser.i18n.getMessage("optionInsertMetaCSP");
 saveToClipboardLabel.textContent = browser.i18n.getMessage("optionSaveToClipboard");
 saveToFilesystemLabel.textContent = browser.i18n.getMessage("optionSaveToFilesystem");
 addProofLabel.textContent = browser.i18n.getMessage("optionAddProof");
@@ -664,6 +667,7 @@ async function refresh(profileName) {
 	removeImportsInput.checked = profileOptions.removeImports;
 	removeScriptsInput.checked = profileOptions.removeScripts;
 	saveRawPageInput.checked = profileOptions.saveRawPage;
+	insertMetaCSPInput.checked = profileOptions.insertMetaCSP;
 	saveToClipboardInput.checked = profileOptions.saveToClipboard;
 	addProofInput.checked = profileOptions.addProof;
 	saveToGDriveInput.checked = profileOptions.saveToGDrive;
@@ -748,6 +752,7 @@ async function update() {
 			removeImports: removeImportsInput.checked,
 			removeScripts: removeScriptsInput.checked,
 			saveRawPage: saveRawPageInput.checked,
+			insertMetaCSP: insertMetaCSPInput.checked,
 			saveToClipboard: saveToClipboardInput.checked,
 			addProof: addProofInput.checked,
 			saveToGDrive: saveToGDriveInput.checked,

extension/ui/pages/help.html

@@ -208,6 +208,12 @@
 							the time needed to save a page.</p>
 						<p class="notice">It is recommended to <u>check</u> this option</p>
 					</li>
+					<li data-options-label="insertMetaCSPLabel"> <span class="option">Option: set content security
+							policy</span>
+						<p>Check this option to add a meta tag with a policy to block any external resources from being
+							loaded.</p>
+						<p class="notice">It is recommended to <u>check</u> this option</p>
+					</li>
 					<li data-options-label="removeFramesLabel"> <span class="option">Option: remove frames</span>
 						<p>Check this option to remove all frame and iframe elements. Checking this option can
 							considerably reduce the size of the file without altering the document most of the time. It

extension/ui/pages/options.html

@@ -94,6 +94,10 @@
 				<label for="removeHiddenElementsInput" id="removeHiddenElementsLabel"></label>
 				<input type="checkbox" id="removeHiddenElementsInput">
 			</div>
+			<div class="option">
+				<label for="insertMetaCSPInput" id="insertMetaCSPLabel"></label>
+				<input type="checkbox" id="insertMetaCSPInput">
+			</div>
 			<div class="option">
 				<label for="removeFramesInput" id="removeFramesLabel"></label>
 				<input type="checkbox" id="removeFramesInput">

lib/single-file/single-file-core.js

@@ -494,6 +494,12 @@ class Processor {
 				canonicalLink.href = this.options.saveUrl;
 			}
 		}
+		if (this.options.insertMetaCSP) {
+			const metaTag = this.doc.createElement("meta");
+			metaTag.httpEquiv = "content-security-policy";
+			metaTag.content = "default-src 'none'; font-src 'self' data:; img-src 'self' data:; style-src 'unsafe-inline'; script-src 'unsafe-inline' data:;";
+			this.doc.head.appendChild(metaTag);
+		}
 		if (this.options.insertMetaNoIndex) {
 			let metaElement = this.doc.querySelector("meta[name=robots][content*=noindex]");
 			if (!metaElement) {