Workaround firefox warning and inject if it is html or unknown

metsma · metsma · commit 2233bea1fa66 · 2025-11-20T12:24:19.000+02:00
TypeError: can't access property "name", s.dataset is undefined

WE2-1143

Signed-off-by: Raul Metsma &lt;raul@metsma.ee&gt;
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -35,7 +35,7 @@ jobs:
         npm run test clean build package
 
     - name: Upload artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: web-eid-webextension-${{github.run_number}}
         path: dist/
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -22,13 +22,13 @@ jobs:
       uses: actions/checkout@v5
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: javascript
         queries: +security-and-quality
 
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
+      uses: github/codeql-action/autobuild@v4
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
diff --git a/src/content/TokenSigning/injectPageScript.ts b/src/content/TokenSigning/injectPageScript.ts
@@ -35,11 +35,25 @@ export default function injectPageScript(): void {
  *   https://github.com/open-eid/chrome-token-signing/blob/master/extension/page.js
  */
   if (!document.querySelector("script[data-name='TokenSigning']")) {
+    // Inject if the document is HTML, or if the doctype is missing/unknown.
+    const doctypeName = document.doctype ? String(document.doctype.name).trim().toLowerCase() : "";
+    const docElName = document.documentElement ? String(document.documentElement.nodeName).trim().toLowerCase() : "";
+    const isHtml = doctypeName === "html" || docElName === "html";
+    const isUnknownDoctype = !document.doctype || doctypeName === "";
+    if (!isHtml && !isUnknownDoctype) {
+      // Do not inject the script if the document is explicitly non-HTML (e.g. XML)
+      return;
+    }
     const s = document.createElement("script");
 
     s.type = "text/javascript";
-    s.dataset.name = "TokenSigning";
-    s.dataset.by = "Web-eID extension";
+    if (s.dataset) {
+      s.dataset.name = "TokenSigning";
+      s.dataset.by = "Web-eID extension";
+    } else {
+      s.setAttribute("data-name", "TokenSigning");
+      s.setAttribute("data-by", "Web-eID extension");
+    }
 
     if (browser.runtime.getManifest()["manifest_version"] >= 3) {
       s.src = browser.runtime.getURL("token-signing-page-script.js");
