Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Tag inserted by the browser Brave before the head tag

i found a tag before the head tag on my webpage, inserted by the Brave browser. my question would the following run on my page if my content Content-Security-Policy doesn't allow run script's that doesn't have a valid nonce or integrity attribute. second question, the script asks to disable (disableDappDetectionInsertion)??? third what does this script do? this script has a attribute of "data-dapp-detection". it occurs after the window is blured for a while. no erros in the brave console either. Brave Version 1.10.97 Chromium: 83.0.4103.116 (Official Build) (64-bit)

(function() {
  let alreadyInsertedMetaTag = false

  function __insertDappDetected() {
    if (!alreadyInsertedMetaTag) {
      const meta = document.createElement('meta')
      meta.name = 'dapp-detected'
      document.head.appendChild(meta)
      alreadyInsertedMetaTag = true
    }
  }

  if (window.hasOwnProperty('web3')) {
    // Note a closure can't be used for this var because some sites like
    // www.wnyc.org do a second script execution via eval for some reason.
    window.__disableDappDetectionInsertion = true
    // Likely oldWeb3 is undefined and it has a property only because
    // we defined it. Some sites like wnyc.org are evaling all scripts
    // that exist again, so this is protection against multiple calls.
    if (window.web3 === undefined) {
      return
    }
    __insertDappDetected()
  } else {
    var oldWeb3 = window.web3
    Object.defineProperty(window, 'web3', {
      configurable: true,
      set: function (val) {
        if (!window.__disableDappDetectionInsertion)
          __insertDappDetected()
        oldWeb3 = val
      },
      get: function () {
        if (!window.__disableDappDetectionInsertion)
          __insertDappDetected()
        return oldWeb3
      }
    })
  }
})()
like image 935
Christian Feilert Avatar asked Jul 14 '20 17:07

Christian Feilert


1 Answers

Install the brave browser and go to this site to see what your CSP policy will allow or not. https://content-security-policy.com/browser-test/

As for the dapp-detection this site goes into more detail: https://www.howtogeek.com/449046/what-is-the-brave-browser-and-how-does-it-compare-to-chrome/

But in a nutshell... Brave uses BAT (Basic Attention Tokens) and comes with an ad blocker already installed (Brave Shields). BAT is based off the Etherium Blockchain and is their way of allowing ads and monetization while also respecting users privacy.

like image 182
John Avatar answered Oct 12 '22 09:10

John