Blocking JavaScript does not work in local html files (file://...) if the character encoding is not specified.

[achvo]

Prerequisites

• [x] I performed a cursory search of the issue tracker to avoid opening a duplicate issue
  • Your issue may already be reported.
  • [x] I also searched the existing issues at https://github.com/gorhill/uMatrix/issues
• [x] This is not a support issue or a question
  • Support issues and questions are handled at /r/uMatrix
• I tried to reproduce the issue when...
  • [x] uMatrix is the only extension
  • [x] uMatrix with default lists/settings
  • [x] using a new, unmodified browser profile
• [x] I am running the latest version of uMatrix
• [x] I checked the documentation to understand that the issue I report is not a normal behavior
• [x] I used the logger to rule out that the issue is caused by my ruleset

Description

Blocking JavaScript does not work in local html files (file://...) if the character encoding is not specified. This bug does not occur if the character encoding is specified.

A specific URL where the issue occurs

See Steps to Reproduce.

Steps to Reproduce

1. Block JavaScript in uMatrix completely. Rule: * * script block
2. Create the following local html file:

   <!DOCTYPE html>
   <html lang="en">
       <head>
           <!-- Do not specify character encoding <meta charset="UTF-8"> -->
           <title>Test</title>
       </head>
       <body>
           <h1>Is JavaScript being executed?</h1>
           <h1 id='answer'>No, it is not.</h1>
           <script>document.getElementById('answer').innerText = 'Yes, it is.'</script>
       </body>
   </html>

3. Open the local html file in Firefox (file://pathToFile/test.html).
4. Reload page (F5).
5. Blocking does not work and JavaScript is being executed.

Ruleset

Default + * * script block

Supporting evidence

Your environment

• uMatrix version: 1.4.0
• Browser Name and version: Firefox 77.0.1
• Operating System and version: Ubuntu 18.04 LTS

[gorhill]

I can reproduce.

It's not even about the character encoding, just having an empty meta tag causes the CSP directive to take effect. This looks like a Firefox issue to me, whether the CSP directive takes effect or not should not depend on the existence of another meta tag.