def render(self, context):
add_resource(context, "body_start", "://example.com/js.js")
add_resource(context, "body_start", "://foo/fuzz.png")
add_resource(context, "head_end", "://example.com/css.css")
add_resource(context, "body_end", InlineScriptResource("alert('xss')"))
add_resource(
context, "head_end",
InlineScriptResource.from_vars("foos", {"bars": (1, 2, 3)}))
add_resource(context, "head_end",
InlineMarkupResource(self.meta_markup))
add_resource(context, "head_end",
InlineMarkupResource(self.meta_markup)) # Test duplicates
add_resource(context, "head_end", "") # Test the no-op branch
return self.message
def add_test_injection(context, content):
add_resource(context, "body_end",
InlineScriptResource("window.injectedFromAddon=true;"))
