umatrix-ua-spoofer JS is sometimes inserted into visible page content

[kannes]

I noticed a snippet inserted in http://geodienste-hamburg.de/HH_WFS_Strassenverkehr?REQUEST=GetCapabilities&SERVICE=WFS

...
</ows:OperationsMetadata>
<script id="umatrix-ua-spoofer">
;(function() { try { /* https://github.com/gorhill/uMatrix/issues/61#issuecomment-63814351 */ var navigator = window.navigator; var spoofedUserAgent = "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36"; if ( spoofedUserAgent === navigator.userAgent ) { return; } var pos = spoofedUserAgent.indexOf('/'); var appName = pos === -1 ? '' : spoofedUserAgent.slice(0, pos); var appVersion = pos === -1 ? spoofedUserAgent : spoofedUserAgent.slice(pos + 1); Object.defineProperty(navigator, 'userAgent', { get: function(){ return spoofedUserAgent; } }); Object.defineProperty(navigator, 'appName', { get: function(){ return appName; } }); Object.defineProperty(navigator, 'appVersion', { get: function(){ return appVersion; } }); } catch (e) { } })();
</script>
<wfs:FeatureTypeList>
<wfs:FeatureType>
<wfs:Name>BSU_IB_Strassenverkehr:Strassenverkehr_Lnight_2012</wfs:Name>
...

I can not reliably reproduce this. Sometimes it is there but mostly it is not.
Version 39.0.2171.95 (64-bit) on Archlinux. uMatrix0.8.1.1

[gorhill]

Ok, this is an XML document, so the script to spoof the UA should not be injected in anything else than HTML documents I guess. Not sure though... is there anything else than text/html and text/xhtml into which to spoofing code should be injected?

[gorhill]

Should be fixed with changes in ed67045.