diff options
Merge pull request #736 from MetaMask/i735-xmlfix
Prevent injections on XML
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | app/scripts/contentscript.js | 16 |
2 files changed, 15 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index cfbc0cf76..21c501edd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ ## Current Master +- Fix bug where web3 was being injected into XML files. - Add a custom transaction fee field to send form. ## 2.13.3 2016-10-4 diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js index 3ad145e3e..e2a968ac9 100644 --- a/app/scripts/contentscript.js +++ b/app/scripts/contentscript.js @@ -69,6 +69,18 @@ function setupStreams(){ } function shouldInjectWeb3(){ - var shouldInject = (window.location.href.indexOf('.pdf') === -1) - return shouldInject + return isAllowedSuffix(window.location.href) +} + +function isAllowedSuffix(testCase) { + var prohibitedTypes = ['xml', 'pdf'] + var currentUrl = window.location.href + var currentRegex + for (let i = 0; i < prohibitedTypes.length; i++) { + currentRegex = new RegExp(`\.${prohibitedTypes[i]}$`) + if (currentRegex.test(currentUrl)) { + return false + } + } + return true } |