diff options
author | Thomas Huang <tmashuang@users.noreply.github.com> | 2017-12-15 03:34:21 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-15 03:34:21 +0800 |
commit | fb5edfe69e02b1a71c7440b1b871d70acf18e729 (patch) | |
tree | 7af31d9901a5e1545b39ab1c6389161f091898b5 /app/scripts | |
parent | 6843a79fe9498e4bec5b5eab9f95b7b8735f9c88 (diff) | |
parent | 03f86acd60655cf73a8f52dbe503df71e9d2b718 (diff) | |
download | tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.gz tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.bz2 tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.lz tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.xz tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.zst tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.zip |
Merge pull request #2662 from williamchong007/master
fix #1398, prevent injecting xml without xml suffix
Diffstat (limited to 'app/scripts')
-rw-r--r-- | app/scripts/contentscript.js | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js index ffbbc73cc..2ed7c87b6 100644 --- a/app/scripts/contentscript.js +++ b/app/scripts/contentscript.js @@ -96,7 +96,7 @@ function logStreamDisconnectWarning (remoteLabel, err) { } function shouldInjectWeb3 () { - return doctypeCheck() || suffixCheck() + return doctypeCheck() && suffixCheck() && documentElementCheck() } function doctypeCheck () { @@ -104,7 +104,7 @@ function doctypeCheck () { if (doctype) { return doctype.name === 'html' } else { - return false + return true } } @@ -121,6 +121,14 @@ function suffixCheck () { return true } +function documentElementCheck () { + var documentElement = document.documentElement.nodeName + if (documentElement) { + return documentElement.toLowerCase() === 'html' + } + return true +} + function redirectToPhishingWarning () { console.log('MetaMask - redirecting to phishing warning') window.location.href = 'https://metamask.io/phishing.html' |