aboutsummaryrefslogtreecommitdiffstats
path: root/app/scripts
diff options
context:
space:
mode:
authorThomas Huang <tmashuang@users.noreply.github.com>2017-12-15 03:34:21 +0800
committerGitHub <noreply@github.com>2017-12-15 03:34:21 +0800
commitfb5edfe69e02b1a71c7440b1b871d70acf18e729 (patch)
tree7af31d9901a5e1545b39ab1c6389161f091898b5 /app/scripts
parent6843a79fe9498e4bec5b5eab9f95b7b8735f9c88 (diff)
parent03f86acd60655cf73a8f52dbe503df71e9d2b718 (diff)
downloadtangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar
tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.gz
tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.bz2
tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.lz
tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.xz
tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.tar.zst
tangerine-wallet-browser-fb5edfe69e02b1a71c7440b1b871d70acf18e729.zip
Merge pull request #2662 from williamchong007/master
fix #1398, prevent injecting xml without xml suffix
Diffstat (limited to 'app/scripts')
-rw-r--r--app/scripts/contentscript.js12
1 files changed, 10 insertions, 2 deletions
diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js
index ffbbc73cc..2ed7c87b6 100644
--- a/app/scripts/contentscript.js
+++ b/app/scripts/contentscript.js
@@ -96,7 +96,7 @@ function logStreamDisconnectWarning (remoteLabel, err) {
}
function shouldInjectWeb3 () {
- return doctypeCheck() || suffixCheck()
+ return doctypeCheck() && suffixCheck() && documentElementCheck()
}
function doctypeCheck () {
@@ -104,7 +104,7 @@ function doctypeCheck () {
if (doctype) {
return doctype.name === 'html'
} else {
- return false
+ return true
}
}
@@ -121,6 +121,14 @@ function suffixCheck () {
return true
}
+function documentElementCheck () {
+ var documentElement = document.documentElement.nodeName
+ if (documentElement) {
+ return documentElement.toLowerCase() === 'html'
+ }
+ return true
+}
+
function redirectToPhishingWarning () {
console.log('MetaMask - redirecting to phishing warning')
window.location.href = 'https://metamask.io/phishing.html'