diff options
| author | Kevin Serrano <kevgagser@gmail.com> | 2016-10-16 06:33:49 +0800 |
|---|---|---|
| committer | Kevin Serrano <kevgagser@gmail.com> | 2016-10-16 06:33:49 +0800 |
| commit | 8a5eacd35fd44107c1c539011eb99f2b4263948a (patch) | |
| tree | de018ef4d2d10cb129f7e86add1f53d0ff1fe8af /app | |
| parent | 8d5b2478e3aa939cb4b0a58b20b199cded62769e (diff) | |
| download | tangerine-wallet-browser-8a5eacd35fd44107c1c539011eb99f2b4263948a.tar tangerine-wallet-browser-8a5eacd35fd44107c1c539011eb99f2b4263948a.tar.gz tangerine-wallet-browser-8a5eacd35fd44107c1c539011eb99f2b4263948a.tar.bz2 tangerine-wallet-browser-8a5eacd35fd44107c1c539011eb99f2b4263948a.tar.lz tangerine-wallet-browser-8a5eacd35fd44107c1c539011eb99f2b4263948a.tar.xz tangerine-wallet-browser-8a5eacd35fd44107c1c539011eb99f2b4263948a.tar.zst tangerine-wallet-browser-8a5eacd35fd44107c1c539011eb99f2b4263948a.zip | |
Prevent XML from web3 injections.
Diffstat (limited to 'app')
| -rw-r--r-- | app/scripts/contentscript.js | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js index 3ad145e3e..7b721c675 100644 --- a/app/scripts/contentscript.js +++ b/app/scripts/contentscript.js @@ -69,6 +69,18 @@ function setupStreams(){ } function shouldInjectWeb3(){ - var shouldInject = (window.location.href.indexOf('.pdf') === -1) - return shouldInject + return isAllowedSuffix(window.location.href) +} + +function isAllowedSuffix(testCase) { + var prohibitedTypes = ['xml','pdf'] + var currentUrl = window.location.href + var currentRegex + for (let i = 0; i < prohibitedTypes.length; i++) { + currentRegex = new RegExp(`\.${prohibitedTypes[i]}$`) + if (currentRegex.test(currentUrl)) { + return false + } + } + return true } |