Merge pull request #3590 from SaptakS/feature/whitelist

Inject Script: Blacklist domains where not to inject script

1 files changed, 16 insertions, 1 deletions

diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js
index 2ed7c87b6..7abbc60e7 100644
--- a/app/scripts/contentscript.js
+++ b/app/scripts/contentscript.js
@@ -96,7 +96,8 @@ function logStreamDisconnectWarning (remoteLabel, err) {
 }
 
 function shouldInjectWeb3 () {
-  return doctypeCheck() && suffixCheck() && documentElementCheck()
+  return doctypeCheck() && suffixCheck() 
+    && documentElementCheck() && !blacklistedDomainCheck()
 }
 
 function doctypeCheck () {
@@ -129,6 +130,20 @@ function documentElementCheck () {
   return true
 }
 
+function blacklistedDomainCheck () {
+  var blacklistedDomains = ['uscourts.gov', 'dropbox.com']
+  var currentUrl = window.location.href
+  var currentRegex
+  for (let i = 0; i < blacklistedDomains.length; i++) {
+    const blacklistedDomain = blacklistedDomains[i].replace('.', '\\.')
+    currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blacklistedDomain}).)*$`)
+    if (!currentRegex.test(currentUrl)) {
+      return true
+    }
+  }
+  return false
+}
+
 function redirectToPhishingWarning () {
   console.log('MetaMask - redirecting to phishing warning')
   window.location.href = 'https://metamask.io/phishing.html'