2021-02-04 19:15:23 +01:00
|
|
|
import querystring from 'querystring';
|
|
|
|
import PortStream from 'extension-port-stream';
|
2022-03-18 20:07:05 +01:00
|
|
|
import browser from 'webextension-polyfill';
|
2021-03-18 19:23:46 +01:00
|
|
|
import createRandomId from '../../shared/modules/random-id';
|
2021-02-04 19:15:23 +01:00
|
|
|
import { setupMultiplex } from './lib/stream-utils';
|
|
|
|
import { getEnvironmentType } from './lib/util';
|
|
|
|
import ExtensionPlatform from './platforms/extension';
|
2018-10-02 02:00:40 +02:00
|
|
|
|
2021-02-04 19:15:23 +01:00
|
|
|
document.addEventListener('DOMContentLoaded', start);
|
2018-10-02 02:00:40 +02:00
|
|
|
|
2020-11-03 00:41:28 +01:00
|
|
|
function start() {
|
2021-02-04 19:15:23 +01:00
|
|
|
const hash = window.location.hash.substring(1);
|
|
|
|
const suspect = querystring.parse(hash);
|
2018-12-13 15:37:21 +01:00
|
|
|
|
2021-09-03 20:22:28 +02:00
|
|
|
const newIssueLink = document.getElementById('new-issue-link');
|
|
|
|
const newIssueUrl = `https://github.com/MetaMask/eth-phishing-detect/issues/new`;
|
|
|
|
const newIssueParams = `?title=[Legitimate%20Site%20Blocked]%20${encodeURIComponent(
|
|
|
|
suspect.hostname,
|
|
|
|
)}&body=${encodeURIComponent(suspect.href)}`;
|
|
|
|
newIssueLink.href = `${newIssueUrl}${newIssueParams}`;
|
2018-10-02 02:00:40 +02:00
|
|
|
|
2021-02-04 19:15:23 +01:00
|
|
|
global.platform = new ExtensionPlatform();
|
2018-10-02 02:00:40 +02:00
|
|
|
|
2022-03-18 20:07:05 +01:00
|
|
|
const extensionPort = browser.runtime.connect({
|
2020-11-03 00:41:28 +01:00
|
|
|
name: getEnvironmentType(),
|
2021-02-04 19:15:23 +01:00
|
|
|
});
|
|
|
|
const connectionStream = new PortStream(extensionPort);
|
|
|
|
const mx = setupMultiplex(connectionStream);
|
2021-03-18 19:23:46 +01:00
|
|
|
const backgroundConnection = mx.createStream('controller');
|
|
|
|
const continueLink = document.getElementById('unsafe-continue');
|
|
|
|
continueLink.addEventListener('click', () => {
|
|
|
|
backgroundConnection.write({
|
|
|
|
jsonrpc: '2.0',
|
|
|
|
method: 'safelistPhishingDomain',
|
|
|
|
params: [suspect.hostname],
|
|
|
|
id: createRandomId(),
|
|
|
|
});
|
2022-05-02 23:23:20 +02:00
|
|
|
const redirectTarget = new URL(suspect.href, window.location.href);
|
|
|
|
// validate redirect url
|
2022-05-03 18:35:40 +02:00
|
|
|
const invalidProtocol = !['https:', 'http:'].includes(
|
|
|
|
redirectTarget.protocol,
|
|
|
|
);
|
2022-05-02 23:23:20 +02:00
|
|
|
// if in valid, show warning and abort
|
|
|
|
if (invalidProtocol) {
|
|
|
|
// we intentionally dont display to the user any potential attacker-written content here
|
|
|
|
console.error(`Invalid redirect url.`);
|
|
|
|
return;
|
2022-05-03 18:35:40 +02:00
|
|
|
}
|
2022-05-02 23:23:20 +02:00
|
|
|
// use the validated url instance
|
|
|
|
window.location.href = redirectTarget.href;
|
2021-03-18 19:23:46 +01:00
|
|
|
});
|
2018-10-02 02:00:40 +02:00
|
|
|
}
|