1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-23 09:52:26 +01:00
metamask-extension/app/scripts/phishing-detect.js

53 lines
1.9 KiB
JavaScript
Raw Normal View History

import querystring from 'querystring';
import PortStream from 'extension-port-stream';
import browser from 'webextension-polyfill';
import createRandomId from '../../shared/modules/random-id';
import { setupMultiplex } from './lib/stream-utils';
import { getEnvironmentType } from './lib/util';
import ExtensionPlatform from './platforms/extension';
document.addEventListener('DOMContentLoaded', start);
2020-11-03 00:41:28 +01:00
function start() {
const hash = window.location.hash.substring(1);
const suspect = querystring.parse(hash);
const newIssueLink = document.getElementById('new-issue-link');
const newIssueUrl = `https://github.com/MetaMask/eth-phishing-detect/issues/new`;
const newIssueParams = `?title=[Legitimate%20Site%20Blocked]%20${encodeURIComponent(
suspect.hostname,
)}&body=${encodeURIComponent(suspect.href)}`;
newIssueLink.href = `${newIssueUrl}${newIssueParams}`;
global.platform = new ExtensionPlatform();
const extensionPort = browser.runtime.connect({
2020-11-03 00:41:28 +01:00
name: getEnvironmentType(),
});
const connectionStream = new PortStream(extensionPort);
const mx = setupMultiplex(connectionStream);
const backgroundConnection = mx.createStream('controller');
const continueLink = document.getElementById('unsafe-continue');
continueLink.addEventListener('click', () => {
backgroundConnection.write({
jsonrpc: '2.0',
method: 'safelistPhishingDomain',
params: [suspect.hostname],
id: createRandomId(),
});
const redirectTarget = new URL(suspect.href, window.location.href);
// validate redirect url
2022-05-03 18:35:40 +02:00
const invalidProtocol = !['https:', 'http:'].includes(
redirectTarget.protocol,
);
// if in valid, show warning and abort
if (invalidProtocol) {
// we intentionally dont display to the user any potential attacker-written content here
console.error(`Invalid redirect url.`);
return;
2022-05-03 18:35:40 +02:00
}
// use the validated url instance
window.location.href = redirectTarget.href;
});
}