metamask-extension/shared/modules/provider-injection.js

/**
 * Determines if the provider should be injected
 *
 * @returns {boolean} {@code true} Whether the provider should be injected
 */
export default function shouldInjectProvider() {
  return (
    doctypeCheck() &&
    suffixCheck() &&
    documentElementCheck() &&
    !blockedDomainCheck()
  );
}

/**
 * Checks the doctype of the current document if it exists
 *
 * @returns {boolean} {@code true} if the doctype is html or if none exists
 */
function doctypeCheck() {
  const { doctype } = window.document;
  if (doctype) {
    return doctype.name === 'html';
  }
  return true;
}

/**
 * Returns whether or not the extension (suffix) of the current document is prohibited
 *
 * This checks {@code window.location.pathname} against a set of file extensions
 * that we should not inject the provider into. This check is indifferent of
 * query parameters in the location.
 *
 * @returns {boolean} whether or not the extension of the current document is prohibited
 */
function suffixCheck() {
  const prohibitedTypes = [/\.xml$/u, /\.pdf$/u];
  const currentUrl = window.location.pathname;
  for (let i = 0; i < prohibitedTypes.length; i++) {
    if (prohibitedTypes[i].test(currentUrl)) {
      return false;
    }
  }
  return true;
}

/**
 * Checks the documentElement of the current document
 *
 * @returns {boolean} {@code true} if the documentElement is an html node or if none exists
 */
function documentElementCheck() {
  const documentElement = document.documentElement.nodeName;
  if (documentElement) {
    return documentElement.toLowerCase() === 'html';
  }
  return true;
}

/**
 * Checks if the current domain is blocked
 *
 * @returns {boolean} {@code true} if the current domain is blocked
 */
function blockedDomainCheck() {
  const blockedDomains = [
    'execution.metamask.io',
    'uscourts.gov',
    'dropbox.com',
    'webbyawards.com',
    'cdn.shopify.com/s/javascripts/tricorder/xtld-read-only-frame.html',
    'adyen.com',
    'gravityforms.com',
    'harbourair.com',
    'ani.gamer.com.tw',
    'blueskybooking.com',
    'sharefile.com',
  ];
  const currentUrl = window.location.href;
  let currentRegex;
  for (let i = 0; i < blockedDomains.length; i++) {
    const blockedDomain = blockedDomains[i].replace('.', '\\.');
    currentRegex = new RegExp(
      `(?:https?:\\/\\/)(?:(?!${blockedDomain}).)*$`,
      'u',
    );
    if (!currentRegex.test(currentUrl)) {
      return true;
    }
  }
  return false;
}
Fix #14846 - Inject provider for MV3 via app-init (#15448) 2022-08-15 18:26:13 +02:00			`/**`
			`* Determines if the provider should be injected`
			`*`
			`* @returns {boolean} {@code true} Whether the provider should be injected`
			`*/`
			`export default function shouldInjectProvider() {`
			`return (`
			`doctypeCheck() &&`
			`suffixCheck() &&`
			`documentElementCheck() &&`
			`!blockedDomainCheck()`
			`);`
			`}`

			`/**`
			`* Checks the doctype of the current document if it exists`
			`*`
			`* @returns {boolean} {@code true} if the doctype is html or if none exists`
			`*/`
			`function doctypeCheck() {`
			`const { doctype } = window.document;`
			`if (doctype) {`
			`return doctype.name === 'html';`
			`}`
			`return true;`
			`}`

			`/**`
			`* Returns whether or not the extension (suffix) of the current document is prohibited`
			`*`
			`* This checks {@code window.location.pathname} against a set of file extensions`
			`* that we should not inject the provider into. This check is indifferent of`
			`* query parameters in the location.`
			`*`
			`* @returns {boolean} whether or not the extension of the current document is prohibited`
			`*/`
			`function suffixCheck() {`
			`const prohibitedTypes = [/\.xml$/u, /\.pdf$/u];`
			`const currentUrl = window.location.pathname;`
			`for (let i = 0; i < prohibitedTypes.length; i++) {`
			`if (prohibitedTypes[i].test(currentUrl)) {`
			`return false;`
			`}`
			`}`
			`return true;`
			`}`

			`/**`
			`* Checks the documentElement of the current document`
			`*`
			`* @returns {boolean} {@code true} if the documentElement is an html node or if none exists`
			`*/`
			`function documentElementCheck() {`
			`const documentElement = document.documentElement.nodeName;`
			`if (documentElement) {`
			`return documentElement.toLowerCase() === 'html';`
			`}`
			`return true;`
			`}`

			`/**`
			`* Checks if the current domain is blocked`
			`*`
			`* @returns {boolean} {@code true} if the current domain is blocked`
			`*/`
			`function blockedDomainCheck() {`
			`const blockedDomains = [`
Skip injection on snaps iframe (#19096) * skip injection on snaps iframe * escape periods from regex block list These values are used as regex inputs, so plain periods are wild characters, and mean these can be interpreted as more domains than intended. * remove period escaping It's already escaped below. Whoops! Bad AI advice! 2023-05-15 11:39:48 +02:00			`'execution.metamask.io',`
Fix #14846 - Inject provider for MV3 via app-init (#15448) 2022-08-15 18:26:13 +02:00			`'uscourts.gov',`
			`'dropbox.com',`
			`'webbyawards.com',`
			`'cdn.shopify.com/s/javascripts/tricorder/xtld-read-only-frame.html',`
			`'adyen.com',`
			`'gravityforms.com',`
			`'harbourair.com',`
			`'ani.gamer.com.tw',`
			`'blueskybooking.com',`
			`'sharefile.com',`
			`];`
			`const currentUrl = window.location.href;`
			`let currentRegex;`
			`for (let i = 0; i < blockedDomains.length; i++) {`
			`const blockedDomain = blockedDomains[i].replace('.', '\\.');`
			`currentRegex = new RegExp(`
			`(?:https?:\\/\\/)(?:(?!${blockedDomain}).)*$`,
			`'u',`
			`);`
			`if (!currentRegex.test(currentUrl)) {`
			`return true;`
			`}`
			`}`
			`return false;`
			`}`