1
0
mirror of https://github.com/kremalicious/metamask-extension.git synced 2024-12-22 17:33:23 +01:00

Inject Script: Blacklist domains where not to inject script

Put a blacklist domain check where if the page url is in the list
of blacklisted domains, we shouldn't inject script in that web page.
This commit is contained in:
Saptak Sengupta 2018-03-16 11:20:34 +05:30
parent e2efc91aee
commit 6174c00c10
No known key found for this signature in database
GPG Key ID: B4A863E36FF55696

View File

@ -96,7 +96,8 @@ function logStreamDisconnectWarning (remoteLabel, err) {
}
function shouldInjectWeb3 () {
return doctypeCheck() && suffixCheck() && documentElementCheck()
return doctypeCheck() && suffixCheck()
&& documentElementCheck() && !blacklistedDomainCheck()
}
function doctypeCheck () {
@ -129,6 +130,20 @@ function documentElementCheck () {
return true
}
function blacklistedDomainCheck () {
var blacklistedDomains = ['uscourts.gov', 'dropbox.com']
var currentUrl = window.location.href
var currentRegex
for (let i = 0; i < blacklistedDomains.length; i++) {
const blacklistedDomain = blacklistedDomains[i].replace('.', '\\.')
currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blacklistedDomain}).)*$`)
if (!currentRegex.test(currentUrl)) {
return true
}
}
return false
}
function redirectToPhishingWarning () {
console.log('MetaMask - redirecting to phishing warning')
window.location.href = 'https://metamask.io/phishing.html'