Merge pull request #3590 from SaptakS/feature/whitelist

Inject Script: Blacklist domains where not to inject script
feature/default_network_editable
Dan Finlay 7 years ago committed by GitHub
commit 3bc8493166
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 17
      app/scripts/contentscript.js

@ -96,7 +96,8 @@ function logStreamDisconnectWarning (remoteLabel, err) {
}
function shouldInjectWeb3 () {
return doctypeCheck() && suffixCheck() && documentElementCheck()
return doctypeCheck() && suffixCheck()
&& documentElementCheck() && !blacklistedDomainCheck()
}
function doctypeCheck () {
@ -129,6 +130,20 @@ function documentElementCheck () {
return true
}
function blacklistedDomainCheck () {
var blacklistedDomains = ['uscourts.gov', 'dropbox.com']
var currentUrl = window.location.href
var currentRegex
for (let i = 0; i < blacklistedDomains.length; i++) {
const blacklistedDomain = blacklistedDomains[i].replace('.', '\\.')
currentRegex = new RegExp(`(?:https?:\\/\\/)(?:(?!${blacklistedDomain}).)*$`)
if (!currentRegex.test(currentUrl)) {
return true
}
}
return false
}
function redirectToPhishingWarning () {
console.log('MetaMask - redirecting to phishing warning')
window.location.href = 'https://metamask.io/phishing.html'

Loading…
Cancel
Save