Merge pull request #736 from MetaMask/i735-xmlfix

Prevent injections on XML

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## Current Master
 
+- Fix bug where web3 was being injected into XML files.
 - Add a custom transaction fee field to send form.
 
 ## 2.13.3 2016-10-4

app/scripts/contentscript.js

@@ -69,6 +69,18 @@ function setupStreams(){
 }
 
 function shouldInjectWeb3(){
-  var shouldInject = (window.location.href.indexOf('.pdf') === -1)
-  return shouldInject
+  return isAllowedSuffix(window.location.href)
+}
+
+function isAllowedSuffix(testCase) {
+  var prohibitedTypes = ['xml', 'pdf']
+  var currentUrl = window.location.href
+  var currentRegex
+  for (let i = 0; i < prohibitedTypes.length; i++) {
+    currentRegex = new RegExp(`\.${prohibitedTypes[i]}$`)
+    if (currentRegex.test(currentUrl)) {
+      return false
+    }
+  }
+  return true
 }