From 8a5eacd35fd44107c1c539011eb99f2b4263948a Mon Sep 17 00:00:00 2001
From: Kevin Serrano <kevgagser@gmail.com>
Date: Sat, 15 Oct 2016 15:33:49 -0700
Subject: [PATCH] Prevent XML from web3 injections.

---
 app/scripts/contentscript.js | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js
index 3ad145e3e..7b721c675 100644
--- a/app/scripts/contentscript.js
+++ b/app/scripts/contentscript.js
@@ -69,6 +69,18 @@ function setupStreams(){
 }
 
 function shouldInjectWeb3(){
-  var shouldInject = (window.location.href.indexOf('.pdf') === -1)
-  return shouldInject
+  return isAllowedSuffix(window.location.href)
+}
+
+function isAllowedSuffix(testCase) {
+  var prohibitedTypes = ['xml','pdf']
+  var currentUrl = window.location.href
+  var currentRegex
+  for (let i = 0; i < prohibitedTypes.length; i++) {
+    currentRegex = new RegExp(`\.${prohibitedTypes[i]}$`)
+    if (currentRegex.test(currentUrl)) {
+      return false
+    }
+  }
+  return true
 }