From 8a5eacd35fd44107c1c539011eb99f2b4263948a Mon Sep 17 00:00:00 2001
From: Kevin Serrano <kevgagser@gmail.com>
Date: Sat, 15 Oct 2016 15:33:49 -0700
Subject: [PATCH 1/3] Prevent XML from web3 injections.

---
 app/scripts/contentscript.js | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js
index 3ad145e3e..7b721c675 100644
--- a/app/scripts/contentscript.js
+++ b/app/scripts/contentscript.js
@@ -69,6 +69,18 @@ function setupStreams(){
 }
 
 function shouldInjectWeb3(){
-  var shouldInject = (window.location.href.indexOf('.pdf') === -1)
-  return shouldInject
+  return isAllowedSuffix(window.location.href)
+}
+
+function isAllowedSuffix(testCase) {
+  var prohibitedTypes = ['xml','pdf']
+  var currentUrl = window.location.href
+  var currentRegex
+  for (let i = 0; i < prohibitedTypes.length; i++) {
+    currentRegex = new RegExp(`\.${prohibitedTypes[i]}$`)
+    if (currentRegex.test(currentUrl)) {
+      return false
+    }
+  }
+  return true
 }

From 91a8977d27c221b34bc6817f0013e21eab705d76 Mon Sep 17 00:00:00 2001
From: Kevin Serrano <kevgagser@gmail.com>
Date: Sat, 15 Oct 2016 15:33:55 -0700
Subject: [PATCH 2/3] Bump changelog.

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8aafb47df..a3577d46f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## Current Master
 
+- Fix bug where web3 was being injected into XML files.
+
 ## 2.13.3 2016-10-4
 
 - Fix bug where log queries were filtered out.

From 0d495372dac180018e59ebfa3256f5376d2de90e Mon Sep 17 00:00:00 2001
From: Kevin Serrano <kevgagser@gmail.com>
Date: Sat, 15 Oct 2016 15:41:24 -0700
Subject: [PATCH 3/3] Lint.

---
 app/scripts/contentscript.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/scripts/contentscript.js b/app/scripts/contentscript.js
index 7b721c675..e2a968ac9 100644
--- a/app/scripts/contentscript.js
+++ b/app/scripts/contentscript.js
@@ -73,7 +73,7 @@ function shouldInjectWeb3(){
 }
 
 function isAllowedSuffix(testCase) {
-  var prohibitedTypes = ['xml','pdf']
+  var prohibitedTypes = ['xml', 'pdf']
   var currentUrl = window.location.href
   var currentRegex
   for (let i = 0; i < prohibitedTypes.length; i++) {