poanetwork
/
nifty-wallet
mirror of https://github.com/poanetwork/nifty-wallet.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Prevent XML from web3 injections.

This commit is contained in:
Kevin Serrano 2016-10-15 15:33:49 -07:00
parent 8d5b2478e3
commit 8a5eacd35f
No known key found for this signature in database
GPG Key ID: 7CC862A58D2889B4
1 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
app/scripts/contentscript.js
View File

@ -69,6 +69,18 @@ function setupStreams(){
}
function shouldInjectWeb3(){
var shouldInject = (window.location.href.indexOf('.pdf') === -1)
return shouldInject
return isAllowedSuffix(window.location.href)
}
function isAllowedSuffix(testCase) {
var prohibitedTypes = ['xml','pdf']
var currentUrl = window.location.href
var currentRegex
for (let i = 0; i < prohibitedTypes.length; i++) {
currentRegex = new RegExp(`\.${prohibitedTypes[i]}$`)
if (currentRegex.test(currentUrl)) {
return false
}
}
return true
}