fix: ensure dots in content script patterns aren't used as wildcards (#17593)

* fix: ensure dots in content script patterns aren't used as wildcards

* chore: sanitise all regexp special chars

* chore: extract to helper

* chore: fixup helper
This commit is contained in:
Samuel Attard 2019-03-28 14:03:37 -07:00 committed by GitHub
parent 32c9597cbc
commit 953d1ea635
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -21,11 +21,15 @@ const getIsolatedWorldIdForInstance = () => {
return isolatedWorldIds++ return isolatedWorldIds++
} }
const escapePattern = function (pattern: string) {
return pattern.replace(/[\\^$+?.()|[\]{}]/g, '\\$&')
}
// Check whether pattern matches. // Check whether pattern matches.
// https://developer.chrome.com/extensions/match_patterns // https://developer.chrome.com/extensions/match_patterns
const matchesPattern = function (pattern: string) { const matchesPattern = function (pattern: string) {
if (pattern === '<all_urls>') return true if (pattern === '<all_urls>') return true
const regexp = new RegExp(`^${pattern.replace(/\*/g, '.*')}$`) const regexp = new RegExp(`^${pattern.split('*').map(escapePattern).join('.*')}$`)
const url = `${location.protocol}//${location.host}${location.pathname}` const url = `${location.protocol}//${location.host}${location.pathname}`
return url.match(regexp) return url.match(regexp)
} }