diff options
author | hackademix | 2018-08-22 18:02:44 +0200 |
---|---|---|
committer | hackademix | 2018-08-22 18:02:44 +0200 |
commit | 66ddfcbecc6478f20ac3d9e50d66872e29bd4695 (patch) | |
tree | 3abcfb0b110c21d870a5fbf86e85b6ad5c0a6307 /src/common | |
parent | 075a5ad0e0f9b4f9af614194d9c8d21d0ed45184 (diff) | |
download | noscript-66ddfcbecc6478f20ac3d9e50d66872e29bd4695.tar.gz noscript-66ddfcbecc6478f20ac3d9e50d66872e29bd4695.tar.xz noscript-66ddfcbecc6478f20ac3d9e50d66872e29bd4695.zip |
Fix: Sites.domainImplies() should match subdomains.
Diffstat (limited to 'src/common')
-rw-r--r-- | src/common/Policy.js | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/common/Policy.js b/src/common/Policy.js index 24c3179..dae369a 100644 --- a/src/common/Policy.js +++ b/src/common/Policy.js @@ -25,13 +25,14 @@ var {Permissions, Policy, Sites} = (() => { static originImplies(originKey, site) { return originKey === site || site.startsWith(`${originKey}/`); } - static domainImplies(domainKey, site, protocol = null) { - if (!protocol) { - return (Sites.isSecureDomainKey(domainKey)) - ? Sites.domainImplies(Sites.toggleSecureDomainKey(domainKey, false), site, "https") - : ["http", "https"].some(protocol => Sites.domainImplies(domainKey, site, protocol)); + + static domainImplies(domainKey, site, protocol ="https?") { + if (Sites.isSecureDomainKey(domainKey)) { + protocol = "https"; + domainKey = Sites.toggleSecureDomainKey(domainKey, false); } - return Sites.originImplies(`${protocol}://${domainKey}`, site); + return new RegExp(`^${protocol}://([^/?#:]+\\.)?${domainKey.replace(/\./g, "\\.")}(?:[:/]|$)`) + .test(site); } static isImplied(site, byKey) { |