diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/bg/ChildPolicies.js | 3 | ||||
-rw-r--r-- | src/common/Policy.js | 21 |
2 files changed, 22 insertions, 2 deletions
diff --git a/src/bg/ChildPolicies.js b/src/bg/ChildPolicies.js index 5b1b209..32abafe 100644 --- a/src/bg/ChildPolicies.js +++ b/src/bg/ChildPolicies.js @@ -111,11 +111,12 @@ // compute exclusions let permsMapEntries = [...permsMap]; let excludeMap = new Map(); + for (let [perms, keys] of permsMapEntries) { excludeMap.set(perms, siteKeys2MatchPatterns(flatten( permsMapEntries.filter(([other]) => other !== perms) .map(([otherPerms, otherKeys]) => otherKeys)) - .filter(k => k && k.includes("/")) + .filter(k => k && k.includes("/") && keys.some(by => Sites.isImplied(k, by))) )); } diff --git a/src/common/Policy.js b/src/common/Policy.js index 6adc2ae..24c3179 100644 --- a/src/common/Policy.js +++ b/src/common/Policy.js @@ -20,7 +20,26 @@ var {Permissions, Policy, Sites} = (() => { static isValid(site) { return /^(?:https?:(?:\/\/)?)?([\w\u0100-\uf000][\w\u0100-\uf000.-]*)?[\w\u0100-\uf000](?::\d+)?$/.test(site); } - + + + static originImplies(originKey, site) { + return originKey === site || site.startsWith(`${originKey}/`); + } + static domainImplies(domainKey, site, protocol = null) { + if (!protocol) { + return (Sites.isSecureDomainKey(domainKey)) + ? Sites.domainImplies(Sites.toggleSecureDomainKey(domainKey, false), site, "https") + : ["http", "https"].some(protocol => Sites.domainImplies(domainKey, site, protocol)); + } + return Sites.originImplies(`${protocol}://${domainKey}`, site); + } + + static isImplied(site, byKey) { + return byKey.includes("://") + ? Sites.originImplies(byKey, site) + : Sites.domainImplies(byKey, site); + } + static parse(site) { let url, siteKey = ""; if (site instanceof URL) { |