From 66ddfcbecc6478f20ac3d9e50d66872e29bd4695 Mon Sep 17 00:00:00 2001 From: hackademix Date: Wed, 22 Aug 2018 18:02:44 +0200 Subject: Fix: Sites.domainImplies() should match subdomains. --- src/common/Policy.js | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) (limited to 'src/common') diff --git a/src/common/Policy.js b/src/common/Policy.js index 24c3179..dae369a 100644 --- a/src/common/Policy.js +++ b/src/common/Policy.js @@ -25,13 +25,14 @@ var {Permissions, Policy, Sites} = (() => { static originImplies(originKey, site) { return originKey === site || site.startsWith(`${originKey}/`); } - static domainImplies(domainKey, site, protocol = null) { - if (!protocol) { - return (Sites.isSecureDomainKey(domainKey)) - ? Sites.domainImplies(Sites.toggleSecureDomainKey(domainKey, false), site, "https") - : ["http", "https"].some(protocol => Sites.domainImplies(domainKey, site, protocol)); + + static domainImplies(domainKey, site, protocol ="https?") { + if (Sites.isSecureDomainKey(domainKey)) { + protocol = "https"; + domainKey = Sites.toggleSecureDomainKey(domainKey, false); } - return Sites.originImplies(`${protocol}://${domainKey}`, site); + return new RegExp(`^${protocol}://([^/?#:]+\\.)?${domainKey.replace(/\./g, "\\.")}(?:[:/]|$)`) + .test(site); } static isImplied(site, byKey) { -- cgit v1.2.3