Implement a temporary list of tainted domains

e3d9163f · Thomas Rientjes · deed173d · e3d9163f
Verified Commit e3d9163f authored 7 years ago by Thomas Rientjes
--- a/core/interceptor.js
+++ b/core/interceptor.js
@@ -31,7 +31,7 @@ const HTTP_EXPRESSION = /^http?:\/\//;

 interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {

-    let validCandidate, targetDetails, targetPath;
+    let validCandidate, tabDomain, targetDetails, targetPath;

    validCandidate = requestAnalyzer.isValidCandidate(requestDetails, tab);

@@ -42,6 +42,31 @@ interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
        };
    }

+    try {
+        tabDomain = tab.url.match(WEB_DOMAIN_EXPRESSION)[1];
+        tabDomain = requestAnalyzer._normalizeDomain(tabDomain);
+    } catch (exception) {
+        tabDomain = 'example.org';
+    }
+
+    // Temporary list of undetectable tainted domains.
+    let undetectableTaintedDomains = {
+        'cdnjs.com': true,
+        'dropbox.com': true,
+        'minigames.mail.ru': true,
+        'report-uri.io': true,
+        'securityheaders.io': true,
+        'stefansundin.github.io': true,
+        'udacity.com': true
+    };
+
+    if (undetectableTaintedDomains[tabDomain] || /yandex\./.test(tabDomain)) {
+
+        if (tabDomain !== 'yandex.ru') {
+            return interceptor._handleMissingCandidate(requestDetails.url);
+        }
+    }
+
    targetDetails = requestAnalyzer.getLocalTarget(requestDetails);
    targetPath = targetDetails.path;