Verified Commit e3d9163f authored by Thomas Rientjes's avatar Thomas Rientjes
Browse files

Implement a temporary list of tainted domains

parent deed173d
......@@ -31,7 +31,7 @@ const HTTP_EXPRESSION = /^http?:\/\//;
interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
let validCandidate, targetDetails, targetPath;
let validCandidate, tabDomain, targetDetails, targetPath;
validCandidate = requestAnalyzer.isValidCandidate(requestDetails, tab);
......@@ -42,6 +42,31 @@ interceptor.handleRequest = function (requestDetails, tabIdentifier, tab) {
};
}
try {
tabDomain = tab.url.match(WEB_DOMAIN_EXPRESSION)[1];
tabDomain = requestAnalyzer._normalizeDomain(tabDomain);
} catch (exception) {
tabDomain = 'example.org';
}
// Temporary list of undetectable tainted domains.
let undetectableTaintedDomains = {
'cdnjs.com': true,
'dropbox.com': true,
'minigames.mail.ru': true,
'report-uri.io': true,
'securityheaders.io': true,
'stefansundin.github.io': true,
'udacity.com': true
};
if (undetectableTaintedDomains[tabDomain] || /yandex\./.test(tabDomain)) {
if (tabDomain !== 'yandex.ru') {
return interceptor._handleMissingCandidate(requestDetails.url);
}
}
targetDetails = requestAnalyzer.getLocalTarget(requestDetails);
targetPath = targetDetails.path;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment