From 2c437ecdac78a0e88a678dd7ea310bc5885b878b Mon Sep 17 00:00:00 2001 From: Jonty Wareing Date: Mon, 23 Jan 2012 12:44:01 +0000 Subject: [PATCH] Only match FB domains in the hostname. This prevents false positives where FB strings appear as subdomains or in the query string. --- firefox/chrome/content/overlay.js | 16 ++++---------- webkit/fbdc.safariextension/chrome/content.js | 21 +++++++------------ 2 files changed, 11 insertions(+), 26 deletions(-) diff --git a/firefox/chrome/content/overlay.js b/firefox/chrome/content/overlay.js index 378eae9..0a0e0c7 100644 --- a/firefox/chrome/content/overlay.js +++ b/firefox/chrome/content/overlay.js @@ -18,6 +18,7 @@ Authors (one per line): Brian Kennish + Jonty Wareing */ /* The XPCOM interfaces. */ @@ -25,16 +26,7 @@ const FACEBOOK_INTERFACES = Components.interfaces; /* The domain names Facebook phones home with, lowercased. */ const FACEBOOK_DOMAINS = ['facebook.com', 'facebook.net', 'fbcdn.net']; - -/* - Determines whether any of a bucket of domains is part of a URL, regex free. -*/ -function isMatching(url, domains) { - const DOMAIN_COUNT = domains.length; - for (var i = 0; i < DOMAIN_COUNT; i++) - if (url.toLowerCase().indexOf(domains[i], 2) >= 2) return true; - // A valid URL has at least two characters ("//"), then the domain. -} +const FACEBOOK_REGEX = RegExp('^https?://[^?/]*(' + FACEBOOK_DOMAINS.join('|') + ')[/?^]*', 'i'); /* Traps and selectively cancels a request. */ Components.classes['@mozilla.org/observer-service;1'] @@ -52,7 +44,7 @@ Components.classes['@mozilla.org/observer-service;1'] ); subject.referrer.ref; // HACK: The URL read otherwise outraces the window unload. - BROWSER && !isMatching(BROWSER.currentURI.spec, FACEBOOK_DOMAINS) && - isMatching(subject.URI.spec, FACEBOOK_DOMAINS) && + BROWSER && !BROWSER.currentURI.spec.match(FACEBOOK_REGEX) && + subject.URI.spec.match(FACEBOOK_REGEX) && subject.cancel(Components.results.NS_ERROR_ABORT); }}, 'http-on-modify-request', false); diff --git a/webkit/fbdc.safariextension/chrome/content.js b/webkit/fbdc.safariextension/chrome/content.js index 0dc4c05..6a028be 100644 --- a/webkit/fbdc.safariextension/chrome/content.js +++ b/webkit/fbdc.safariextension/chrome/content.js @@ -18,23 +18,16 @@ Authors (one per line): Brian Kennish + Jonty Wareing */ -/* The domain names Facebook phones home with, lowercased. */ -const DOMAINS = ['facebook.com', 'facebook.net', 'fbcdn.net']; - -/* - Determines whether any of a bucket of domains is part of a URL, regex free. -*/ -function isMatching(url, domains) { - const DOMAIN_COUNT = domains.length; - for (var i = 0; i < DOMAIN_COUNT; i++) - if (url.toLowerCase().indexOf(domains[i], 2) >= 2) return true; - // A valid URL has at least two characters ("//"), then the domain. -} +/* The domain names Facebook phones home with */ +const FACEBOOK_DOMAINS = ['facebook\.com', 'facebook\.net', 'fbcdn\.net']; +const FACEBOOK_REGEX = RegExp('^https?://[^?/]*(' + FACEBOOK_DOMAINS.join('|') + ')[/?^]*', 'i'); /* Traps and selectively cancels a request. */ -if (!isMatching(location.href, DOMAINS)) +if (!location.href.match(FACEBOOK_REGEX)) { document.addEventListener('beforeload', function(event) { - if (isMatching(event.url, DOMAINS)) event.preventDefault(); + if (event.url.match(FACEBOOK_REGEX)) event.preventDefault(); }, true); +}