diff options
| author | Dan Finlay <dan@danfinlay.com> | 2017-07-28 06:10:02 +0800 |
|---|---|---|
| committer | Dan Finlay <dan@danfinlay.com> | 2017-07-28 06:10:02 +0800 |
| commit | f8cadbcb323f2d41d6a2cad78479917f20b113bd (patch) | |
| tree | 3f1dc1e4d399b26ef929d4a0d51ded3c11c814fc /app/scripts/blacklister.js | |
| parent | 8ba32d5ea8cbd30b85cade9fccaaa6c0f3f5cd04 (diff) | |
| parent | e3b5bb2052d59afbf9c2761af883de719261062e (diff) | |
| download | tangerine-wallet-browser-f8cadbcb323f2d41d6a2cad78479917f20b113bd.tar.gz tangerine-wallet-browser-f8cadbcb323f2d41d6a2cad78479917f20b113bd.tar.zst tangerine-wallet-browser-f8cadbcb323f2d41d6a2cad78479917f20b113bd.zip | |
Merge branch 'master' into NewUI
Diffstat (limited to 'app/scripts/blacklister.js')
| -rw-r--r-- | app/scripts/blacklister.js | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/app/scripts/blacklister.js b/app/scripts/blacklister.js index a45265a75..9337599cc 100644 --- a/app/scripts/blacklister.js +++ b/app/scripts/blacklister.js @@ -1,13 +1,41 @@ -const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json')
+const levenshtein = require('fast-levenshtein')
+const blacklistedMetaMaskDomains = ['metamask.com']
+const blacklistedDomains = require('etheraddresslookup/blacklists/domains.json').concat(blacklistedMetaMaskDomains)
+const whitelistedMetaMaskDomains = ['metamask.io', 'www.metamask.io']
+const whitelistedDomains = require('etheraddresslookup/whitelists/domains.json').concat(whitelistedMetaMaskDomains)
+const LEVENSHTEIN_TOLERANCE = 4
+const LEVENSHTEIN_CHECKS = ['myetherwallet', 'myetheroll', 'ledgerwallet', 'metamask']
-function detectBlacklistedDomain() {
- var strCurrentTab = window.location.hostname
- if (blacklistedDomains && blacklistedDomains.includes(strCurrentTab)) {
- window.location.href = 'https://metamask.io/phishing.html'
- }
+
+// credit to @sogoiii and @409H for their help!
+// Return a boolean on whether or not a phish is detected.
+function isPhish(hostname) {
+ var strCurrentTab = hostname
+
+ // check if the domain is part of the whitelist.
+ if (whitelistedDomains && whitelistedDomains.includes(strCurrentTab)) { return false }
+
+ // check if the domain is part of the blacklist.
+ var isBlacklisted = blacklistedDomains && blacklistedDomains.includes(strCurrentTab)
+
+ // check for similar values.
+ var levenshteinMatched = false
+ var levenshteinForm = strCurrentTab.replace(/\./g, '')
+ LEVENSHTEIN_CHECKS.forEach((element) => {
+ if (levenshtein.get(element, levenshteinForm) < LEVENSHTEIN_TOLERANCE) {
+ levenshteinMatched = true
+ }
+ })
+
+ return isBlacklisted || levenshteinMatched
}
-window.addEventListener('load', function() {
- detectBlacklistedDomain()
+window.addEventListener('load', function () {
+ var hostnameToCheck = window.location.hostname
+ if (isPhish(hostnameToCheck)) {
+ // redirect to our phishing warning page.
+ window.location.href = 'https://metamask.io/phishing.html'
+ }
})
+module.exports = isPhish
|