From d5bb0e968fa878e306f128376e3946e7b6d8a60c Mon Sep 17 00:00:00 2001
From: Samuel Attard <samuel.r.attard@gmail.com>
Date: Thu, 28 Mar 2019 14:04:30 -0700
Subject: [PATCH] fix: ensure dots in content script patterns aren't used as
 wildcards (#17594)

* fix: ensure dots in content script patterns aren't used as wildcards

* chore: santize all regex chars

* chore: extract to helper

* chore: fixup helper
---
 lib/renderer/content-scripts-injector.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/renderer/content-scripts-injector.js b/lib/renderer/content-scripts-injector.js
index 5091d84f69685..1a10d7a65d97b 100644
--- a/lib/renderer/content-scripts-injector.js
+++ b/lib/renderer/content-scripts-injector.js
@@ -3,11 +3,15 @@
 const ipcRenderer = require('@electron/internal/renderer/ipc-renderer-internal')
 const { runInThisContext } = require('vm')
 
+const escapePattern = function (pattern) {
+  return pattern.replace(/[\\^$+?.()|[\]{}]/g, '\\$&')
+}
+
 // Check whether pattern matches.
 // https://developer.chrome.com/extensions/match_patterns
 const matchesPattern = function (pattern) {
   if (pattern === '<all_urls>') return true
-  const regexp = new RegExp(`^${pattern.replace(/\*/g, '.*')}$`)
+  const regexp = new RegExp(`^${pattern.split('*').map(escapePattern).join('.*')}$`)
   const url = `${location.protocol}//${location.host}${location.pathname}`
   return url.match(regexp)
 }