From 981a4b99982366546fbf808bf8564df567199979 Mon Sep 17 00:00:00 2001
From: Samuel Attard <samuel.r.attard@gmail.com>
Date: Thu, 28 Mar 2019 09:57:42 -0700
Subject: [PATCH 1/4] fix: ensure dots in content script patterns aren't used
 as wildcards

---
 lib/renderer/content-scripts-injector.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/renderer/content-scripts-injector.ts b/lib/renderer/content-scripts-injector.ts
index f1aa98f99c10e..1da3ba66b7a8d 100644
--- a/lib/renderer/content-scripts-injector.ts
+++ b/lib/renderer/content-scripts-injector.ts
@@ -25,7 +25,7 @@ const getIsolatedWorldIdForInstance = () => {
 // https://developer.chrome.com/extensions/match_patterns
 const matchesPattern = function (pattern: string) {
   if (pattern === '<all_urls>') return true
-  const regexp = new RegExp(`^${pattern.replace(/\*/g, '.*')}$`)
+  const regexp = new RegExp(`^${pattern.replace(/\./g, '\\.').replace(/\*/g, '.*')}$`)
   const url = `${location.protocol}//${location.host}${location.pathname}`
   return url.match(regexp)
 }

From c6e62f9d54433b2a07b34e9a3da43566443f51e8 Mon Sep 17 00:00:00 2001
From: Samuel Attard <samuel.r.attard@gmail.com>
Date: Thu, 28 Mar 2019 10:12:43 -0700
Subject: [PATCH 2/4] chore: sanitise all regexp special chars

---
 lib/renderer/content-scripts-injector.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/renderer/content-scripts-injector.ts b/lib/renderer/content-scripts-injector.ts
index 1da3ba66b7a8d..f481ad7920b27 100644
--- a/lib/renderer/content-scripts-injector.ts
+++ b/lib/renderer/content-scripts-injector.ts
@@ -25,7 +25,7 @@ const getIsolatedWorldIdForInstance = () => {
 // https://developer.chrome.com/extensions/match_patterns
 const matchesPattern = function (pattern: string) {
   if (pattern === '<all_urls>') return true
-  const regexp = new RegExp(`^${pattern.replace(/\./g, '\\.').replace(/\*/g, '.*')}$`)
+  const regexp = new RegExp(`^${pattern.split('*').map(x => x.replace(/[\\^$+?.()|[\]{}]/g, '\\$&'))).join('.*')}$`)
   const url = `${location.protocol}//${location.host}${location.pathname}`
   return url.match(regexp)
 }

From 131c94aea062a87365e4baa0cbb8c1b9fb575faa Mon Sep 17 00:00:00 2001
From: Samuel Attard <samuel.r.attard@gmail.com>
Date: Thu, 28 Mar 2019 10:15:30 -0700
Subject: [PATCH 3/4] chore: extract to helper

---
 lib/renderer/content-scripts-injector.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/renderer/content-scripts-injector.ts b/lib/renderer/content-scripts-injector.ts
index f481ad7920b27..1e67b8ca161f0 100644
--- a/lib/renderer/content-scripts-injector.ts
+++ b/lib/renderer/content-scripts-injector.ts
@@ -21,11 +21,15 @@ const getIsolatedWorldIdForInstance = () => {
   return isolatedWorldIds++
 }
 
+const escapePattern = function (pattern: string) {
+  return pattern.split('*').map(x => x.replace(/[\\^$+?.()|[\]{}]/g, '\\$&'))).join('.*')
+}
+
 // Check whether pattern matches.
 // https://developer.chrome.com/extensions/match_patterns
 const matchesPattern = function (pattern: string) {
   if (pattern === '<all_urls>') return true
-  const regexp = new RegExp(`^${pattern.split('*').map(x => x.replace(/[\\^$+?.()|[\]{}]/g, '\\$&'))).join('.*')}$`)
+  const regexp = new RegExp(`^${escapePattern(pattern)}$`)
   const url = `${location.protocol}//${location.host}${location.pathname}`
   return url.match(regexp)
 }

From 0266fe0b1f0d625ef831730e58fba7fbf9f37c02 Mon Sep 17 00:00:00 2001
From: Samuel Attard <samuel.r.attard@gmail.com>
Date: Thu, 28 Mar 2019 10:18:57 -0700
Subject: [PATCH 4/4] chore: fixup helper

---
 lib/renderer/content-scripts-injector.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/renderer/content-scripts-injector.ts b/lib/renderer/content-scripts-injector.ts
index 1e67b8ca161f0..4f82feac30f2e 100644
--- a/lib/renderer/content-scripts-injector.ts
+++ b/lib/renderer/content-scripts-injector.ts
@@ -22,14 +22,14 @@ const getIsolatedWorldIdForInstance = () => {
 }
 
 const escapePattern = function (pattern: string) {
-  return pattern.split('*').map(x => x.replace(/[\\^$+?.()|[\]{}]/g, '\\$&'))).join('.*')
+  return pattern.replace(/[\\^$+?.()|[\]{}]/g, '\\$&')
 }
 
 // Check whether pattern matches.
 // https://developer.chrome.com/extensions/match_patterns
 const matchesPattern = function (pattern: string) {
   if (pattern === '<all_urls>') return true
-  const regexp = new RegExp(`^${escapePattern(pattern)}$`)
+  const regexp = new RegExp(`^${pattern.split('*').map(escapePattern).join('.*')}$`)
   const url = `${location.protocol}//${location.host}${location.pathname}`
   return url.match(regexp)
 }