From 14772dd6b3ea5e64f790a9b778638fe42c1889d4 Mon Sep 17 00:00:00 2001
From: Samuel Attard <samuel.r.attard@gmail.com>
Date: Thu, 28 Mar 2019 14:03:37 -0700
Subject: [PATCH] fix: ensure dots in content script patterns aren't used as
 wildcards (#17593)

* fix: ensure dots in content script patterns aren't used as wildcards

* chore: sanitise all regexp special chars

* chore: extract to helper

* chore: fixup helper
---
 lib/renderer/content-scripts-injector.ts | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lib/renderer/content-scripts-injector.ts b/lib/renderer/content-scripts-injector.ts
index f1aa98f99c10e..4f82feac30f2e 100644
--- a/lib/renderer/content-scripts-injector.ts
+++ b/lib/renderer/content-scripts-injector.ts
@@ -21,11 +21,15 @@ const getIsolatedWorldIdForInstance = () => {
   return isolatedWorldIds++
 }
 
+const escapePattern = function (pattern: string) {
+  return pattern.replace(/[\\^$+?.()|[\]{}]/g, '\\$&')
+}
+
 // Check whether pattern matches.
 // https://developer.chrome.com/extensions/match_patterns
 const matchesPattern = function (pattern: string) {
   if (pattern === '<all_urls>') return true
-  const regexp = new RegExp(`^${pattern.replace(/\*/g, '.*')}$`)
+  const regexp = new RegExp(`^${pattern.split('*').map(escapePattern).join('.*')}$`)
   const url = `${location.protocol}//${location.host}${location.pathname}`
   return url.match(regexp)
 }