bitwarden/browser
1
0
Fork 0
mirror of https://github.com/bitwarden/browser synced 2026-02-25 17:13:24 +00:00
Code Issues Releases Wiki Activity
Files
87d96b625427f3784f78b12dba70e196dcdaf344
browser/libs/platform/src/util.ts
✨ Audrey ✨ e66a1f37b5 Extract urlOriginsMatch utility and refactor senderIsInternal (#19076) 
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.

Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.

The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
2026-02-19 08:45:24 -05:00

54 lines
1.6 KiB
TypeScript
Raw Blame History

function toURL(input: string | URL): URL | null {
if (input instanceof URL) {
return input;
}
try {
return new URL(input);
} catch {
return null;
}
}
function effectiveOrigin(url: URL): string | null {
// The URL spec returns "null" for .origin on non-special schemes
// (e.g. chrome-extension://) so we build the origin from protocol + host instead.
// An empty host means no meaningful origin can be compared (file:, data:, etc.).
if (!url.host) {
return null;
}
return `${url.protocol}//${url.host}`;
}
/**
* Compares two URLs to determine whether the suspect URL originates from the
* same host as the canonical URL.
*
* Both arguments accept either a string or an existing {@link URL} object.
*
* Returns `false` when:
* - Either argument cannot be parsed as a valid URL
* - Either URL has no host (e.g. `file:`, `data:` schemes), since URLs without
* a meaningful host cannot be distinguished by origin
*
* @param canonical - The reference URL whose origin acts as the baseline.
* @param suspect - The URL being tested against the canonical origin.
* @returns `true` if both URLs share the same scheme, host, and port; `false` otherwise.
*/
export function urlOriginsMatch(canonical: string | URL, suspect: string | URL): boolean {
const canonicalUrl = toURL(canonical);
const suspectUrl = toURL(suspect);
if (!canonicalUrl || !suspectUrl) {
return false;
}
const canonicalOrigin = effectiveOrigin(canonicalUrl);
const suspectOrigin = effectiveOrigin(suspectUrl);
if (!canonicalOrigin || !suspectOrigin) {
return false;
}
return canonicalOrigin === suspectOrigin;
}
Reference in New Issue View Git Blame Copy Permalink