From 7958bf189caf4555971fbeb9affd6bd8fe7efe33 Mon Sep 17 00:00:00 2001
From: Siddarth Kumar <siddarthkay@gmail.com>
Date: Thu, 29 Jun 2023 08:20:40 +0530
Subject: [PATCH] browser: do not resolve any .top domains

We mark any url with ".top" in it as not secure in the browser and an explicit condition is added in resolve-url to not resolve any urls that contain the ".top" in their urls.

We've been seeing lots of reports within the status community where people are scammed by malicious entities on telegram/whatsapp and they are being told to open these urls on status browser which in turn asks them to link their wallet to access the website.

This commit is not a proper fix but a temporary solution to stop these scammers. A more robust solution would be to integrate with an open source phishing url detector.
---
 src/status_im/browser/core.cljs | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/src/status_im/browser/core.cljs b/src/status_im/browser/core.cljs
index 14d3884a57..a68e3c6f9b 100644
--- a/src/status_im/browser/core.cljs
+++ b/src/status_im/browser/core.cljs
@@ -44,7 +44,7 @@
   (or dapp?
       (and (not error?)
            (when url
-             (string/starts-with? url "https://")))))
+             (and (string/starts-with? url "https://") (string/includes? url ".top"))))))
 
 (fx/defn remove-browser
   {:events [:browser.ui/remove-browser-pressed]}
@@ -78,14 +78,16 @@
 (fx/defn resolve-url
   [{:keys [db]} {:keys [error? resolved-url]}]
   (when (not error?)
-    (let [current-url (get-current-url (get-current-browser db))
-          host (http/url-host current-url)]
-      (if (and (not resolved-url) (ens/is-valid-eth-name? host))
-        {:db                            (update db :browser/options assoc :resolving? true)
-         :browser/resolve-ens-contenthash {:chain-id (ethereum/chain-id db)
-                                           :ens-name host
-                                           :cb       resolve-ens-contenthash-callback}}
-        {:db (update db :browser/options assoc :url (or resolved-url current-url) :resolving? false)}))))
+        (let [current-url   (get-current-url (get-current-browser db))
+              contains-top? (string/includes? current-url ".top")
+              host          (http/url-host current-url)]
+          (when (not contains-top?)
+                (if (and  (not resolved-url) (ens/is-valid-eth-name? host))
+                  {:db                            (update db :browser/options assoc :resolving? true)
+                   :browser/resolve-ens-contenthash {:chain-id (ethereum/chain-id db)
+                                                     :ens-name host
+                                                     :cb       resolve-ens-contenthash-callback}}
+                  {:db (update db :browser/options assoc :url (or resolved-url current-url) :resolving? false)})))))
 
 (fx/defn update-browser
   [{:keys [db]}