browser: do not resolve any .top domains
We mark any url with ".top" in it as not secure in the browser and an explicit condition is added in resolve-url to not resolve any urls that contain the ".top" in their urls. We've been seeing lots of reports within the status community where people are scammed by malicious entities on telegram/whatsapp and they are being told to open these urls on status browser which in turn asks them to link their wallet to access the website. This commit is not a proper fix but a temporary solution to stop these scammers. A more robust solution would be to integrate with an open source phishing url detector.
This commit is contained in:
parent
61660128fd
commit
7958bf189c
|
@ -44,7 +44,7 @@
|
||||||
(or dapp?
|
(or dapp?
|
||||||
(and (not error?)
|
(and (not error?)
|
||||||
(when url
|
(when url
|
||||||
(string/starts-with? url "https://")))))
|
(and (string/starts-with? url "https://") (string/includes? url ".top"))))))
|
||||||
|
|
||||||
(fx/defn remove-browser
|
(fx/defn remove-browser
|
||||||
{:events [:browser.ui/remove-browser-pressed]}
|
{:events [:browser.ui/remove-browser-pressed]}
|
||||||
|
@ -79,13 +79,15 @@
|
||||||
[{:keys [db]} {:keys [error? resolved-url]}]
|
[{:keys [db]} {:keys [error? resolved-url]}]
|
||||||
(when (not error?)
|
(when (not error?)
|
||||||
(let [current-url (get-current-url (get-current-browser db))
|
(let [current-url (get-current-url (get-current-browser db))
|
||||||
|
contains-top? (string/includes? current-url ".top")
|
||||||
host (http/url-host current-url)]
|
host (http/url-host current-url)]
|
||||||
|
(when (not contains-top?)
|
||||||
(if (and (not resolved-url) (ens/is-valid-eth-name? host))
|
(if (and (not resolved-url) (ens/is-valid-eth-name? host))
|
||||||
{:db (update db :browser/options assoc :resolving? true)
|
{:db (update db :browser/options assoc :resolving? true)
|
||||||
:browser/resolve-ens-contenthash {:chain-id (ethereum/chain-id db)
|
:browser/resolve-ens-contenthash {:chain-id (ethereum/chain-id db)
|
||||||
:ens-name host
|
:ens-name host
|
||||||
:cb resolve-ens-contenthash-callback}}
|
:cb resolve-ens-contenthash-callback}}
|
||||||
{:db (update db :browser/options assoc :url (or resolved-url current-url) :resolving? false)}))))
|
{:db (update db :browser/options assoc :url (or resolved-url current-url) :resolving? false)})))))
|
||||||
|
|
||||||
(fx/defn update-browser
|
(fx/defn update-browser
|
||||||
[{:keys [db]}
|
[{:keys [db]}
|
||||||
|
|
Loading…
Reference in New Issue