https://bugzilla.wikimedia.org/show_bug.cgi?id=69623
--- Comment #2 from Chris Steipp <[email protected]> --- The new vega library is an improvement, but I think there's a flaw in how they did the domain comparison: return vg.config.domainWhiteList.some(function(d) { return d === domain || domain.lastIndexOf("."+d) === (domain.length - d.length - 1); }); If "."+d doesn't exist in domain, lastIndexOf will return -1. So if d.length and domain.length are exactly the same length (but different), then -1 === -1, so the invalid domain would get through. I think you want to just take the substring of d which is the last domain.length characters, and then do a strict comparison. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
