Merge pull request #8104 from brave/fix/8087

do not show phishing warning for javascript URLs
brave · Apr 6, 2017 · 93f51be · 93f51be
2 parents 4337315 + 58985e6
commit 93f51be
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 5 deletions.
diff --git a/js/lib/urlutil.js b/js/lib/urlutil.js
@@ -214,7 +214,7 @@ const UrlUtil = {
   isPotentialPhishingUrl: function (url) {
     if (typeof url !== 'string') { return false }
     const protocol = urlParse(url.trim().toLowerCase()).protocol
-    return ['data:', 'blob:', 'javascript:'].includes(protocol)
+    return ['data:', 'blob:'].includes(protocol)
   },
 
   /**

diff --git a/test/unit/lib/urlutilTest.js b/test/unit/lib/urlutilTest.js
@@ -281,11 +281,8 @@ describe('urlutil', function () {
     it('returns true if input is a data URL', function () {
       assert.equal(UrlUtil.isPotentialPhishingUrl('data:text/html,<script>alert("no crash")</script>'), true)
     })
-    it('returns true if input is a js URL', function () {
-      assert.equal(UrlUtil.isPotentialPhishingUrl('   JAVASCRIPT:alert(1)'), true)
-    })
     it('returns true if input is a blob URL', function () {
-      assert.equal(UrlUtil.isPotentialPhishingUrl('   blob:foo '), true)
+      assert.equal(UrlUtil.isPotentialPhishingUrl('   BLOB:foo '), true)
     })
   })
 })