clients/libs/platform/src
✨ Audrey ✨ e66a1f37b5
Extract urlOriginsMatch utility and refactor senderIsInternal (#19076)
Adds urlOriginsMatch to @bitwarden/platform, which compares two URLs by
scheme, host, and port. Uses `protocol + "//" + host` rather than
`URL.origin` because non-special schemes (e.g. chrome-extension://)
return the opaque string "null" from .origin, making equality comparison
unreliable. URLs without a host (file:, data:) are explicitly rejected
to prevent hostless schemes from comparing equal.

Refactors senderIsInternal to delegate to urlOriginsMatch and to derive
the extension URL via BrowserApi.getRuntimeURL("") rather than inline
chrome/browser API detection. Adds full test coverage for
senderIsInternal.

The previous string-based comparison used startsWith after stripping
trailing slashes, which was safe in senderIsInternal where inputs are
tightly constrained. As a general utility accepting arbitrary URLs,
startsWith can produce false positives (e.g. "https://example.com"
matching "https://example.com.evil.com"). Structural host comparison
is the correct contract for unrestricted input.
2026-02-19 08:45:24 -05:00
..
background-sync fix(browser): restore timer based background syncs (#14031) 2025-03-28 14:17:18 -04:00
services [PM-8582] Move Safari browser check to libs/platform (#11007) 2024-09-16 15:36:05 -04:00
index.ts Extract urlOriginsMatch utility and refactor senderIsInternal (#19076) 2026-02-19 08:45:24 -05:00
util.spec.ts Extract urlOriginsMatch utility and refactor senderIsInternal (#19076) 2026-02-19 08:45:24 -05:00
util.ts Extract urlOriginsMatch utility and refactor senderIsInternal (#19076) 2026-02-19 08:45:24 -05:00