diff --git a/js/DomainBlacklist.js b/js/DomainBlacklist.js
index 8f44a3ac..d43f3405 100644
--- a/js/DomainBlacklist.js
+++ b/js/DomainBlacklist.js
@@ -1,14 +1,27 @@
(function() {
let objBrowser = chrome ? chrome : browser;
- //Get the blacklist domains option for the user
- objBrowser.runtime.sendMessage({func: "blacklist_domains"}, function(objResponse) {
- if(objResponse && objResponse.hasOwnProperty("resp")) {
- if(objResponse.resp == 1) {
- blacklistedDomainCheck();
+ let strInitHref = window.location.href;
+
+ function init(){
+ //Get the blacklist domains option for the user
+ objBrowser.runtime.sendMessage({func: "blacklist_domains"}, function(objResponse) {
+ if(objResponse && objResponse.hasOwnProperty("resp")) {
+ if(objResponse.resp == 1) {
+ blacklistedDomainCheck();
+ }
}
+ });
+ }
+
+ init();
+
+ window.onclick = function(e) {
+ if(strInitHref !== window.location.href) {
+ strInitHref = window.location.href;
+ init();
}
- });
+ }
//Detects if the current tab is in the blacklisted domains file
function blacklistedDomainCheck() {
@@ -112,6 +125,28 @@
return false;
}
+
+ // Now check the full path (ie: YouTube because of fake livestreams and telegra.ph)
+ objBrowser.runtime.sendMessage({func: "blacklist_uri_list"}, function (objResponse) {
+ if (objResponse && objResponse.hasOwnProperty("resp")) {
+ let uris = JSON.parse(objResponse.resp)
+ let windowLoc = window.location.href.replace(/^https?\:\/\/|www\./g,'');
+ uris.domains.forEach(f => {
+ let r = new RegExp(`^(${f.replace(/[.*+?^${}()|[\]\\\/]/g, '\\$&')})`, 'g');
+
+ if(f === windowLoc || (r.exec(windowLoc) !== null)) {
+ console.warn(`${windowLoc} webpage is blacklisted by EAL - Blacklisted`);
+ window.location.href = chrome.runtime.getURL('/static/phishing/phishing.html#'+ btoa(window.location.href) +'#uri');
+
+ objBrowser.runtime.sendMessage({func: "change_ext_icon", "icon": "blacklisted", "type": "blacklisted"}, function(objResponse) {
+ // Icon should be a different colour now.
+ });
+
+ return false;
+ }
+ })
+ }
+ });
}
//Now do the 3rd party domain list check if they have that option enabled.
diff --git a/js/options.js b/js/options.js
index 4be0ea91..5bcc7efc 100644
--- a/js/options.js
+++ b/js/options.js
@@ -113,6 +113,10 @@ objBrowser.runtime.onMessage.addListener(
console.log("Getting 3p blacklisted domain list");
strResponse = getBlacklistedDomains("3p");
break;
+ case 'blacklist_uri_list' :
+ console.log("Getting the blacklist uri list");
+ strResponse = getBlacklistedDomains("uri");
+ break;
case 'use_3rd_party_blacklists' :
//This option is enabled by default
if(localStorage.getItem("ext-etheraddresslookup-use_3rd_party_blacklist") === null) {
@@ -147,13 +151,13 @@ objBrowser.runtime.onMessage.addListener(
break;
case 'rpc_provider' :
if(localStorage.getItem("ext-etheraddresslookup-rpc_node") === null) {
- strResponse = "https://freely-central-lark.quiknode.io/9fe4c4a0-2ea2-4ac1-ab64-f92990cd2914/118-xxADc8hKSSB9joCb-g==/";
+ strResponse = "https://mainnet.infura.io/v3/02b145caa61b49998168f2b97d4ef323";
} else {
strResponse = localStorage.getItem("ext-etheraddresslookup-rpc_node");
}
break;
case 'rpc_default_provider' :
- strResponse = "https://freely-central-lark.quiknode.io/9fe4c4a0-2ea2-4ac1-ab64-f92990cd2914/118-xxADc8hKSSB9joCb-g==/";
+ strResponse = "https://mainnet.infura.io/v3/02b145caa61b49998168f2b97d4ef323";
break;
case 'perform_address_lookups' :
//This option is enabled by default
@@ -349,6 +353,13 @@ function getBlacklistedDomains(strType)
"repo": "http://api.infura.io/v1/blacklist",
"identifer": "eal"
},
+ "uri": {
+ "timestamp": 0,
+ "domains": [],
+ "format": "plain",
+ "repo": "https://raw.githubusercontent.com/409H/EtherAddressLookup/master/blacklists/uri.json",
+ "identifer": "uri"
+ },
"third_party": {
"phishfort": {
"timestamp": 0,
@@ -380,8 +391,13 @@ function getBlacklistedDomains(strType)
}
strType = strType || "eal";
+ if(strType === "eal") {
+ strType = "";
+ } else {
+ strType = `${strType}_`;
+ }
- return localStorage.getItem(`ext-etheraddresslookup-${strType === 'eal' ? '' : '3p_'}blacklist_domains_list`);
+ return localStorage.getItem(`ext-etheraddresslookup-${strType}blacklist_domains_list`);
}
function updateAllBlacklists(objEalBlacklistedDomains)
@@ -393,6 +409,13 @@ function updateAllBlacklists(objEalBlacklistedDomains)
localStorage.setItem("ext-etheraddresslookup-blacklist_domains_list", JSON.stringify(objEalBlacklistedDomains.eal));
});
+ getBlacklistedDomainsFromSource(objEalBlacklistedDomains.uri).then(function (arrDomains) {
+ objEalBlacklistedDomains.uri.timestamp = Math.floor(Date.now() / 1000);
+ objEalBlacklistedDomains.uri.domains = arrDomains.filter((v,i,a)=>a.indexOf(v)==i);
+
+ localStorage.setItem("ext-etheraddresslookup-uri_blacklist_domains_list", JSON.stringify(objEalBlacklistedDomains.uri));
+ });
+
if( [null, 1].indexOf(localStorage.getItem("ext-etheraddresslookup-use_3rd_party_blacklist")) >= 0) {
getBlacklistedDomainsFromSource(objEalBlacklistedDomains.third_party.phishfort).then(function (arrDomains) {
diff --git a/manifest.json b/manifest.json
index b94ac276..598eac12 100644
--- a/manifest.json
+++ b/manifest.json
@@ -4,7 +4,7 @@
"name": "EtherAddressLookup",
"short_name": "EtherAddressLookup",
"description": "Adds links to strings that look like Ethereum addresses to your favorite blockchain explorer + antiphishing measures.",
- "version": "1.22",
+ "version": "1.23",
"browser_action": {
"default_icon": "images/ether-128x128.png",
diff --git a/static/phishing/phishing-notices.js b/static/phishing/phishing-notices.js
index 52837191..e9d4d868 100644
--- a/static/phishing/phishing-notices.js
+++ b/static/phishing/phishing-notices.js
@@ -1,5 +1,6 @@
//Show the user why it's blocked
var b = window.location.href.split("#");
+
console.log("Domain is blacklisted because: "+(b[b.length-1].toLowerCase()));
switch(b[b.length-1].toLowerCase()) {
case 'punycode':
@@ -22,12 +23,20 @@ switch(b[b.length-1].toLowerCase()) {
case 'blacklisted':
document.getElementById("blacklisted").style.display = 'block'
break;
+ case 'uri':
+ document.getElementById("uri").style.display = 'block'
+ break;
default:
// No default action.
break;
}
//Populate the link to EtherScamDB
-let cleandomain = encodeURI(b[1].replace(/https?\:?\/?\/?w{0,3}\.?/,"").replace(/\/$/,""));
-document.getElementById("link-etherscamdb").href = "https://etherscamdb.info/domain/"+cleandomain;
-document.getElementById("link-etherscamdb").textContent = "https://etherscamdb.info/domain/"+cleandomain;
\ No newline at end of file
+if(b[b.length-1].toLowerCase() !== "uri") {
+ if(document.getElementById("esdb-link")) {
+ document.getElementById("esdb-link").style.display = "block";
+ }
+ let cleandomain = encodeURI(b[1].replace(/https?\:?\/?\/?w{0,3}\.?/,"").replace(/\/$/,""));
+ document.getElementById("link-etherscamdb").href = "https://etherscamdb.info/domain/"+cleandomain;
+ document.getElementById("link-etherscamdb").textContent = "https://etherscamdb.info/domain/"+cleandomain;
+}
\ No newline at end of file
diff --git a/static/phishing/phishing.html b/static/phishing/phishing.html
index 97001f76..e16ce3a1 100644
--- a/static/phishing/phishing.html
+++ b/static/phishing/phishing.html
@@ -73,6 +73,10 @@
#blacklisted {
border-left: 4px solid #D49990;
}
+
+ #uri {
+ border-left: 4px solid #f0ef0e;
+ }
@@ -92,15 +96,19 @@
This domain is blocked because it is too similar to a domain in our fuzzy list.
If you want to access this domain and you're sure it's safe, please disable the behaviour in the EtherAddressLookup settings.
+
+
This webpage is blocked because it is on our blacklist.
+ If you want to access this domain and you're sure it's safe, please disable the behaviour in the EtherAddressLookup settings.
+
This domain is blocked because it is on our blacklist.
If you want to access this domain and you're sure it's safe, please disable the behaviour in the EtherAddressLookup settings.
-
+
This is because you have enabled Warn of blacklisted domains setting on 
EtherAddressLookup Browser Extension.
You can turn this setting off, but it's advised not to as we blacklisted the domain for a reason.
If you feel this domain is wrongly blacklisted, please open a new issue on GitHub
- To read more about this, visit https://etherscamdb.info/domain/
+ To read more about this, visit https://etherscamdb.info/domain/
@@ -119,6 +127,16 @@
Helpful Tips:
Try seeking out a trustworthy, secure link on your own. Top Google results (not
Google Ads!), Verified Twitter accounts, or asking someone you know & trust. Once you find the
correct URL, bookmark it!
+
Nobody is giving away free money. Scammers are trying to impersonate official looking channels
+ to convince you to perform a trust trading scam (by sending them money in return for more money sent back). This
+ is a common scam that we have written about it numerous times:
+
+