From adc5f3ceca08394bc22db810fa99a517a2169957 Mon Sep 17 00:00:00 2001 From: Mark Stacey Date: Mon, 18 Nov 2024 13:19:12 -0330 Subject: [PATCH] fix: Make QR scanner more strict The QR scanner is now more strict about the contents it allows to be scanned. If the scanned QR code deviates at all from the supported formats, it will retur "unknown" as the result (as it always has for completely unrecognized QR codes). Previously we would accept QR codes with a recognized prefix even if the complete contents did not match our expectations, which has resulted in unexpected behavior. --- .../modals/qr-scanner/qr-scanner.component.js | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/ui/components/app/modals/qr-scanner/qr-scanner.component.js b/ui/components/app/modals/qr-scanner/qr-scanner.component.js index 75e1a83417b9..51ae5a89a6ef 100644 --- a/ui/components/app/modals/qr-scanner/qr-scanner.component.js +++ b/ui/components/app/modals/qr-scanner/qr-scanner.component.js @@ -22,6 +22,10 @@ const READY_STATE = { READY: 'READY', }; +const ethereumPrefix = 'ethereum:'; +// A 0x-prefixed Ethereum address is 42 characters (2 prefix + 40 address) +const addressLength = 42; + const parseContent = (content) => { let type = 'unknown'; let values = {}; @@ -31,12 +35,18 @@ const parseContent = (content) => { // For ex. EIP-681 (https://eips.ethereum.org/EIPS/eip-681) // Ethereum address links - fox ex. ethereum:0x.....1111 - if (content.split('ethereum:').length > 1) { + if ( + content.split(ethereumPrefix).length > 1 && + content.length === ethereumPrefix.length + addressLength + ) { type = 'address'; - // uses regex capture groups to match and extract address while ignoring everything else + // uses regex capture groups to match and extract address values = { address: parseScanContent(content) }; // Regular ethereum addresses - fox ex. 0x.....1111 - } else if (content.substring(0, 2).toLowerCase() === '0x') { + } else if ( + content.substring(0, 2).toLowerCase() === '0x' && + content.length === addressLength + ) { type = 'address'; values = { address: content }; }