@@ -24,22 +24,80 @@ export const USER_CONTENT_HOSTS = [
2424 "googleusercontent.com" ,
2525
2626 // Blogger - Comprehensive subdomain list
27- "*.blogspot.ae" , "*.blogspot.al" , "*.blogspot.am" , "*.blogspot.ba" , "*.blogspot.be" ,
28- "*.blogspot.bg" , "*.blogspot.bj" , "*.blogspot.ca" , "*.blogspot.cf" , "*.blogspot.ch" ,
29- "*.blogspot.cl" , "*.blogspot.co.at" , "*.blogspot.co.id" , "*.blogspot.co.il" ,
30- "*.blogspot.co.ke" , "*.blogspot.co.nz" , "*.blogspot.co.uk" , "*.blogspot.co.za" ,
31- "*.blogspot.com" , "*.blogspot.com.ar" , "*.blogspot.com.au" , "*.blogspot.com.br" ,
32- "*.blogspot.com.by" , "*.blogspot.com.co" , "*.blogspot.com.cy" , "*.blogspot.com.ee" ,
33- "*.blogspot.com.eg" , "*.blogspot.com.es" , "*.blogspot.com.mt" , "*.blogspot.com.ng" ,
34- "*.blogspot.com.tr" , "*.blogspot.com.uy" , "*.blogspot.cv" , "*.blogspot.cz" ,
35- "*.blogspot.de" , "*.blogspot.dk" , "*.blogspot.fi" , "*.blogspot.fr" , "*.blogspot.gr" ,
36- "*.blogspot.hk" , "*.blogspot.hr" , "*.blogspot.hu" , "*.blogspot.ie" , "*.blogspot.in" ,
37- "*.blogspot.is" , "*.blogspot.it" , "*.blogspot.jp" , "*.blogspot.kr" , "*.blogspot.li" ,
38- "*.blogspot.lt" , "*.blogspot.lu" , "*.blogspot.md" , "*.blogspot.mk" , "*.blogspot.mr" ,
39- "*.blogspot.mx" , "*.blogspot.my" , "*.blogspot.nl" , "*.blogspot.no" , "*.blogspot.pe" ,
40- "*.blogspot.pt" , "*.blogspot.qa" , "*.blogspot.re" , "*.blogspot.ro" , "*.blogspot.rs" ,
41- "*.blogspot.ru" , "*.blogspot.se" , "*.blogspot.sg" , "*.blogspot.si" , "*.blogspot.sk" ,
42- "*.blogspot.sn" , "*.blogspot.td" , "*.blogspot.tw" , "*.blogspot.ug" , "*.blogspot.vn"
27+ "*.blogspot.ae" ,
28+ "*.blogspot.al" ,
29+ "*.blogspot.am" ,
30+ "*.blogspot.ba" ,
31+ "*.blogspot.be" ,
32+ "*.blogspot.bg" ,
33+ "*.blogspot.bj" ,
34+ "*.blogspot.ca" ,
35+ "*.blogspot.cf" ,
36+ "*.blogspot.ch" ,
37+ "*.blogspot.cl" ,
38+ "*.blogspot.co.at" ,
39+ "*.blogspot.co.id" ,
40+ "*.blogspot.co.il" ,
41+ "*.blogspot.co.ke" ,
42+ "*.blogspot.co.nz" ,
43+ "*.blogspot.co.uk" ,
44+ "*.blogspot.co.za" ,
45+ "*.blogspot.com" ,
46+ "*.blogspot.com.ar" ,
47+ "*.blogspot.com.au" ,
48+ "*.blogspot.com.br" ,
49+ "*.blogspot.com.by" ,
50+ "*.blogspot.com.co" ,
51+ "*.blogspot.com.cy" ,
52+ "*.blogspot.com.ee" ,
53+ "*.blogspot.com.eg" ,
54+ "*.blogspot.com.es" ,
55+ "*.blogspot.com.mt" ,
56+ "*.blogspot.com.ng" ,
57+ "*.blogspot.com.tr" ,
58+ "*.blogspot.com.uy" ,
59+ "*.blogspot.cv" ,
60+ "*.blogspot.cz" ,
61+ "*.blogspot.de" ,
62+ "*.blogspot.dk" ,
63+ "*.blogspot.fi" ,
64+ "*.blogspot.fr" ,
65+ "*.blogspot.gr" ,
66+ "*.blogspot.hk" ,
67+ "*.blogspot.hr" ,
68+ "*.blogspot.hu" ,
69+ "*.blogspot.ie" ,
70+ "*.blogspot.in" ,
71+ "*.blogspot.is" ,
72+ "*.blogspot.it" ,
73+ "*.blogspot.jp" ,
74+ "*.blogspot.kr" ,
75+ "*.blogspot.li" ,
76+ "*.blogspot.lt" ,
77+ "*.blogspot.lu" ,
78+ "*.blogspot.md" ,
79+ "*.blogspot.mk" ,
80+ "*.blogspot.mr" ,
81+ "*.blogspot.mx" ,
82+ "*.blogspot.my" ,
83+ "*.blogspot.nl" ,
84+ "*.blogspot.no" ,
85+ "*.blogspot.pe" ,
86+ "*.blogspot.pt" ,
87+ "*.blogspot.qa" ,
88+ "*.blogspot.re" ,
89+ "*.blogspot.ro" ,
90+ "*.blogspot.rs" ,
91+ "*.blogspot.ru" ,
92+ "*.blogspot.se" ,
93+ "*.blogspot.sg" ,
94+ "*.blogspot.si" ,
95+ "*.blogspot.sk" ,
96+ "*.blogspot.sn" ,
97+ "*.blogspot.td" ,
98+ "*.blogspot.tw" ,
99+ "*.blogspot.ug" ,
100+ "*.blogspot.vn" ,
43101] ;
44102
45103// JavaScript hosts with known vulnerable libraries
@@ -57,7 +115,12 @@ export const VULNERABLE_JS_HOSTS = [
57115 } ,
58116 {
59117 domain : "ajax.googleapis.com" ,
60- paths : [ "/ajax/libs/angularjs/" , "/ajax/libs/yui/" , "/jsapi" , "/ajax/services/feed/find" ] ,
118+ paths : [
119+ "/ajax/libs/angularjs/" ,
120+ "/ajax/libs/yui/" ,
121+ "/jsapi" ,
122+ "/ajax/services/feed/find" ,
123+ ] ,
61124 risk : "AngularJS and JSONP vulnerabilities" ,
62125 } ,
63126
@@ -113,7 +176,8 @@ export class BlacklistManager {
113176
114177 // Check if path matches any vulnerable paths
115178 if (
116- path &&
179+ path !== undefined &&
180+ path . trim ( ) !== "" &&
117181 vulnHost . paths . some ( ( vulnPath ) => path . includes ( vulnPath ) )
118182 ) {
119183 return { isVulnerable : true , risk : vulnHost . risk } ;
@@ -144,7 +208,7 @@ export class BlacklistManager {
144208 results . push ( {
145209 type : "vulnerable-js" ,
146210 risk :
147- vulnCheck . risk ||
211+ vulnCheck . risk ??
148212 "Domain hosts known vulnerable JavaScript libraries" ,
149213 } ) ;
150214 }
0 commit comments