PAC - JavaScript - shExpMatch() vs dnsDomainIs()

Question

What is the difference between shExpMatch() and dnsDomainIs()

The definition says:

// dnsDomainIs()
// Evaluates hostnames and returns true if hostnames match. Used mainly to match and exception individual host names.

// Example:
if (dnsDomainIs(host, ".google.com")) return "DIRECT";



// shExpMatch()
// Attempts to match hostname or URL to a specified shell expression and returns true if matched.

// Example:
if (shExpMatch(url, "*vpn.domain.com*") ||
      shExpMatch(url, "*abcdomain.com/folder/*"))
  return "DIRECT";

If I understand it correct then

shExpMatch() - can use some wildcards

dnsDomainIs() - can use exact names

Is shExpMatch() just superior to dnsDomainIs()

Answer 1

Looking at the definitions from http://findproxyforurl.com/pac-functions/ , they have very different functionality. dnsDomainIs() uses exact domain names - such as .google.com, while shExpMatch() uses shell-like strings with wildcards such as *.google.com.

They look very different now, but with shExpMatch, you can also match items in a folder structure like example.com/sub/folder/* or http://example.com/img/*.png.

The first one only matches the hostname without protocol, port or subfolders, while the second one matches the whole URL. However, you may be able to use shExpMatch() like dnsDomainIs(), but I am not sure, if you may be vulnerable then by inadvertedly allowing a URL like google.com.example.com for google.com - dnsDomainIs() would return false here, shExpMatch() may return true (not tested, just a hunch)