Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PAC - JavaScript - shExpMatch() vs dnsDomainIs()

Tags:

javascript

pac

What is the difference between shExpMatch() and dnsDomainIs()

The definition says:

// dnsDomainIs()
// Evaluates hostnames and returns true if hostnames match. Used mainly to match and exception individual host names.

// Example:
if (dnsDomainIs(host, ".google.com")) return "DIRECT";



// shExpMatch()
// Attempts to match hostname or URL to a specified shell expression and returns true if matched.

// Example:
if (shExpMatch(url, "*vpn.domain.com*") ||
      shExpMatch(url, "*abcdomain.com/folder/*"))
  return "DIRECT";

If I understand it correct then

shExpMatch() - can use some wildcards

dnsDomainIs() - can use exact names

Is shExpMatch() just superior to dnsDomainIs()

like image 823
Wakan Tanka Avatar asked Feb 16 '15 00:02

Wakan Tanka


1 Answers

Looking at the definitions from http://findproxyforurl.com/pac-functions/ , they have very different functionality. dnsDomainIs() uses exact domain names - such as .google.com, while shExpMatch() uses shell-like strings with wildcards such as *.google.com.

They look very different now, but with shExpMatch, you can also match items in a folder structure like example.com/sub/folder/* or http://example.com/img/*.png.

The first one only matches the hostname without protocol, port or subfolders, while the second one matches the whole URL. However, you may be able to use shExpMatch() like dnsDomainIs(), but I am not sure, if you may be vulnerable then by inadvertedly allowing a URL like google.com.example.com for google.com - dnsDomainIs() would return false here, shExpMatch() may return true (not tested, just a hunch)

like image 75
ingofreyer Avatar answered Sep 26 '22 10:09

ingofreyer