diff --git a/src/vs/workbench/contrib/url/common/trustedDomainsValidator.ts b/src/vs/workbench/contrib/url/common/trustedDomainsValidator.ts index 3862d4fb66d..bfb96b17c42 100644 --- a/src/vs/workbench/contrib/url/common/trustedDomainsValidator.ts +++ b/src/vs/workbench/contrib/url/common/trustedDomainsValidator.ts @@ -222,6 +222,10 @@ function pathMatches(open: string, rule: string) { return true; } + if (rule[rule.length - 1] === '/') { + rule = rule.slice(0, -1); + } + const openSegments = open.split('/'); const ruleSegments = rule.split('/'); for (let i = 0; i < ruleSegments.length; i++) { diff --git a/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts b/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts index 72269c54214..8b69baf8039 100644 --- a/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts +++ b/src/vs/workbench/contrib/url/test/browser/trustedDomains.test.ts @@ -56,6 +56,11 @@ suite('Link protection domain matching', () => { test('sub paths', () => { linkAllowedByRules('https://x.org/foo', ['https://x.org/foo']); + linkAllowedByRules('https://x.org/foo/bar', ['https://x.org/foo']); + + linkAllowedByRules('https://x.org/foo', ['https://x.org/foo/']); + linkAllowedByRules('https://x.org/foo/bar', ['https://x.org/foo/']); + linkAllowedByRules('https://x.org/foo', ['x.org/foo']); linkAllowedByRules('https://x.org/foo', ['*.org/foo']);