fix(store-devtools): escaping the safelist and blocklist strings (#2259)

Closes #2228
ngrx · Nov 20, 2019 · e888977 · e888977
1 parent 2fdfe17
commit e888977
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 11 deletions.
diff --git a/modules/store-devtools/spec/extension.spec.ts b/modules/store-devtools/spec/extension.spec.ts
@@ -374,14 +374,15 @@ describe('DevtoolsExtension', () => {
     });
 
     describe('with Action and actionsBlocklist', () => {
-      const NORMAL_ACTION = 'NORMAL_ACTION';
-      const BLOCKED_ACTION = 'BLOCKED_ACTION';
+      const NORMAL_ACTION = '[Test] NORMAL_ACTION';
+      const BLOCKED_ACTION_1 = '[Test] BLOCKED_ACTION #1';
+      const BLOCKED_ACTION_2 = '[Test] BLOCKED_ACTION #2';
 
       beforeEach(() => {
         devtoolsExtension = new DevtoolsExtension(
           reduxDevtoolsExtension,
           createConfig({
-            actionsBlocklist: [BLOCKED_ACTION],
+            actionsBlocklist: [BLOCKED_ACTION_1, BLOCKED_ACTION_2],
           }),
           <any>null
         );
@@ -402,22 +403,28 @@ describe('DevtoolsExtension', () => {
           state
         );
         devtoolsExtension.notify(
-          new PerformAction({ type: BLOCKED_ACTION }, 1234567),
+          new PerformAction({ type: BLOCKED_ACTION_1 }, 1234567),
+          state
+        );
+        devtoolsExtension.notify(
+          new PerformAction({ type: BLOCKED_ACTION_2 }, 1234567),
           state
         );
+
         expect(extensionConnection.send).toHaveBeenCalledTimes(2);
       });
     });
 
     describe('with Action and actionsSafelist', () => {
-      const NORMAL_ACTION = 'NORMAL_ACTION';
-      const SAFE_ACTION = 'SAFE_ACTION';
+      const NORMAL_ACTION = '[Test] NORMAL_ACTION';
+      const SAFE_ACTION_1 = '[Test] SAFE_ACTION #1';
+      const SAFE_ACTION_2 = '[Test] SAFE_ACTION #2';
 
       beforeEach(() => {
         devtoolsExtension = new DevtoolsExtension(
           reduxDevtoolsExtension,
           createConfig({
-            actionsSafelist: [SAFE_ACTION],
+            actionsSafelist: [SAFE_ACTION_1, SAFE_ACTION_2],
           }),
           <any>null
         );
@@ -438,10 +445,15 @@ describe('DevtoolsExtension', () => {
           state
         );
         devtoolsExtension.notify(
-          new PerformAction({ type: SAFE_ACTION }, 1234567),
+          new PerformAction({ type: SAFE_ACTION_1 }, 1234567),
           state
         );
-        expect(extensionConnection.send).toHaveBeenCalledTimes(1);
+        devtoolsExtension.notify(
+          new PerformAction({ type: SAFE_ACTION_2 }, 1234567),
+          state
+        );
+
+        expect(extensionConnection.send).toHaveBeenCalledTimes(2);
       });
     });
 

diff --git a/modules/store-devtools/src/utils.ts b/modules/store-devtools/src/utils.ts
@@ -166,8 +166,18 @@ export function isActionFiltered(
 ) {
   const predicateMatch = predicate && !predicate(state, action.action);
   const safelistMatch =
-    safelist && !action.action.type.match(safelist.join('|'));
+    safelist &&
+    !action.action.type.match(safelist.map(s => escapeRegExp(s)).join('|'));
   const blocklistMatch =
-    blockedlist && action.action.type.match(blockedlist.join('|'));
+    blockedlist &&
+    action.action.type.match(blockedlist.map(s => escapeRegExp(s)).join('|'));
   return predicateMatch || safelistMatch || blocklistMatch;
 }
+
+/**
+ * Return string with escaped RegExp special characters
+ * https://stackoverflow.com/a/6969486/1337347
+ */
+function escapeRegExp(s: string): string {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}