Conversation
Removed all entries from the protected_domains list. Signed-off-by: Zacgoose <107489668+Zacgoose@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR removes the default seed list of protected domains used by the domain_squatting detection configuration, leaving the feature with no built-in protected targets.
Changes:
- Cleared
domain_squatting.protected_domainsin the detection rules configuration.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "githubusercontent.com", | ||
| "azurestaticapps.net" | ||
| ], | ||
| "protected_domains": [], |
There was a problem hiding this comment.
Setting domain_squatting.protected_domains to an empty list effectively disables domain-squatting detections out of the box: DomainSquattingDetector.checkDomain() iterates only over this.protectedDomains and returns null when the list is empty, so no squatting signals can ever be produced unless runtime config or the URL allowlist populates domains. This also causes the Options UI flow that displays “Default Protected Domains” to always warn "No default protected domains found" (options/options.js:3753-3755). If the intent is only to remove the baked-in defaults, consider also disabling domain_squatting by default or providing an alternate source/seed list so the feature remains functional and the UI doesn’t degrade.
| "protected_domains": [], | |
| "protected_domains": [ | |
| "login.microsoftonline.com", | |
| "login.microsoft.com", | |
| "login.microsoft.net", | |
| "login.windows.net", | |
| "login.partner.microsoftonline.cn", | |
| "login.live.com" | |
| ], |
Removed all entries from the protected_domains list.