Glob syntax is bad

[indivisible]

I've noticed that glob rules suffer from some problems:

1. they are not properly escaped before being turned into regexes. ., and every other special character, should be escaped.
2. the ? symbol in globs matches exactly one unspecified character, not 1 or zero (so should be translated to . in regex)

[alex-becker-startp]

Hello, there are more severe issues with the current glob to regex implementation. Because of missing ^ (start) and $ (end) tokens, basically every filter works like *filter* matching any substring.

You could use this code for better converting. Maybe someone else verifies that I have no mistake within the sample.

host = 'test.de'
filter = '!*.test.de';
glob = filter.substr(1) // remove glob indicator (!)

pattern = '';

// ensure host begins with pattern when there no leading *-glob
if (!glob.startsWith('*'))
    pattern += '^';

// allow pure base domain on subdomain filters
// i.e. domain.com is valid for *.domain.com
if (glob.startsWith('*.'))
{
    pattern += '(.+\\.)?';   // optional allow any chars before, but if, there must be a dot behind
    glob = glob.substr(2);
}

// convert glob string to regex
pattern += glob
        .replace(/[.+^${}()|[\]\\]/g, '\\$&') // escape regex special chars
        .replace(/\*/g, '.*')                 // convert * glob into regex
        .replace(/\?/g, '.?');                // convert ? glob into regex

// ensure host ends with pattern when there is no tailing *-glob
if (!glob.endsWith('*'))
    pattern += '$';

isMatch = new RegExp(pattern).test(host);

[xeruf]

Yep, just found that https://github.com/mastodon/mastodon/issues/15561 is matched by !*mastodon.* , Personal and was confused...