temporary-containers icon indicating copy to clipboard operation
temporary-containers copied to clipboard

Published 20 hours ago verified publisher icon stoically

Per domain isolation pattern effeciency

Open Gitoffthelawn opened this issue 2 years ago • 1 comments

When specifying domain patterns for per domain isolation, one can specify patterns as literals, wildcards, or regexes. See https://github.com/stoically/temporary-containers/wiki/Per-Domain-Isolation

To prevent leakage, I find it best to isolate domains whether or not a host is specified. Thus, there are 2 choices:

  1. Specifying 2 domain patterns (1 literal and 1 wildcard): example.com and *.example.com
  2. Specifying a single regex pattern: /^https?://(?:[^.]+\.|)example\.com/

Both options should match the same URLs. Based on how TC processes per-domain isolation patterns, which will be more efficient, the 1st or the 2nd?

Gitoffthelawn avatar Dec 13 '22 11:12 Gitoffthelawn

Looking closely at the code, I'm thinking the second option may be more efficient, because it looks like all globs/wildcards are converted to regex and then reprocessed: https://github.com/stoically/temporary-containers/blob/d66d9b601d44c36a57b7a91e7cc6db67f6c047f8/src/background/utils.ts#L40

Is that correct?

Gitoffthelawn avatar Dec 14 '22 01:12 Gitoffthelawn