sparky2012 sparky2012 - 4 months ago 9
Javascript Question

What is the purpose of this function? (Found in lastpass login)

I was looking through the html code of the lastpass login site (https://lastpass.com/?ac=1&lpnorefresh=1) and came across this script (https://lastpass.com/m.php/newvault?1468006601), in which there is a function called "lp_init_tlds", and I cannot for the life of me figure out what it's for. What makes it strange is that it contains lists of seemingly completely random words. Can anyone explain to me what this is for?

Thanks in advance!

Answer

The init_tlds part of the function name suggests it's initialising a list of Top-Level Domains (bearing in mind the number of valid TLDs has expanded massively in recent years). Inside the function, it's storing data across various properties with abbreviations such as fr and ro.

I'm guessing it's building up a collection of all known valid TLDs (e.g. the .com part of URLs) across all locales. My first guess is that the data it generates could be used in URL validation somehow.

However, I'm also seeing some references to specific websites like "blogspot" and "amazon" in it though. That makes me think perhaps it's also (or alternatively) used for some security checking against spoofed URLs, or as part of the equivalent-URLs feature in the LastPass product.

EDIT TO ADD: It just occurred to me that if it appears in the login-related scripts then it's probably being used to validate email addresses.