Escape RegExp characters in e-mail in keyCheck() function

[kylekatarnls]

Hello!

By looking at the code at https://github.com/ProtonMail/pmcrypto/blob/master/lib/key/check.js#L18 I assume that if info.user.userId ends with "<jackyblack@foo.com>" and email is "jack.black@foo.com", it would match as . is any character in regular expression.

I think this would trigger unwanted behaviors.

If my analyse sounds correct to you, you can assign this issue to me and I will propose a PR to escape this email variable.

[twiss]

Hey 👋 Good catch! Yeah, a PR would be welcome. Instead of escaping the regex, you could also just check directly whether the string contains the email (e.g. using indexOf or lastIndexOf).

[kylekatarnls]

I guess pmcrypto aims to be compatible out of the box with IE, but with a String.prototype polyfill, we could use endsWith which would be the more appropriate tool IMO.

[kylekatarnls]

I see Array.prototype.includes is used in check.js, so I assume String.prototype.endsWith can be used too as it's the same range of compatibility.

[twiss]

Unfortunately we can't, because while array.includes is polyfilled in openpgp.js, a dependency of pmcrypto (https://github.com/openpgpjs/openpgpjs/blob/e29de76dc1d86a25b3fe6d20c7dc21c78e8c9ec2/src/polyfills.js#L27-L29); string.endsWidth isn't. We could of course add it there or here, but for just a single use I think it's probably not really worth it .-.

[kylekatarnls]

No problem, .substr() will do the job. I think it's faster than indexOf has this last one would read the whole string.

[twiss]

👍 Good point :) Thanks for the PR! I will look at it soon(TM).