⚠️ Problems and Use Cases for Simple String Matching

Understanding the risks of simple string matching and its reasonable use in specific scenarios

Problem Example

Suppose you want to set up a shortcut for your development environment:

# ❌ Problematic configuration
dev####https://development.example.com

🚨 What problems does this cause?

This rule will match any URL containing "dev", causing unexpected redirects:

• https://example.com/development/guide → Unexpected redirect!
• https://site.com/device-info → Unexpected redirect!
• https://blog.com/devops-tutorial → Unexpected redirect!
• https://news.com/covid-vaccine → Unexpected redirect!

✅ Recommended Safe Approaches

Option 1: Exact Match (Safest)

# Only matches completely identical URLs
=dev.local####https://development.example.com

• ✅ Only matches http://dev.local
• ✅ Won't accidentally match other URLs

Option 2: Prefix Match (Recommended)

# Matches URLs starting with specified content
^dev.localhost####https://development.example.com

• ✅ Matches http://dev.localhost
• ✅ Matches http://dev.localhost/any/path
• ✅ Won't match other websites containing "dev"

Option 3: Local Address with Port

# Use port numbers to avoid conflicts
^localhost:3000####https://development.example.com

• ✅ Matches http://localhost:3000
• ✅ Won't conflict with other websites

🎯 Reasonable Use Cases for Simple String Matching

While not recommended in general, simple string matching is relatively safe in these specific scenarios:

Scenario 1: Enterprise Intranet Environment

# Enterprise internal unified naming convention
internal-*####https://gateway.company.com/redirect?to={1}
corp-*####https://intranet.company.com/{1}

Why it's safe:

• Intranet environment is relatively closed
• Enterprise can control URL naming conventions
• Won't access external conflicting websites

Scenario 2: Custom Application Protocols

# Custom application protocols
myapp://####https://web.myapp.com/
electron-app://####https://app.example.com/

Why it's safe:

• Custom protocols have uniqueness
• Won't conflict with regular HTTP/HTTPS websites
• Application-generated URLs have fixed formats

⚠️ Precautions for Using Simple String Matching

If you really need to use simple string matching, please:

1. Ensure environment isolation: Use only in intranet or specific application environments
2. Use unique identifiers: Choose strings unlikely to appear on other websites
3. Regular monitoring: Check for unexpected matches
4. Consider alternatives: Prioritize exact match or prefix match

💡 Why These Formats Are Recommended

1. Avoid Accidental Matches: Won't interfere with normal web browsing
2. Address Bar Friendly: Can be typed directly in the address bar (like dev.local)
3. Clear Semantics: Obviously indicates local development environment
4. Easy to Remember: Follows common domain naming conventions

How to Test

✅ Recommended Testing:Type dev.local or dev.localhost in the address bar

📝 Create Bookmark:Save http://dev.local as a bookmark for quick access

🔧 Programmatic Call:Use window.open('http://dev.local') in scripts

Summary

• ❌ Generally avoid: Simple string matching like dev####
• ✅ Recommended first: =dev.local#### or ^dev.localhost####
• 🎯 Special scenarios acceptable: Enterprise intranet, custom protocols, etc.
• 🛡️ Safety first: Convenient to use while not accidentally interfering with other websites