fix: ensure dots in content script patterns aren't used as wildcards (#17593)

* fix: ensure dots in content script patterns aren't used as wildcards

* chore: sanitise all regexp special chars

* chore: extract to helper

* chore: fixup helper

lib/renderer/content-scripts-injector.ts

@@ -21,11 +21,15 @@ const getIsolatedWorldIdForInstance = () => {
   return isolatedWorldIds++
 }
 
+const escapePattern = function (pattern: string) {
+  return pattern.replace(/[\\^$+?.()|[\]{}]/g, '\\$&')
+}
+
 // Check whether pattern matches.
 // https://developer.chrome.com/extensions/match_patterns
 const matchesPattern = function (pattern: string) {
   if (pattern === '<all_urls>') return true
-  const regexp = new RegExp(`^${pattern.replace(/\*/g, '.*')}$`)
+  const regexp = new RegExp(`^${pattern.split('*').map(escapePattern).join('.*')}$`)
   const url = `${location.protocol}//${location.host}${location.pathname}`
   return url.match(regexp)
 }