[Falkon] [Bug 467139] New: Greasemonkey leaks data to server

Thu, 09 Mar 2023 21:47:37 -0800 

https://bugs.kde.org/show_bug.cgi?id=467139

            Bug ID: 467139
           Summary: Greasemonkey leaks data to server
    Classification: Applications
           Product: Falkon
           Version: 22.12.3
          Platform: Archlinux
                OS: Linux
            Status: REPORTED
          Severity: major
          Priority: NOR
         Component: extensions
          Assignee: now...@gmail.com
          Reporter: sjeh...@yandex.com
  Target Milestone: ---

SUMMARY
Greasemonkey for Falkon reveals to server "namespace" of userscript and
filename of javascript script specified at "requires".
USERSCRIPT-NAMESPACE
FILENAME-OF-JAVASCRIPT-LIBRARY.js

> 127.0.0.1 - - [10/Mar/2023 07:33:51] "GET 
> /userscript:org.USERSCRIPT-NAMESPACE/FILENAME-OF-JAVASCRIPT-LIBRARY.js.map 
> HTTP/1.1" 404 -
> 127.0.0.1 - - [10/Mar/2023 07:33:51] code 404, message File not found
> 127.0.0.1 - - [10/Mar/2023 07:33:51] "GET /favicon.ico HTTP/1.1" 404 -
> 127.0.0.1 - - [10/Mar/2023 07:33:51] code 404, message File not found
> 127.0.0.1 - - [10/Mar/2023 07:33:51] "GET 
> /sm/dfa89cd34ca5cacfbf5dd490fcf5e8ee48d8547549a5e4121cc4a36c06fa568d.map 
> HTTP/1.1" 404 -
> 127.0.0.1 - - [10/Mar/2023 07:34:06] "GET / HTTP/1.1" 304 -
> 127.0.0.1 - - [10/Mar/2023 07:34:06] code 404, message File not found
> 127.0.0.1 - - [10/Mar/2023 07:34:06] "GET 
> /userscript:org.USERSCRIPT-NAMESPACE/hls.min.js.map HTTP/1.1" 404 -
> 127.0.0.1 - - [10/Mar/2023 07:34:06] code 404, message File not found
> 127.0.0.1 - - [10/Mar/2023 07:34:06] "GET /favicon.ico HTTP/1.1" 404 -
> 127.0.0.1 - - [10/Mar/2023 07:34:06] code 404, message File not found
> 127.0.0.1 - - [10/Mar/2023 07:34:06] "GET 
> /sm/dfa89cd34ca5cacfbf5dd490fcf5e8ee48d8547549a5e4121cc4a36c06fa568d.map 
> HTTP/1.1" 404 -
> 127.0.0.1 - - [10/Mar/2023 07:34:06] "GET /assets/swift.svg HTTP/1.1" 200 -
> 127.0.0.1 - - [10/Mar/2023 07:35:06] "GET /scripts/main.js HTTP/1.1" 304 -

STEPS TO REPRODUCE
1. Install a userscript which requires a library.
2. Execute `python3 -m http.server 9000` (I tested it with
https://github.com/ge0rg/easy-xmpp-invitation)
3. Load page via addressbar; or
4. Load page via History either from sidebar or drop-down menu of addressbar

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to