richard pushed to branch tor-browser-115.3.1esr-13.0-1 at The Tor Project /
Applications / Tor Browser
Commits:
c02fa5a8 by hackademix at 2023-10-10T16:58:37+00:00
fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41766: Sanitize about:torconnect redirects.
- - - - -
1 changed file:
- browser/components/torconnect/content/aboutTorConnect.js
Changes:
=====================================
browser/components/torconnect/content/aboutTorConnect.js
=====================================
@@ -822,15 +822,21 @@ class AboutTorConnect {
}
async init() {
+ // if the user gets here manually or via the button in the urlbar
+ // then we will redirect to about:tor
+ this.redirect = "about:tor";
+
// see if a user has a final destination after bootstrapping
let params = new URLSearchParams(new URL(document.location.href).search);
if (params.has("redirect")) {
- const encodedRedirect = params.get("redirect");
- this.redirect = decodeURIComponent(encodedRedirect);
- } else {
- // if the user gets here manually or via the button in the urlbar
- // then we will redirect to about:tor
- this.redirect = "about:tor";
+ try {
+ const redirect = new URL(decodeURIComponent(params.get("redirect")));
+ if (/^(?:https?|about):$/.test(redirect.protocol)) {
+ this.redirect = redirect.href;
+ }
+ } catch (e) {
+ console.error(e, `Invalid redirect URL "${params.get("redirect")}"!`);
+ }
}
let args = await RPMSendQuery("torconnect:get-init-args");
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c02fa5a83953f1463981a5576386177129bed16e
--
View it on GitLab:
https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c02fa5a83953f1463981a5576386177129bed16e
You're receiving this email because of your account on gitlab.torproject.org.
_______________________________________________
tbb-commits mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-commits
