Closed
Bug 1187347
Opened 10 years ago
Closed 10 years ago
service workers should reject scope and script URLs with %2f and %5c encoded characteres
Categories
(Core :: DOM: Service Workers, defect)
Core
DOM: Service Workers
Tracking
()
RESOLVED
DUPLICATE
of bug 1185640
People
(Reporter: bkelly, Unassigned)
References
Details
This is an issue that was raised by a user to to the chrome team. It appears some broken servers will decode %2f and %5c to slash characters before evaluating a URL. The browser doesn't, though. So the scope path restrictions can be bypassed on those servers.
https://github.com/slightlyoff/ServiceWorker/issues/630
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•