nsContentUtils::IsURIInList improperly handles multiple records from the same origin
Categories
(Core :: Privacy: Anti-Tracking, defect)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox72 | --- | fixed |
People
(Reporter: englehardt, Assigned: ehsan.akhgari)
References
Details
Attachments
(2 files)
nsContentUtils::IsURIInList is called here when checking if the a URI being classified matches the skip list. aURI is the URI to be classified and aBlackList is the skip list (a comma separated string of patterns).
If the skip list contains *.example.com, then all subdomains of example.com are unblocked, but not https://example.com itself. If we want to skip the base domain as well as all subdomains, the skip list should contain both *.example.com and example.com. However, if *.example.com appears before example.com in aBlackList, the second record will fail to apply.
To understand why, consider a two-item skip list, *.example.com,example.com, and a lookup for https://example.com/favicon.ico. The aBlackList.Find call here returns an index of 2 for the host example.com,. This is because Find matches the *.example.com skiplist record instead of example.com. As expected, example.com fails the remainder of the checks for *.example.com and returns False. If the records in the skip list are reversed (i.e., example.com,*.example.com) this works as expected since Find matches the correct rule.
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 1•6 years ago
|
||
|
||
Comment 3•6 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Comment 4•6 years ago
|
||
|
||
Comment 6•6 years ago
|
||
| bugherder | ||
Description
•