Path canonicalization incorrectly applied to the query parameters
Categories
(Toolkit :: Safe Browsing, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox85 | --- | fixed |
People
(Reporter: hectorz, Assigned: dlee)
References
()
Details
Attachments
(3 files)
I'm trying to determine why some urls included in our safe browsing list are not blocked in Fx, and I think there's a client side bug in Fx.
Instead of Canonicalize("http://host.com//twoslashes?more//slashes") = "http://host.com/twoslashes?more//slashes";
as documented by Google, in Fx's browser console:
» let urlUtils = Cc["@mozilla.org/url-classifier/utils;1"].getService(Ci.nsIUrlClassifierUtils);
← <XPCWrappedNative_NoHelper ...>
» urlUtils.getKeyForURI(Services.io.newURI('http://host.com//twoslashes?more//slashes'));
← "host.com/twoslashes?more/slashes"
Note the more//slashes
=> more/slashes
change.
Comment 1•3 years ago
|
||
The severity field is not set for this bug.
:dimi, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 2•3 years ago
|
||
(In reply to Hector Zhao [:hectorz] from comment #0)
I'm trying to determine why some urls included in our safe browsing list are not blocked in Fx, and I think there's a client side bug in Fx.
Thank you for reporting this!
Assignee | ||
Comment 3•3 years ago
|
||
Assignee | ||
Comment 4•3 years ago
|
||
Assignee | ||
Comment 5•3 years ago
|
||
Updated•3 years ago
|
Updated•3 years ago
|
Updated•3 years ago
|
Pushed by dlee@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/2e19e69edfcb P1. Safe Browsing canonicalization should not include query string r=gcp https://hg.mozilla.org/integration/autoland/rev/bf90a5835a15 P2. Safe Browsing canonicalization should escape # r=gcp https://hg.mozilla.org/integration/autoland/rev/c50c5c214c49 P3. Add testcase r=gcp
Comment 7•3 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2e19e69edfcb
https://hg.mozilla.org/mozilla-central/rev/bf90a5835a15
https://hg.mozilla.org/mozilla-central/rev/c50c5c214c49
Description
•