address the fragment attack

RESOLVED FIXED

Status

()

RESOLVED FIXED
13 years ago
5 years ago

People

(Reporter: fritz, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

13 years ago
We iterate over docs checking to see if their URL matches a known bad URL that we have. We should accommodate fragments in the URL (eg, http://evil.com/index.html#foo) so we it's not trivial for a page to avoid detection by immediately re-naving the user to the URL with that fragment.

Updated

13 years ago
QA Contact: nobody → safe.browsing
Stripping the fragment is part of url canonicalization for the list lookup, so this shouldn't be an issue anymore.
Status: NEW → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → FIXED
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.