Path canonicalization incorrectly applied to the query parameters
Categories
(Toolkit :: Safe Browsing, defect, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox85 | --- | fixed |
People
(Reporter: hectorz, Assigned: dimi)
References
(Regressed 1 open bug, )
Details
Attachments
(3 files)
I'm trying to determine why some urls included in our safe browsing list are not blocked in Fx, and I think there's a client side bug in Fx.
Instead of Canonicalize("http://host.com//twoslashes?more//slashes") = "http://host.com/twoslashes?more//slashes";
as documented by Google, in Fx's browser console:
» let urlUtils = Cc["@mozilla.org/url-classifier/utils;1"].getService(Ci.nsIUrlClassifierUtils);
← <XPCWrappedNative_NoHelper ...>
» urlUtils.getKeyForURI(Services.io.newURI('http://host.com//twoslashes?more//slashes'));
← "host.com/twoslashes?more/slashes"
Note the more//slashes
=> more/slashes
change.
Comment 1•4 years ago
|
||
The severity field is not set for this bug.
:dimi, could you have a look please?
For more information, please visit auto_nag documentation.
Assignee | ||
Comment 2•4 years ago
|
||
(In reply to Hector Zhao [:hectorz] from comment #0)
I'm trying to determine why some urls included in our safe browsing list are not blocked in Fx, and I think there's a client side bug in Fx.
Thank you for reporting this!
Assignee | ||
Comment 3•4 years ago
|
||
Assignee | ||
Comment 4•4 years ago
|
||
Assignee | ||
Comment 5•4 years ago
|
||
Updated•4 years ago
|
Updated•4 years ago
|
Updated•4 years ago
|
Comment 7•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/2e19e69edfcb
https://hg.mozilla.org/mozilla-central/rev/bf90a5835a15
https://hg.mozilla.org/mozilla-central/rev/c50c5c214c49
Description
•