Browser converts integers to IP addresses with forwardslash
Categories
(Core :: Networking, defect)
Tracking
()
People
(Reporter: 0xFNDH, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0
Steps to reproduce:
Enter number followed by a forward slash
Actual results:
Firefox converts the number into an IP address
POC Search: 16843009/ == http://1.1.1.1/ (cloudflare dns)
POC Search: 2130706433/ == http://127.0.0.1/ (localhost)
Expected results:
A search index of <number>%2f or 16843009%2f, to avoid accidently going to an IP address when dividing numbers. This error has a low security impact for how it could be used to get someone to visit an IP address accidently.
Comment 1•1 year ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Security' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
Comment 2•1 year ago
|
||
This issue is probably "working as intended", because that's just how URL parsing works. The spec at https://url.spec.whatwg.org/#host-parsing has some funny examples.
Redirecting to the Networking team to ensure that we're 100% aligned with the standard.
Comment 3•1 year ago
|
||
FWIW, It's cnclear if the POC was supposed to be in the address bar, but it also works in HTML, which is why I'm pointing at the network layer.
Example:
- in a console start a webserver that listens on port 8080, e.g.
python3 -m http.server
- Go to a web page that contains a numerical IP address in a URL. For example like so
<img src="http://2130706433:8000/" />
Comment 4•1 year ago
|
||
Yes, that's expected behaviour of how URL parsing works.
See https://url.spec.whatwg.org/#ends-in-a-number-checker and https://url.spec.whatwg.org/#concept-ipv4-parser
Description
•