[tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.3.1esr-13.0-1] fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser

To: tor-commits@xxxxxxxxxxxxxxxxxxxx

Subject: [tor-commits] [Git][tpo/applications/tor-browser][tor-browser-115.3.1esr-13.0-1] fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser

From: "richard \(@richard\) via tor-commits" <tor-commits@xxxxxxxxxxxxxxxxxxxx>

Date: Tue, 10 Oct 2023 17:07:51 +0000

Auto-submitted: auto-generated

Cc: "richard \(@richard\)" <git@xxxxxxxxxxxxxxxxxxxxx>

Delivered-to: archiver@xxxxxxxx

Delivery-date: Tue, 10 Oct 2023 13:08:04 -0400

Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.torproject.org; s=2022-eugeni; t=1696957681; bh=iAVrutT7Fb+Imsc/lW7RWX7lSCL7TY7tiYdvk+BdiOA=; h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=nGi1HiWcQ7Wr/SSnFxL6RFMZHy8fapSGnRYE/b2pBSjd4E5Gq38P6ddkDCD/4YU+w QUhiaMJsohgVt6G4unksWC3NvqAX2zKc8RvrOCkpGb1bjKHee6DCER+EFVA9PSZC60 imRmuW+1kx7kPm3XZrCrJjjLmKtFKpeUbVJU7MZf7dHbD1Y8L7ZBts8N8/x/7G15Hu aNI2odn/RoscfcujbCpcrWTpMqonU2DVrgzgrGC7hU4cfBl/RXbBZW4qd8RFdWluJf T3MZnUM96YoJdH+VRGIYpq4l0eFcmCfTK7dm8zlpNhlcGv6alKBkXWy8vxSOT4EiGn 1XmqD0Rr4HmpA==

List-archive: <http://lists.torproject.org/pipermail/tor-commits/>

List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>

List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>

List-post: <mailto:tor-commits@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>

Reply-to: noreply@xxxxxxxxxxxxxx

Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

Title: GitLab

richard pushed to branch tor-browser-115.3.1esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

c02fa5a8

by hackademix at 2023-10-10T16:58:37+00:00

fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser

Bug 41766: Sanitize about:torconnect redirects.

1 changed file:

browser/components/torconnect/content/aboutTorConnect.js

Changes:

browser/components/torconnect/content/aboutTorConnect.js

@@ -822,15 +822,21 @@ class AboutTorConnect {
+   }
    async init() {
 +    // if the user gets here manually or via the button in the urlbar
 +    // then we will redirect to about:tor
 +    this.redirect = "about:tor";
++
      // see if a user has a final destination after bootstrapping
      let params = new URLSearchParams(new URL(document.location.href).search);
      if (params.has("redirect")) {
 -      const encodedRedirect = params.get("redirect");
 -      this.redirect = decodeURIComponent(encodedRedirect);
 -    } else {
 -      // if the user gets here manually or via the button in the urlbar
 -      // then we will redirect to about:tor
 -      this.redirect = "about:tor";
 +      try {
 +        const redirect = new URL(decodeURIComponent(params.get("redirect")));
 +        if (/^(?:https?|about):$/.test(redirect.protocol)) {
 +          this.redirect = redirect.href;
 +        }
 +      } catch (e) {
 +        console.error(e, `Invalid redirect URL "${params.get("redirect")}"!`);
 +      }
+     }
      let args = await RPMSendQuery("torconnect:get-init-args");

_______________________________________________ tor-commits mailing list tor-commits@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits