richard pushed to branch tor-browser-115.3.1esr-13.0-1 at The Tor Project / Applications / Tor Browser
Commits: c02fa5a8 by hackademix at 2023-10-10T16:58:37+00:00 fixup! Bug 27476: Implement about:torconnect captive portal within Tor Browser
Bug 41766: Sanitize about:torconnect redirects.
- - - - -
1 changed file:
- browser/components/torconnect/content/aboutTorConnect.js
Changes:
===================================== browser/components/torconnect/content/aboutTorConnect.js ===================================== @@ -822,15 +822,21 @@ class AboutTorConnect { }
async init() { + // if the user gets here manually or via the button in the urlbar + // then we will redirect to about:tor + this.redirect = "about:tor"; + // see if a user has a final destination after bootstrapping let params = new URLSearchParams(new URL(document.location.href).search); if (params.has("redirect")) { - const encodedRedirect = params.get("redirect"); - this.redirect = decodeURIComponent(encodedRedirect); - } else { - // if the user gets here manually or via the button in the urlbar - // then we will redirect to about:tor - this.redirect = "about:tor"; + try { + const redirect = new URL(decodeURIComponent(params.get("redirect"))); + if (/^(?:https?|about):$/.test(redirect.protocol)) { + this.redirect = redirect.href; + } + } catch (e) { + console.error(e, `Invalid redirect URL "${params.get("redirect")}"!`); + } }
let args = await RPMSendQuery("torconnect:get-init-args");
View it on GitLab: https://gitlab.torproject.org/tpo/applications/tor-browser/-/commit/c02fa5a8...