richard pushed to branch tor-browser-115.3.1esr-13.0-1 at The Tor Project / Applications / Tor Browser

Commits:

1 changed file:

Changes:

  • browser/components/torconnect/content/aboutTorConnect.js
    ... ... @@ -822,15 +822,21 @@ class AboutTorConnect {
    822 822
       }
    
    823 823
     
    
    824 824
       async init() {
    
    825
    +    // if the user gets here manually or via the button in the urlbar
    
    826
    +    // then we will redirect to about:tor
    
    827
    +    this.redirect = "about:tor";
    
    828
    +
    
    825 829
         // see if a user has a final destination after bootstrapping
    
    826 830
         let params = new URLSearchParams(new URL(document.location.href).search);
    
    827 831
         if (params.has("redirect")) {
    
    828
    -      const encodedRedirect = params.get("redirect");
    
    829
    -      this.redirect = decodeURIComponent(encodedRedirect);
    
    830
    -    } else {
    
    831
    -      // if the user gets here manually or via the button in the urlbar
    
    832
    -      // then we will redirect to about:tor
    
    833
    -      this.redirect = "about:tor";
    
    832
    +      try {
    
    833
    +        const redirect = new URL(decodeURIComponent(params.get("redirect")));
    
    834
    +        if (/^(?:https?|about):$/.test(redirect.protocol)) {
    
    835
    +          this.redirect = redirect.href;
    
    836
    +        }
    
    837
    +      } catch (e) {
    
    838
    +        console.error(e, `Invalid redirect URL "${params.get("redirect")}"!`);
    
    839
    +      }
    
    834 840
         }
    
    835 841
     
    
    836 842
         let args = await RPMSendQuery("torconnect:get-init-args");