Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prj hatsune miku #658

Merged
merged 12 commits into from
Sep 12, 2022
Merged

Prj hatsune miku #658

merged 12 commits into from
Sep 12, 2022

Conversation

reashetyrr
Copy link
Contributor

draft to link

@github-actions
Copy link

github-actions bot commented Jul 30, 2022
edited

Download the artifacts for this pull request:

@lostdusty lostdusty linked an issue Jul 30, 2022 that may be closed by this pull request
SpeedForwarder (Read this) #656
Closed
6 tasks
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 2, 2022
View reviewed changes
src/js/injection_script-original.js
}
if(isGoodLink(h))
{
if(h.indexOf("://partners.popcent.net/")==-1)//tr.link

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization

'[://partners.popcent.net/](1)' can be anywhere in the URL, and arbitrary hosts may come before or after it.
src/js/injection_script-original.js
domainBypass("expertvn.com",()=>{
crowdPath(location.hash.substr(1))
crowdBypass(()=>ifElement("form.captcha[action='?']",f=>{
f.action+=location.hash

Check warning

Code scanning / CodeQL

Client-side URL redirect

Untrusted URL redirection due to [user-provided value](1).
src/js/injection_script-original.js
unsafelyAssign=target=>{
navigated=true
window.onbeforeunload=null
location.assign(target)

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters. [DOM text](2) is reinterpreted as HTML without escaping meta-characters. [DOM text](3) is reinterpreted as HTML without escaping meta-characters. [DOM text](4) is reinterpreted as HTML without escaping meta-characters.
src/js/injection_script-original.js
{
document.getElementById=()=>({submit:()=>{
let f=document.querySelector("form")
f.action="/link#"+document.querySelector("input[name='id']").value

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
src/js/injection_script-original.js
if("redirect"in d.unlockable&&"url"in d.unlockable.redirect)
{
let p=document.createElement("p"),a=document.createElement("a")
a.textContent=a.href=d.unlockable.redirect.url

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
src/js/injection_script-original.js
domainBypass(/(semawur|bercara)\.com|in11\.site/,()=>ifElement("input[type='hidden'][name='alias'][value]",i=>crowdPath(i.value),()=>crowdPath(location.hash.substr(1))))
domainBypass(/movienear\.me|lewat\.club|tautan\.pro|(droidtamvan|gubukbisnis|onlinecorp)\.me|(liveshootv|modebaca|haipedia|sekilastekno|miuiku)\.com|shrink\.world|link\.mymastah\.xyz|(sportif|cararoot)\.id|healthinsider\.online/,()=>{
ifElement("input[type='hidden'][name='alias'][value]",i=>{
i.parentNode.action+="#"+i.value+(ignoreCrowdBypass?"#ignoreCrowdBypass":"")

Check warning

Code scanning / CodeQL

DOM text reinterpreted as HTML

[DOM text](1) is reinterpreted as HTML without escaping meta-characters.
src/js/injection_script-original.js
domainBypass("4shared.com",()=>{
if(document.cookie.indexOf("exUserId=")==-1)
{
document.cookie="exUserId=0; domain=.4shared.com; path=/"

Check warning

Code scanning / CodeQL

Clear text transmission of sensitive cookie

Sensitive cookie sent without enforcing SSL encryption
@reashetyrr reashetyrr changed the base branch from main to manifest-v3 September 12, 2022 06:15
@reashetyrr reashetyrr marked this pull request as ready for review September 12, 2022 06:22
@reashetyrr reashetyrr merged commit 8d589cc into FastForwardTeam:manifest-v3 Sep 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SpeedForwarder (Read this)
2 participants
@reashetyrr @lostdusty