Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[hackerone] url debouncing issue #23026

Closed
diracdeltas opened this issue May 24, 2022 · 3 comments
Closed

[hackerone] url debouncing issue #23026

diracdeltas opened this issue May 24, 2022 · 3 comments
Assignees
@pes10k @fmarier @ryanbr
Labels
closed/fixed-by-component-update OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. privacy/debounce URL debouncer security

Comments

@diracdeltas
Copy link
Member

diracdeltas commented May 24, 2022
edited

https://hackerone.com/reports/1579374

short-term solution:

  1. narrow down overly-broad debounce rules like the one for FB
  2. remove "high profile redirectors" for now

https://bravesoftware.slack.com/archives/G2KN13Z8C/p1653502351425129?thread_ts=1653409613.492429&cid=G2KN13Z8C
@diracdeltas diracdeltas added security priority/P2 A bad problem. We might uplift this to the next planned release. OS/Android Fixes related to Android browser functionality OS/Desktop labels May 24, 2022
@stephendonner stephendonner added the privacy/debounce URL debouncer label May 24, 2022
@fmarier fmarier reopened this May 25, 2022
@fmarier
Copy link
Member

fmarier commented May 25, 2022
edited

brave/adblock-lists#862 covers the second point above.

We should still address the first point by looking through the existing rules to see if we can tighten up the URLs and remove as many wildcard hostnames as possible.

@fmarier
Copy link
Member

fmarier commented Jun 6, 2022

brave/adblock-lists#871 will cover the first point.

@fmarier
Copy link
Member

fmarier commented Jul 4, 2022

Both tasks are now done.

@fmarier fmarier closed this as completed Jul 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pes10k pes10k

@fmarier fmarier

@ryanbr ryanbr

Labels
closed/fixed-by-component-update OS/Android Fixes related to Android browser functionality OS/Desktop priority/P2 A bad problem. We might uplift this to the next planned release. privacy/debounce URL debouncer security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@pes10k @fmarier @stephendonner @diracdeltas @ryanbr