New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[hackerone] validate wayback URL before navigating #32395
Comments
fix brave/brave-browser#32395 Only allow to load http/https scheme and valid wayback domain.
fix brave/brave-browser#32395 Only allow to load valid wayback url that has http/https scheme and valid wayback domain.
fix brave/brave-browser#32395 Only allow to load valid wayback url that has http/https scheme and valid wayback domain.
The above requires |
Verified with
Using the STR/Cases outlined via #32395 (comment), ensured that
Verification PASSED on
Using the STR/Cases outlined via #32395 (comment), ensured that
|
see https://bravesoftware.slack.com/archives/C6R461GF4/p1692466879103279?thread_ts=1692442338.103219&cid=C6R461GF4 for details
reported at https://hackerone.com/reports/2117246 and https://hackerone.com/reports/2113111 by xiaoyinl
STR:
https://brave-api.archive.org/wayback/available?url=https://brave.com/bo/
.Sorry, there is no saved version available.
Note: As it's platform independent, checking on one platform would be sufficient.
The text was updated successfully, but these errors were encountered: