This repository has been archived by the owner. It is now read-only.

[hackerone] 317931 #13214

Closed
jumde opened this Issue Feb 21, 2018 · 5 comments

Comments

@jumde
Copy link
Contributor

jumde commented Feb 21, 2018

https://hackerone.com/reports/317931

Test Plan:

  1. Open about:preferences
  2. Change home page url:
  • 'ebаy.com/@ebаy.com' should change to 'xn--eby-7cd.com/@xn--eby-7cd.com'
  • 'ebаy.com/ebаy.com' should change to 'xn--eby-7cd.xn--com/eby-7fg.com'
  • 'ebаy.com@ebаy.com' should change to 'xn--eby-7cd.com@xn--eby-7cd.com'

@jumde jumde added the security label Feb 21, 2018

@jumde jumde self-assigned this Feb 21, 2018

@diracdeltas diracdeltas added this to the 0.22.x (Developer Channel) milestone Feb 21, 2018

@bsclifton

This comment has been minimized.

Copy link
Member

bsclifton commented Feb 21, 2018

Fixed with #13215

@LaurenWags

This comment has been minimized.

Copy link

LaurenWags commented Jun 22, 2018

@jumde could we get a test plan for this one?

@kjozwiak

This comment has been minimized.

Copy link
Member

kjozwiak commented Jun 26, 2018

@jumde @diracdeltas I'm still seeing the same behaviour with 0.23.17 bc754eb. Example:

  • ebаy.com@ebаy.com --> xn--eby-7cd.com@xn--eby-7cd.com
  • ebаy.com/ebаy.com --> xn--eby-7cd.xn--com/eby-7fg.com
  • ebаy.com/@ebay.com --> xn--eby-7cd.com/@ebay.com

Reproduced on both macOS 10.13.14 x64 and Win 10 x64. I'm not sure what the expected behaviour is but from the looks of the hackerone report, the behaviour looks the same as the initial report.

Should this be re-opened?

@diracdeltas

This comment has been minimized.

Copy link
Member

diracdeltas commented Jun 26, 2018

@jumde please add test steps to this issue

given https://github.com/brave/browser-laptop/pull/13215/files#diff-67408f7e7eb48fc100595349f7540aa9R303, seems like the expected behavior is 'ebаy.com/@ebаy.com' becomes 'xn--eby-7cd.com/@xn--eby-7cd.com'

@kjozwiak

This comment has been minimized.

Copy link
Member

kjozwiak commented Jun 26, 2018

Results after talking to @jumde:

ebаy.com@ebаy.com --> xn--eby-7cd.com@xn--eby-7cd.com
ebаy.com/ebаy.com --> xn--eby-7cd.xn--com/eby-7fg.com
ebаy.com/@ebay.com --> xn--eby-7cd.com/@xn--eby-7cd.com

Verified on macOS 10.13.4 x64 using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87

Verified on Win 10 x64 VM using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87

Verified on Ubuntu 18.04 x64 VM using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.