Skip to content
This repository has been archived by the owner. It is now read-only.

[hackerone] 317931 #13214

Closed
jumde opened this issue Feb 21, 2018 · 5 comments
Closed

[hackerone] 317931 #13214

jumde opened this issue Feb 21, 2018 · 5 comments

Comments

@jumde
Copy link
Contributor

@jumde jumde commented Feb 21, 2018

https://hackerone.com/reports/317931

Test Plan:

  1. Open about:preferences
  2. Change home page url:
  • 'ebаy.com/@ebаy.com' should change to 'xn--eby-7cd.com/@xn--eby-7cd.com'
  • 'ebаy.com/ebаy.com' should change to 'xn--eby-7cd.xn--com/eby-7fg.com'
  • 'ebаy.com@ebаy.com' should change to 'xn--eby-7cd.com@xn--eby-7cd.com'
@jumde jumde added the security label Feb 21, 2018
@jumde jumde self-assigned this Feb 21, 2018
@diracdeltas diracdeltas added this to the 0.22.x (Developer Channel) milestone Feb 21, 2018
@bsclifton
Copy link
Member

@bsclifton bsclifton commented Feb 21, 2018

Fixed with #13215

@LaurenWags
Copy link
Member

@LaurenWags LaurenWags commented Jun 22, 2018

@jumde could we get a test plan for this one?

@kjozwiak
Copy link
Member

@kjozwiak kjozwiak commented Jun 26, 2018

@jumde @diracdeltas I'm still seeing the same behaviour with 0.23.17 bc754eb. Example:

  • ebаy.com@ebаy.com --> xn--eby-7cd.com@xn--eby-7cd.com
  • ebаy.com/ebаy.com --> xn--eby-7cd.xn--com/eby-7fg.com
  • ebаy.com/@ebay.com --> xn--eby-7cd.com/@ebay.com

Reproduced on both macOS 10.13.14 x64 and Win 10 x64. I'm not sure what the expected behaviour is but from the looks of the hackerone report, the behaviour looks the same as the initial report.

Should this be re-opened?

@diracdeltas
Copy link
Member

@diracdeltas diracdeltas commented Jun 26, 2018

@jumde please add test steps to this issue

given https://github.com/brave/browser-laptop/pull/13215/files#diff-67408f7e7eb48fc100595349f7540aa9R303, seems like the expected behavior is 'ebаy.com/@ebаy.com' becomes 'xn--eby-7cd.com/@xn--eby-7cd.com'

@kjozwiak
Copy link
Member

@kjozwiak kjozwiak commented Jun 26, 2018

Results after talking to @jumde:

ebаy.com@ebаy.com --> xn--eby-7cd.com@xn--eby-7cd.com
ebаy.com/ebаy.com --> xn--eby-7cd.xn--com/eby-7fg.com
ebаy.com/@ebay.com --> xn--eby-7cd.com/@xn--eby-7cd.com

Verified on macOS 10.13.4 x64 using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87

Verified on Win 10 x64 VM using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87

Verified on Ubuntu 18.04 x64 VM using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants