Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

[hackerone] 317931 #13214

Closed
jumde opened this issue Feb 21, 2018 · 5 comments
Closed

[hackerone] 317931 #13214

jumde opened this issue Feb 21, 2018 · 5 comments

Comments

@jumde
Copy link
Contributor

jumde commented Feb 21, 2018

https://hackerone.com/reports/317931

Test Plan:

  1. Open about:preferences
  2. Change home page url:
  • 'ebаy.com/@ebаy.com' should change to 'xn--eby-7cd.com/@xn--eby-7cd.com'
  • 'ebаy.com/ebаy.com' should change to 'xn--eby-7cd.xn--com/eby-7fg.com'
  • 'ebаy.com@ebаy.com' should change to 'xn--eby-7cd.com@xn--eby-7cd.com'
@jumde jumde added the security label Feb 21, 2018
@jumde jumde self-assigned this Feb 21, 2018
@diracdeltas diracdeltas added this to the 0.22.x (Developer Channel) milestone Feb 21, 2018
@bsclifton
Copy link
Member

Fixed with #13215

@LaurenWags
Copy link
Member

@jumde could we get a test plan for this one?

@kjozwiak
Copy link
Member

@jumde @diracdeltas I'm still seeing the same behaviour with 0.23.17 bc754eb. Example:

  • ebаy.com@ebаy.com --> xn--eby-7cd.com@xn--eby-7cd.com
  • ebаy.com/ebаy.com --> xn--eby-7cd.xn--com/eby-7fg.com
  • ebаy.com/@ebay.com --> xn--eby-7cd.com/@ebay.com

Reproduced on both macOS 10.13.14 x64 and Win 10 x64. I'm not sure what the expected behaviour is but from the looks of the hackerone report, the behaviour looks the same as the initial report.

Should this be re-opened?

@diracdeltas
Copy link
Member

@jumde please add test steps to this issue

given https://github.com/brave/browser-laptop/pull/13215/files#diff-67408f7e7eb48fc100595349f7540aa9R303, seems like the expected behavior is 'ebаy.com/@ebаy.com' becomes 'xn--eby-7cd.com/@xn--eby-7cd.com'

@kjozwiak
Copy link
Member

Results after talking to @jumde:

ebаy.com@ebаy.com --> xn--eby-7cd.com@xn--eby-7cd.com
ebаy.com/ebаy.com --> xn--eby-7cd.xn--com/eby-7fg.com
ebаy.com/@ebay.com --> xn--eby-7cd.com/@xn--eby-7cd.com

Verified on macOS 10.13.4 x64 using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87

Verified on Win 10 x64 VM using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87

Verified on Ubuntu 18.04 x64 VM using the following build:

  • 0.23.17 bc754eb
  • muon: 7.1.2
  • libchromiumcontent: 67.0.3396.87

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.