New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape domain detection has a leak #339

Closed
alexnederlof opened this Issue Sep 8, 2013 · 0 comments

Comments

Projects
None yet
1 participant
@alexnederlof
Member

alexnederlof commented Sep 8, 2013

When crawljax asserts if it has left the domain it checks if the host of its current url is in the new url.

This is done here in Crawljax.java

However, when it visits a social platform like Google+, that new URL has the domain int it as well, as a parameter.

Crawljax should check that the hostname occurs in the host part of the current URL.

@ghost ghost assigned alexnederlof Sep 8, 2013

alexnederlof added a commit that referenced this issue Nov 7, 2013

Crawler checks if left domain by hostname.
Before this was done using `String.contains(x)`. However, that does not
work when in the new URL on another domain, the original domain is
passed through as a query parameter. Because the new method compares
hostnames, this cannot happen anymore.

Fixes #339

@amesbah amesbah closed this in #357 Nov 8, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment