Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add test page that exposes the referrer #22

Merged
merged 2 commits into from Oct 16, 2019
Merged

Add test page that exposes the referrer #22

merged 2 commits into from Oct 16, 2019

Conversation

@englehardt
Copy link
Member

englehardt commented Oct 15, 2019

<pre id='referrer-result'></pre>
<script>
var pre = document.getElementById('referrer-result');
pre.innerHTML = document.referrer;

This comment has been minimized.

Copy link
@groovecoder

groovecoder Oct 16, 2019

Member

Where will this test page be hosted? innerHTML means XSS could happen on this domain.

This comment has been minimized.

Copy link
@englehardt

englehardt Oct 16, 2019

Author Member

heh yeah good catch! The page will be served from trackertest.org. Resources from this origin are loaded in the UI tour (mozilla/bedrock#6398 (comment)), so we probably don't want to introduce an XSS vulnerability. :)

This comment has been minimized.

Copy link
@englehardt

englehardt Oct 16, 2019

Author Member

Thanks! This has now been fixed.

@englehardt englehardt removed the request for review from groovecoder-mozilla-owner Oct 16, 2019
@englehardt englehardt merged commit 96276b4 into master Oct 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.