You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
However, this is for a specific use-case: when determining what part of the domain is the public suffix. Using this rule when determining whether the suffix is "known" is a huge security hole, as it essentially treats all domains as "known".
Specifically the "type" should be None, if the wildcard rule is used as a fallback.
The text was updated successfully, but these errors were encountered:
This is a security vulnerability, as programs may rely on this to screen out local domains, eg. "example.svc.local".
I understand that the algorithm described on https://publicsuffix.org/list/ specifies that:
However, this is for a specific use-case: when determining what part of the domain is the public suffix. Using this rule when determining whether the suffix is "known" is a huge security hole, as it essentially treats all domains as "known".
Specifically the "type" should be
None
, if the wildcard rule is used as a fallback.The text was updated successfully, but these errors were encountered: