nobody
/
LocalCDN
13
72
Fork 5
Code Issues 2 Pull Requests 0 Releases 71 Wiki Activity
Labels Milestones
New Issue

#277 Check request.statusCode == 200 in core/manipulate-dom.js

Closed
opened 1 week ago by Jaap · 2 comments
Jaap commented 1 week ago

Hey Nobody,

I found a bug in the HTML filtering code in core/manipulate-dom.js
If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step.
So if a redirect has content-type: text/html;charset=AAA and then the actual 200 response has content-type: text/html;charset=BBB then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other.

How to fix: check that the details.statusCode is 200 early on in manipulateDOM._removeCrossOriginAndIntegrityAttr in core/manipulate-dom.js.

Hey Nobody, I found a bug in the HTML filtering code in core/manipulate-dom.js If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step. So if a redirect has `content-type: text/html;charset=AAA` and then the actual 200 response has `content-type: text/html;charset=BBB` then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other. **How to fix**: check that the `details.statusCode` is 200 early on in `manipulateDOM._removeCrossOriginAndIntegrityAttr` in `core/manipulate-dom.js`.
nobody commented 1 week ago
Poster
Owner

Hey Jaab,

Thank you very much for this tip. I will update this directly. 👍 👍 👍

A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. 😉

20d24a8f4e, e597707eae

Hey Jaab, Thank you very much for this tip. I will update this directly. 👍 👍 👍 A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. :wink: https://codeberg.org/nobody/LocalCDN/commit/20d24a8f4e079e1ca0f92c73a8ed201c3ce6935f, https://codeberg.org/nobody/LocalCDN/commit/e597707eaeefa1748a593d59dc353ab6661cfa5d
nobody added the
bug
label 1 week ago
nobody added this to the v2.6.3 milestone 1 week ago
nobody referenced this issue from a commit 1 week ago
Fixed: HTML filter (#277)
nobody closed this issue 1 week ago
Jaap commented 1 week ago
Poster

Excellent!
Thank you sir.

Excellent! Thank you sir.
👍 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
main
Labels
Apply labels
Clear labels
bug
Something is not working Chromium incompatibility
Not compatible with chromium based browsers documentation
documentation duplicate
This issue or pull request already exists enhancement
Feature request/Enhancement firefox-bug
Firefox bug help wanted
Need some help invalid
Something is wrong missing framework/mapping
Missing framework or mapping need info
Need info from the reporter observation question/discussion
Question about the extension sop/cors
Same-Origin-Policy or Cross-Origin-Resource-Sharing testing
testing update framework
Update framework website
Own Website (www.localcdn.org) wontfix
This won't be fixed
No Label
bug
Chromium incompatibility
documentation
duplicate
enhancement
firefox-bug
help wanted
invalid
missing framework/mapping
need info
observation
question/discussion
sop/cors
testing
update framework
website
wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
v2.6.3
Assignees
Assign users
Clear assignees
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes