I found a bug in the HTML filtering code in core/manipulate-dom.js
If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step.
So if a redirect has content-type: text/html;charset=AAA and then the actual 200 response has content-type: text/html;charset=BBB then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other.
How to fix: check that the details.statusCode is 200 early on in manipulateDOM._removeCrossOriginAndIntegrityAttr in core/manipulate-dom.js.
Hey Nobody,
I found a bug in the HTML filtering code in core/manipulate-dom.js
If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step.
So if a redirect has `content-type: text/html;charset=AAA` and then the actual 200 response has `content-type: text/html;charset=BBB` then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other.
**How to fix**: check that the `details.statusCode` is 200 early on in `manipulateDOM._removeCrossOriginAndIntegrityAttr` in `core/manipulate-dom.js`.
Hey Jaab,
Thank you very much for this tip. I will update this directly. 👍 👍 👍
A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. :wink:
https://codeberg.org/nobody/LocalCDN/commit/20d24a8f4e079e1ca0f92c73a8ed201c3ce6935f, https://codeberg.org/nobody/LocalCDN/commit/e597707eaeefa1748a593d59dc353ab6661cfa5d
Hey Nobody,
I found a bug in the HTML filtering code in core/manipulate-dom.js
If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step.
So if a redirect has
content-type: text/html;charset=AAA
and then the actual 200 response hascontent-type: text/html;charset=BBB
then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other.How to fix: check that the
details.statusCode
is 200 early on inmanipulateDOM._removeCrossOriginAndIntegrityAttr
incore/manipulate-dom.js
.Hey Jaab,
Thank you very much for this tip. I will update this directly. 👍 👍 👍
A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. 😉
20d24a8f4e
,e597707eae
Excellent!
Thank you sir.