nobody
/
LocalCDN
16
149
Fork 9
Code Issues Pull Requests Releases 57 Wiki Activity
Labels Milestones
New Issue

Check request.statusCode == 200 in core/manipulate-dom.js #277

Closed
opened 7 months ago by Jaap · 2 comments
Jaap commented 7 months ago

Hey Nobody,

I found a bug in the HTML filtering code in core/manipulate-dom.js
If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step.
So if a redirect has content-type: text/html;charset=AAA and then the actual 200 response has content-type: text/html;charset=BBB then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other.

How to fix: check that the details.statusCode is 200 early on in manipulateDOM._removeCrossOriginAndIntegrityAttr in core/manipulate-dom.js.

Hey Nobody, I found a bug in the HTML filtering code in core/manipulate-dom.js If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step. So if a redirect has `content-type: text/html;charset=AAA` and then the actual 200 response has `content-type: text/html;charset=BBB` then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other. **How to fix**: check that the `details.statusCode` is 200 early on in `manipulateDOM._removeCrossOriginAndIntegrityAttr` in `core/manipulate-dom.js`.
nobody commented 7 months ago
Owner

Hey Jaab,

Thank you very much for this tip. I will update this directly. 👍 👍 👍

A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. 😉

20d24a8f4e, e597707eae

Hey Jaab, Thank you very much for this tip. I will update this directly. 👍 👍 👍 A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. :wink: https://codeberg.org/nobody/LocalCDN/commit/20d24a8f4e079e1ca0f92c73a8ed201c3ce6935f, https://codeberg.org/nobody/LocalCDN/commit/e597707eaeefa1748a593d59dc353ab6661cfa5d
nobody added the
bug
 label 7 months ago
nobody added this to the v2.6.3 milestone 7 months ago
nobody referenced this issue from a commit 7 months ago
Fixed: HTML filter (#277)
nobody closed this issue 7 months ago
Jaap commented 7 months ago
Poster

Excellent!
Thank you sir.

Excellent! Thank you sir.
👍 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
develop
main
Labels
Apply labels
Clear labels
bug
Something is not working Chromium incompatibility
Not compatible with chromium based browsers documentation
documentation duplicate
This issue or pull request already exists enhancement
Feature request/Enhancement firefox-bug
Firefox bug help wanted
Need some help invalid
Something is wrong missing framework/mapping
Missing framework or mapping need info
Need info from the reporter observation question/discussion
Question about the extension sop/cors
Same-Origin-Policy or Cross-Origin-Resource-Sharing testing
testing update framework
Update framework website
Own Website (www.localcdn.org) wontfix
This won't be fixed
No Label bug Chromium incompatibility documentation duplicate enhancement firefox-bug help wanted invalid missing framework/mapping need info observation question/discussion sop/cors testing update framework website wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
v2.6.3
Assignees
Assign users
Clear assignees
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes