#277 Check request.statusCode == 200 in core/manipulate-dom.js

Closed
opened 1 week ago by Jaap · 2 comments
Jaap commented 1 week ago

Hey Nobody,

I found a bug in the HTML filtering code in core/manipulate-dom.js
If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step.
So if a redirect has content-type: text/html;charset=AAA and then the actual 200 response has content-type: text/html;charset=BBB then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other.

How to fix: check that the details.statusCode is 200 early on in manipulateDOM._removeCrossOriginAndIntegrityAttr in core/manipulate-dom.js.

Hey Nobody, I found a bug in the HTML filtering code in core/manipulate-dom.js If a 301 redirect or a 401 unauthorized occurs, the response HTML is filtered multiple times, each time with the charset of each step. So if a redirect has `content-type: text/html;charset=AAA` and then the actual 200 response has `content-type: text/html;charset=BBB` then the content is filtered twice and the HTML is interpreted as charset AAA in one filtering step and as BBB in the other. **How to fix**: check that the `details.statusCode` is 200 early on in `manipulateDOM._removeCrossOriginAndIntegrityAttr` in `core/manipulate-dom.js`.
nobody commented 1 week ago
Poster
Owner

Hey Jaab,

Thank you very much for this tip. I will update this directly. 👍 👍 👍

A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. 😉

20d24a8f4e, e597707eae

Hey Jaab, Thank you very much for this tip. I will update this directly. 👍 👍 👍 A few weeks ago I modified this part a little bit. Maybe the changes are also interesting for you. :wink: https://codeberg.org/nobody/LocalCDN/commit/20d24a8f4e079e1ca0f92c73a8ed201c3ce6935f, https://codeberg.org/nobody/LocalCDN/commit/e597707eaeefa1748a593d59dc353ab6661cfa5d
nobody added the
bug
label 1 week ago
nobody added this to the v2.6.3 milestone 1 week ago
nobody referenced this issue from a commit 1 week ago
nobody closed this issue 1 week ago
Jaap commented 1 week ago
Poster

Excellent!
Thank you sir.

Excellent! Thank you sir.
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.