The protection added is blocking redirection attempts to text-fragments based links that take place within the app itself.
Determining a link is text-fragments based is very straight forward according to the spec.
An app should never have a legitimate reason to redirect to such a link within itself, so blocking in-app only attempts should correctly focus on attack attempts only.
Context @ #35
The protection added is blocking redirection attempts to text-fragments based links that take place within the app itself. Determining a link is text-fragments based is very straight forward according to the spec. An app should never have a legitimate reason to redirect to such a link within itself, so blocking in-app only attempts should correctly focus on attack attempts only.
Based on text-fragments based links spec @ https://developer.mozilla.org/en-US/docs/Web/Text_fragments