search

RequestPolicyContinued / requestpolicy

a web browser extension that gives you control over cross-site requests. Available for XUL/XPCOM-based browsers.
https://github.com/RequestPolicyContinued/requestpolicy/wiki
Other
252 stars 35 forks source link

[CLOSED] URLs with non-ascii characters in the path redirect improperly from redirect notification "allow" #224

Closed msxfm closed 10 years ago

msxfm commented 10 years ago

Issue by jsamuel Thursday Dec 22, 2011 at 19:01 GMT Originally opened as https://github.com/RequestPolicy/requestpolicy/issues/224

imported trac ticket
created: 2011-04-22 12:23:33
reporter: justin

The following shortened url:

http://bit.ly/dS5fSO

redirects to a url with a non-ascii character in the path:

https://blog.whitehatsec.com/whitehat-security’s-approach-to-detecting-cross-site-request-forgery-csrf/

However, RP redirects to the following when a user clicks "allow" from the redirect notification:

https://blog.whitehatsec.com/whitehat-security%C3%A2%C2%80%C2%99s-approach-to-detecting-cross-site-request-forgery-csrf/

This second link is not equivalent to the first and the result is a 404.

msxfm commented 10 years ago

Comment by jsamuel Thursday Dec 22, 2011 at 19:01 GMT

imported trac comment
created: 2011-09-04 12:45:30
author: justin

Testing again now. This appears to not be a problem anymore. I'm not sure what changed. I even tested with old versions (RP 0.5.16 on Fx 3.6.13) and this isn't a problem now.

It's definitely possible that there's still a bug around but I'll wait until someone reports a similar bug before looking into this again.