Closed jimen0 closed 8 years ago
cc: @diracdeltas
repro'ed; thanks for the report. we should start a bug bounty program for issues like this.
Glad that the reproduction steps were enough, @diracdeltas! It would be an honour to be the first one who receives a reward from your BBP (:
If I may, I would recommend you to use Bugcrowd to host your BBP. Personally I use it to report vulnerabilities and is awesome. Anyway, HackerOne, Cobalt.io and SynAck are other options to consider.
Kind regards.
i have only used hackerone as a bug reporter myself; have heard good thoughts about bugcrowd too
Did you search for similar issues before submitting this one? Yes Describe the issue you encountered: It's possible to spoof the URL that is shown in the address bar by opening a new window and writing to it using
document.write
.Expected behavior: The browser to show the real location instead of the spoofed one.
Platform (Win7, 8, 10? macOS? Linux distro?): Ubuntu 16.04 LTS
Brave Version:
Steps to reproduce:
.html
file in your server:Screenshot if needed:
Any related issues: Same bug in Chrome for Android
Kind regards.