search

tor2web / Tor2web

Tor2web is an HTTP proxy software that enables access to Tor Hidden Services by mean of common web browsers
https://www.tor2web.org
GNU Affero General Public License v3.0
700 stars 177 forks source link

Garbage data gets appended to javascript files #89

Closed FiloSottile closed 11 years ago

FiloSottile commented 11 years ago

Look at the end on any OnionJS file, like https://jsmkujutqfgknkv2.tor2web.fi/tools/validatejs/validate.min.js

That garbage is partially variable.

fpietrosanti commented 11 years ago

Can you please document a little bit better the bug by providing the differences between direct download of of the .js file and the download via tor2web?

Maybe some kind of rewriting is not working properly?

FiloSottile commented 11 years ago

Sure, here are a couple of hex diff, of two different downloads.

--- validate.js-direct  2013-04-01 13:19:57.000000000 +0200
+++ validate.js-tor2web 2013-04-01 13:19:57.000000000 +0200
@@ -295,5 +295,6 @@
 00001260  74 65 73 74 28 61 2e 76  61 6c 75 65 29 7d 7d 3b  |test(a.value)}};|
 00001270  6b 2e 46 6f 72 6d 56 61  6c 69 64 61 74 6f 72 3d  |k.FormValidator=|
 00001280  65 7d 29 28 77 69 6e 64  6f 77 2c 64 6f 63 75 6d  |e})(window,docum|
-00001290  65 6e 74 29 3b 0a                                 |ent);.|
-00001296
+00001290  65 6e 74 29 3b 0a 1f 8b  08 00 7e 6b 59 51 02 ff  |ent);.....~kYQ..|
+000012a0  03 00 00 00 00 00 00 00  00 00                    |..........|
+000012aa
--- validate.js-direct  2013-04-01 13:23:28.000000000 +0200
+++ validate.js-tor2web 2013-04-01 13:23:28.000000000 +0200
@@ -295,5 +295,6 @@
 00001260  74 65 73 74 28 61 2e 76  61 6c 75 65 29 7d 7d 3b  |test(a.value)}};|
 00001270  6b 2e 46 6f 72 6d 56 61  6c 69 64 61 74 6f 72 3d  |k.FormValidator=|
 00001280  65 7d 29 28 77 69 6e 64  6f 77 2c 64 6f 63 75 6d  |e})(window,docum|
-00001290  65 6e 74 29 3b 0a                                 |ent);.|
-00001296
+00001290  65 6e 74 29 3b 0a 1f 8b  08 00 05 6e 59 51 02 ff  |ent);......nYQ..|
+000012a0  03 00 00 00 00 00 00 00  00 00                    |..........|
+000012aa
evilaliv3 commented 11 years ago

nice finding.

@FiloSottile have you noticed if hte bug happens only on js? (i don't think so)

@naif in a future tor2web works we need to implement some automatic testing for these.

evilaliv3 commented 11 years ago

https://zitanihpqsvi2lav.tor2web.org/css/site_sipulilauta.css

ok it happens for all files that are not HTML.

618 elif keyLower == 'content-type' and re.search('text/html', valueLower): 619 self.obj.contentNeedFix = True 620 self.html = True

so the bug has life counted. :)

evilaliv3 commented 11 years ago

solved: https://github.com/globaleaks/Tor2web-3.0/issues/89