Open jonathanKingston opened 7 years ago
Ooh this is a valid concern. utm_source
is a good low-hanging fruit. I'll peek at HTTPS Everywhere to see if I can spot a list of others they filter for. Can you think of any other params, or other obvious heuristics to filter for?
Thanks!
I don't think they have a list, I was using them as an example as the rule format they have likely will become it's own repo.
UTM as mentioned is the super low hanging fruit here which can be the initial work 👍 https://en.wikipedia.org/wiki/UTM_parameters
I'm asking people at Mozilla if we know of a list like this.
Similar bug here: https://github.com/jonathanKingston/fix-my-http/issues/8
It would be worth considering checking for value leaks too like usernames or credit cards however that will be much harder.
For UTM parameters there's: https://github.com/Rik/au-revoir-utm
The risk of leaking information across a container is very high.
It would be great to filter out known parameters when reloading the URL.
This perhaps could be an external list similar to HTTPS everywhere which blocks params like
utm_source
and filters other params based on content.