Describe the bug
As mentioned in the title, whitelist options could allow the unblocking of substrings; i.e. choosing Unblock the Root Domain (*example.com*) when visiting https://www.example.com, would allow the following domains to not be blocked:
https://bad-website.com/#example.com
https://typosquatter-example.com
https://example.community
To Reproduce
Steps to reproduce the behaviour:
Go to a non-Whitelisted website, e.g. for a full example: https://subdomain.example.com/path/to/content.html
Click on tr(trace's add-on button)
Click on Whitelist
See options:
a. Unblock the Origin URL: https://subdomain.example.com/*
b. Unblock the URL path: *https://subdomain.example.com/path/to*
c. Unblock the Host URL: *subdomain.example.com*
d. Unblock the Root Domain: *example.com*
Screenshots
Here are some screenshots of testing google.com with the 'Unblock the Root Domain' option, as it is currently implemented:
Desktop (please complete the following information):
OS: Ubuntu 19.10
Browser: Firefox
Version 75.0b2 (64-bit)
Additional context
I think the following actions should be taken, but I haven't looked at the domain-matching code yet to verify how domains are matched, and would be matched after the changes.
Describe the bug As mentioned in the title, whitelist options could allow the unblocking of substrings; i.e. choosing Unblock the Root Domain (
*example.com*
) when visitinghttps://www.example.com
, would allow the following domains to not be blocked:https://bad-website.com/#example.com
https://typosquatter-example.com
https://example.community
To Reproduce Steps to reproduce the behaviour:
https://subdomain.example.com/path/to/content.html
tr
(trace's add-on button)Whitelist
https://subdomain.example.com/*
b. Unblock the URL path:*https://subdomain.example.com/path/to*
c. Unblock the Host URL:*subdomain.example.com*
d. Unblock the Root Domain:*example.com*
Screenshots Here are some screenshots of testing
google.com
with the 'Unblock the Root Domain' option, as it is currently implemented:Desktop (please complete the following information):
Additional context I think the following actions should be taken, but I haven't looked at the domain-matching code yet to verify how domains are matched, and would be matched after the changes.
*https://subdomain.example.com/path/to*
https://subdomain.example.com/path/to/*
*subdomain.example.com*
subdomain.example.com
*example.com*
example.com