search

underrobyn / AbsoluteDoubleTrace

A web extension to block browser fingerprinting (Manifest V2)
https://absolutedouble.co.uk/trace/
Other
343 stars 48 forks source link

Options to Whitelist new domain could allow unintentional unblocking of 'substring' domains #45

Open rolandog opened 4 years ago

rolandog commented 4 years ago

Describe the bug As mentioned in the title, whitelist options could allow the unblocking of substrings; i.e. choosing Unblock the Root Domain (*example.com*) when visiting https://www.example.com, would allow the following domains to not be blocked:

To Reproduce Steps to reproduce the behaviour:

  1. Go to a non-Whitelisted website, e.g. for a full example: https://subdomain.example.com/path/to/content.html
  2. Click on tr(trace's add-on button)
  3. Click on Whitelist
  4. See options: a. Unblock the Origin URL: https://subdomain.example.com/* b. Unblock the URL path: *https://subdomain.example.com/path/to* c. Unblock the Host URL: *subdomain.example.com* d. Unblock the Root Domain: *example.com*

Screenshots Here are some screenshots of testing google.com with the 'Unblock the Root Domain' option, as it is currently implemented:

Desktop (please complete the following information):

Additional context I think the following actions should be taken, but I haven't looked at the domain-matching code yet to verify how domains are matched, and would be matched after the changes.