Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed UNTRUSTED domains accidentally set in "match HTTPS only" mode (issue #126).

This commit is contained in:
hackademix 2019-12-29 19:39:35 +01:00
parent 3bf2aab052
commit eaf3c8376e
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/common/Policy.js
View File

@ -329,8 +329,12 @@ var {Permissions, Policy, Sites} = (() => {
if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) { if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) {
let {trusted, untrusted, temp, custom} = dry.sites; let {trusted, untrusted, temp, custom} = dry.sites;
let sites = Sites.hydrate(custom); let sites = Sites.hydrate(custom);
for (let key of trusted) sites.set(key, options.TRUSTED); for (let key of trusted) {
for (let key of untrusted) sites.set(key, options.UNTRUSTED); sites.set(key, options.TRUSTED);
}
for (let key of untrusted) {
sites.set(Sites.toggleSecureDomainKey(key, false), options.UNTRUSTED);
}
if (temp) { if (temp) {
let tempPreset = options.TRUSTED.tempTwin; let tempPreset = options.TRUSTED.tempTwin;
for (let key of temp) sites.set(key, tempPreset); for (let key of temp) sites.set(key, tempPreset);
@ -427,7 +431,7 @@ var {Permissions, Policy, Sites} = (() => {
if (perms === this.UNTRUSTED) { if (perms === this.UNTRUSTED) {
cascade = true; cascade = true;
Sites.toggleSecureDomainKey(siteKey, false); siteKey = Sites.toggleSecureDomainKey(siteKey, false);
} }
if (cascade && !url) { if (cascade && !url) {
for (let subMatch; (subMatch = sites.match(siteKey));) { for (let subMatch; (subMatch = sites.match(siteKey));) {

7
src/test/Policy_test.js
View File

@ -9,7 +9,9 @@
p1.set("perchè.com", p1.TRUSTED); p1.set("perchè.com", p1.TRUSTED);
p1.set("10", p1.TRUSTED); p1.set("10", p1.TRUSTED);
p1.set("192.168", p1.TRUSTED); p1.set("192.168", p1.TRUSTED);
p1.set("192.168.69", p1.UNTRUSTED) p1.set("192.168.69", p1.UNTRUSTED);
// secureDomainKey should be "downgraded" by UTRUSTED, issue #126
p1.set(Sites.secureDomainKey("evil.com"), p1.UNTRUSTED);
let p2 = new Policy(p1.dry()); let p2 = new Policy(p1.dry());
debug("p1", JSON.stringify(p1.dry())); debug("p1", JSON.stringify(p1.dry()));
debug("p2", JSON.stringify(p2.dry())); debug("p2", JSON.stringify(p2.dry()));
@ -31,7 +33,8 @@
() => !p1.can("https://192.168.69.1"), () => !p1.can("https://192.168.69.1"),
() => !p1.can("https://10.0.0.1"), () => !p1.can("https://10.0.0.1"),
() => p1.can("http://192.168.1.2"), () => p1.can("http://192.168.1.2"),
() => p1.can("http://some.onion") () => p1.can("http://some.onion"),
() => !p1.can("http://evil.com"),
]) Test.run(t); ]) Test.run(t);
Sites.onionSecure = onionSecureCurrent; Sites.onionSecure = onionSecureCurrent;
Test.report(); Test.report();