Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] [hackerone] wayback machine URL encoding #14843

Closed
diracdeltas opened this issue Mar 19, 2021 · 1 comment · Fixed by brave/brave-core#8311
Closed

[Security] [hackerone] wayback machine URL encoding #14843

diracdeltas opened this issue Mar 19, 2021 · 1 comment · Fixed by brave/brave-core#8311
Assignees
@simonhong
Labels
OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include security
Milestone
1.24.x - Release

Comments

@diracdeltas
Copy link
Member

https://hackerone.com/reports/1130619
@diracdeltas diracdeltas added security priority/P3 The next thing for us to work on. It'll ride the trains. OS/Desktop labels Mar 19, 2021
simonhong added a commit to brave/brave-core that referenced this issue Mar 20, 2021
@simonhong
Get latest page always from wayback machine
45f5574 
By deleting timestamp value from wayback query, we can get latest saved page.
fix brave/brave-browser#14843
@simonhong simonhong mentioned this issue Mar 20, 2021
Merged
24 tasks
simonhong added a commit to brave/brave-core that referenced this issue Mar 22, 2021
@simonhong
Get latest page always from wayback machine
31413cd 
By deleting timestamp value from wayback query, we can get latest saved page.
fix brave/brave-browser#14843
@simonhong simonhong added this to the 1.24.x - Nightly milestone Mar 24, 2021
@stephendonner
Copy link

stephendonner commented Mar 25, 2021
edited by GeetaSarvadnya
Loading

Verified PASSED using the testplan from brave/brave-core#8311 on build

Brave 1.24.26 Chromium: 90.0.4430.30 (Official Build) nightly (x86_64)
Revision 5674335ff855e43f3bccf8cfc29a779bdf0d067f-refs/branch-heads/4430@{#532}
OS macOS Version 11.2.3 (Build 20D91)

Steps:

  1. Loaded https://en.wikipedia.org/wiki/1960%E2%80%9361_UE_Lleida_season?&timestamp=20160101
  2. Pressed Check for saved version button
  3. Checked and verified that https://web.archive.org/web/20210315191803/https://en.wikipedia.org/wiki/1960%E2%80%9361_UE_Lleida_season is loaded

Screen Shot 2021-03-25 at 9 51 09 AM

Screen Shot 2021-03-25 at 9 52 00 AM

Verification passed on

Brave 1.24.66 Chromium: 90.0.4430.72 (Official Build) beta (64-bit)
Revision b6172ef8d07ef486489a4b11b66b2eaeed50d132-refs/branch-heads/4430@{#1233}
OS Ubuntu 18.04 LTS

Verified test plan from brave/brave-core#8311

image
image

Verification passed on

Brave | 1.24.69 Chromium: 90.0.4430.72 (Official Build) dev (64-bit)
-- | --
Revision | b6172ef8d07ef486489a4b11b66b2eaeed50d132-refs/branch-heads/4430@{#1233}
OS | Windows 10 OS Version 2004 (Build 19041.928)

@LaurenWags LaurenWags changed the title [hackerone] wayback machine URL encoding [Security] [hackerone] wayback machine URL encoding May 4, 2021
@LaurenWags LaurenWags mentioned this issue May 4, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@simonhong simonhong

Labels
OS/Desktop priority/P3 The next thing for us to work on. It'll ride the trains. QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Yes release-notes/include security
Projects
None yet
Milestone
1.24.x - Release
Development

Successfully merging a pull request may close this issue.

Get latest page always from wayback machine brave/brave-core
6 participants
@stephendonner @diracdeltas @simonhong @LaurenWags @btlechowski @GeetaSarvadnya