Roundup Tracker - Issues


Author rouilj
Recipients antmail, rouilj
Date 2020-08-13.02:48:03
Message-id <>

* Where possible, have the user provide short name, ID or token which 
is mapped server-side to a full target URL.

  *    This provides the highest degree of protection against the 
attack tampering with the URL.
  *    Be careful that this doesn't introduce an enumeration 
vulnerability where a user could cycle through IDs to find all 
possible redirect targets

by prepending the site url, I am attempting to use a short name in the 
redirect. This also recommends:

Validating URLs

When attempting to validate and sanitise user-input to determine 
whether the URL is safe, wherever possible you should use a built-in 
library or function to parse the URLs, such as parse_url() in PHP, 
rather than rolling your own parser using regex. Additionally, make 
sure that you take the following into account:

    Input starting with a / to redirect to local pages is not safe. 
// is a valid URL.
    Input starting with the desired domain name is not safe. is valid.
    Only allow HTTP(S) protocols. All other protocols, including 
JavaScript URIs such as javascript:alert(1) should be blocked
    Data URIs such as data:text/html,<script>alert(document.domain)
</script> should be blocked

I think my technique is guarding against all of these, but it needs to 
be tested.
Date User Action Args
2020-08-13 02:48:03rouiljsetmessageid: <>
2020-08-13 02:48:03rouiljsetrecipients: + rouilj, antmail
2020-08-13 02:48:03rouiljlinkissue2550951 messages
2020-08-13 02:48:03rouiljcreate