mirror of
https://github.com/gorhill/uMatrix.git
synced 2024-05-02 19:33:36 +12:00
Fix infinite recursion with maliciously crafted URL
Related issue: - https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc
This commit is contained in:
parent
0bcb7669e7
commit
1603b33b27
|
@ -87,7 +87,7 @@ uDom('.what').text(details.url);
|
||||||
return s;
|
return s;
|
||||||
};
|
};
|
||||||
|
|
||||||
const renderParams = function(parentNode, rawURL) {
|
const renderParams = function(parentNode, rawURL, depth = 0) {
|
||||||
const a = document.createElement('a');
|
const a = document.createElement('a');
|
||||||
a.href = rawURL;
|
a.href = rawURL;
|
||||||
if ( a.search.length === 0 ) { return false; }
|
if ( a.search.length === 0 ) { return false; }
|
||||||
|
@ -109,9 +109,9 @@ uDom('.what').text(details.url);
|
||||||
const name = safeDecodeURIComponent(param.slice(0, pos));
|
const name = safeDecodeURIComponent(param.slice(0, pos));
|
||||||
const value = safeDecodeURIComponent(param.slice(pos + 1));
|
const value = safeDecodeURIComponent(param.slice(pos + 1));
|
||||||
const li = liFromParam(name, value);
|
const li = liFromParam(name, value);
|
||||||
if ( reURL.test(value) ) {
|
if ( depth < 2 && reURL.test(value) ) {
|
||||||
const ul = document.createElement('ul');
|
const ul = document.createElement('ul');
|
||||||
renderParams(ul, value);
|
renderParams(ul, value, depth + 1);
|
||||||
li.appendChild(ul);
|
li.appendChild(ul);
|
||||||
}
|
}
|
||||||
parentNode.appendChild(li);
|
parentNode.appendChild(li);
|
||||||
|
|
Loading…
Reference in a new issue