mirror of
https://github.com/gorhill/uMatrix.git
synced 2024-06-02 02:14:52 +12:00
Fix infinite recursion with maliciously crafted URL
Related issue: - https://github.com/vtriolet/writings/blob/main/posts/2021/ublock_origin_and_umatrix_denial_of_service.adoc
This commit is contained in:
Raymond Hill
parent
1d936742a7
commit
30c12dabdc
|
|
@ -86,7 +86,7 @@ uDom('.what').text(details.url);
|
||||||
return s;
|
return s;
|
||||||
};
|
};
|
||||||
|
|
||||||
let renderParams = function(parentNode, rawURL) {
|
let renderParams = function(parentNode, rawURL, depth = 0) {
|
||||||
let a = document.createElement('a');
|
let a = document.createElement('a');
|
||||||
a.href = rawURL;
|
a.href = rawURL;
|
||||||
if ( a.search.length === 0 ) { return false; }
|
if ( a.search.length === 0 ) { return false; }
|
||||||
|
|
@ -108,9 +108,9 @@ uDom('.what').text(details.url);
|
||||||
let name = safeDecodeURIComponent(param.slice(0, pos));
|
let name = safeDecodeURIComponent(param.slice(0, pos));
|
||||||
let value = safeDecodeURIComponent(param.slice(pos + 1));
|
let value = safeDecodeURIComponent(param.slice(pos + 1));
|
||||||
li = liFromParam(name, value);
|
li = liFromParam(name, value);
|
||||||
if ( reURL.test(value) ) {
|
if ( depth < 2 && reURL.test(value) ) {
|
||||||
let ul = document.createElement('ul');
|
let ul = document.createElement('ul');
|
||||||
renderParams(ul, value);
|
renderParams(ul, value, depth + 1);
|
||||||
li.appendChild(ul);
|
li.appendChild(ul);
|
||||||
}
|
}
|
||||||
parentNode.appendChild(li);
|
parentNode.appendChild(li);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue