summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2019-12-29 19:39:35 +0100
committerhackademix2019-12-29 19:49:44 +0100
commiteaf3c8376e6a05bd20919e0f08c356982bc6abf8 (patch)
treef0ae4d1b4c8d028ec51bbb30c42dcf20580d2c59
parent3bf2aab0526f640555904218972c52c09cfd444c (diff)
downloadnoscript-eaf3c8376e6a05bd20919e0f08c356982bc6abf8.tar.gz
noscript-eaf3c8376e6a05bd20919e0f08c356982bc6abf8.tar.xz
noscript-eaf3c8376e6a05bd20919e0f08c356982bc6abf8.zip
Fixed UNTRUSTED domains accidentally set in "match HTTPS only" mode (issue #126).
-rw-r--r--src/common/Policy.js10
-rw-r--r--src/test/Policy_test.js7
2 files changed, 12 insertions, 5 deletions
diff --git a/src/common/Policy.js b/src/common/Policy.js
index 4720532..59c24a4 100644
--- a/src/common/Policy.js
+++ b/src/common/Policy.js
@@ -329,8 +329,12 @@ var {Permissions, Policy, Sites} = (() => {
if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) {
let {trusted, untrusted, temp, custom} = dry.sites;
let sites = Sites.hydrate(custom);
- for (let key of trusted) sites.set(key, options.TRUSTED);
- for (let key of untrusted) sites.set(key, options.UNTRUSTED);
+ for (let key of trusted) {
+ sites.set(key, options.TRUSTED);
+ }
+ for (let key of untrusted) {
+ sites.set(Sites.toggleSecureDomainKey(key, false), options.UNTRUSTED);
+ }
if (temp) {
let tempPreset = options.TRUSTED.tempTwin;
for (let key of temp) sites.set(key, tempPreset);
@@ -427,7 +431,7 @@ var {Permissions, Policy, Sites} = (() => {
if (perms === this.UNTRUSTED) {
cascade = true;
- Sites.toggleSecureDomainKey(siteKey, false);
+ siteKey = Sites.toggleSecureDomainKey(siteKey, false);
}
if (cascade && !url) {
for (let subMatch; (subMatch = sites.match(siteKey));) {
diff --git a/src/test/Policy_test.js b/src/test/Policy_test.js
index f12183e..5b2ecbf 100644
--- a/src/test/Policy_test.js
+++ b/src/test/Policy_test.js
@@ -9,7 +9,9 @@
p1.set("perchè.com", p1.TRUSTED);
p1.set("10", p1.TRUSTED);
p1.set("192.168", p1.TRUSTED);
- p1.set("192.168.69", p1.UNTRUSTED)
+ p1.set("192.168.69", p1.UNTRUSTED);
+ // secureDomainKey should be "downgraded" by UTRUSTED, issue #126
+ p1.set(Sites.secureDomainKey("evil.com"), p1.UNTRUSTED);
let p2 = new Policy(p1.dry());
debug("p1", JSON.stringify(p1.dry()));
debug("p2", JSON.stringify(p2.dry()));
@@ -31,7 +33,8 @@
() => !p1.can("https://192.168.69.1"),
() => !p1.can("https://10.0.0.1"),
() => p1.can("http://192.168.1.2"),
- () => p1.can("http://some.onion")
+ () => p1.can("http://some.onion"),
+ () => !p1.can("http://evil.com"),
]) Test.run(t);
Sites.onionSecure = onionSecureCurrent;
Test.report();