diff options
author | hackademix | 2019-12-29 19:39:35 +0100 |
---|---|---|
committer | hackademix | 2019-12-29 19:49:44 +0100 |
commit | eaf3c8376e6a05bd20919e0f08c356982bc6abf8 (patch) | |
tree | f0ae4d1b4c8d028ec51bbb30c42dcf20580d2c59 | |
parent | 3bf2aab0526f640555904218972c52c09cfd444c (diff) | |
download | noscript-eaf3c8376e6a05bd20919e0f08c356982bc6abf8.tar.gz noscript-eaf3c8376e6a05bd20919e0f08c356982bc6abf8.tar.xz noscript-eaf3c8376e6a05bd20919e0f08c356982bc6abf8.zip |
Fixed UNTRUSTED domains accidentally set in "match HTTPS only" mode (issue #126).
-rw-r--r-- | src/common/Policy.js | 10 | ||||
-rw-r--r-- | src/test/Policy_test.js | 7 |
2 files changed, 12 insertions, 5 deletions
diff --git a/src/common/Policy.js b/src/common/Policy.js index 4720532..59c24a4 100644 --- a/src/common/Policy.js +++ b/src/common/Policy.js @@ -329,8 +329,12 @@ var {Permissions, Policy, Sites} = (() => { if (typeof dry.sites === "object" && !(dry.sites instanceof Sites)) { let {trusted, untrusted, temp, custom} = dry.sites; let sites = Sites.hydrate(custom); - for (let key of trusted) sites.set(key, options.TRUSTED); - for (let key of untrusted) sites.set(key, options.UNTRUSTED); + for (let key of trusted) { + sites.set(key, options.TRUSTED); + } + for (let key of untrusted) { + sites.set(Sites.toggleSecureDomainKey(key, false), options.UNTRUSTED); + } if (temp) { let tempPreset = options.TRUSTED.tempTwin; for (let key of temp) sites.set(key, tempPreset); @@ -427,7 +431,7 @@ var {Permissions, Policy, Sites} = (() => { if (perms === this.UNTRUSTED) { cascade = true; - Sites.toggleSecureDomainKey(siteKey, false); + siteKey = Sites.toggleSecureDomainKey(siteKey, false); } if (cascade && !url) { for (let subMatch; (subMatch = sites.match(siteKey));) { diff --git a/src/test/Policy_test.js b/src/test/Policy_test.js index f12183e..5b2ecbf 100644 --- a/src/test/Policy_test.js +++ b/src/test/Policy_test.js @@ -9,7 +9,9 @@ p1.set("perchè.com", p1.TRUSTED); p1.set("10", p1.TRUSTED); p1.set("192.168", p1.TRUSTED); - p1.set("192.168.69", p1.UNTRUSTED) + p1.set("192.168.69", p1.UNTRUSTED); + // secureDomainKey should be "downgraded" by UTRUSTED, issue #126 + p1.set(Sites.secureDomainKey("evil.com"), p1.UNTRUSTED); let p2 = new Policy(p1.dry()); debug("p1", JSON.stringify(p1.dry())); debug("p2", JSON.stringify(p2.dry())); @@ -31,7 +33,8 @@ () => !p1.can("https://192.168.69.1"), () => !p1.can("https://10.0.0.1"), () => p1.can("http://192.168.1.2"), - () => p1.can("http://some.onion") + () => p1.can("http://some.onion"), + () => !p1.can("http://evil.com"), ]) Test.run(t); Sites.onionSecure = onionSecureCurrent; Test.report(); |