Security report: links redirection parsing error
This issue follows the issue: https://github.com/busyorg/busy/issues/1492
Expected behavior
All external links are open in a new tab so users notice their are changing website.
busy.org/@cryptohazard should open in the same tab while steemit.com/@cryptohazard opens in a new tab.
Actual behavior
There is an error in the way you parse the link. I can bypass your security by putting busy.org
in the beginning of the url and it will open in the same tab.
How to reproduce
I made a post on busy.org to test the issue:
https://busy.org/@cryptohazard/security-tests
Posted on Utopian.io - Rewarding Open Source Contributors
Very good post
Your contribution cannot be approved because it does not follow the Utopian Rules.
Firstly you mention that that:
"This issue follows the issue: https://github.com/busyorg/busy/issues/1492"
From reading the issue it looks like you have already reported this issue to the busy team, please be aware that this breaks the following utopian.io rule:
If you or someone else submitted the issue on GitHub first, the Bug Report will not be accepted. Approved Bug Reports will automatically be published on GitHub.
Within bug-hunting contributions on utopian.io, you must provide all information to replicate the bug, stating "I made a post on busy.org to test the issue:" is not enough. Please be aware that this breaks the following from the Utopian Rules:
You must provide sufficiant detail to reproduce the bug.
You also haven't provided any information surrounding your environment which is against the Utopian Rules:
Include information about your technical environment such as Device, Operating System, Browser and Application versions.
You should also add screenshots, video recordings or animated GIFs, if they can help to understand the bug. This is a soft rule which means:
All the rules marked as [SOFT] may lead to rejection if you have been notified about the same mistake multiple times. In any other case the Moderator will ask for a change but accept your contribution anyways.
You can contact us on Discord.
[utopian-moderator]
#1492 is a different issue, you can keep this one.
Cool :-D
I have talked to fabien and we checked that the case with putting busy.org at the beginning of the url makes it open in the same tab.
This has been approved.
You can contact us on Discord.
[utopian-moderator]
Thanks. I just need to wait then?
Hey @cryptohazard I am @utopian-io. I have just upvoted you!
Achievements
Suggestions
Get Noticed!
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x