-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Address Bar Spoofing Test Cases #169
Conversation
Rewrites current document without requiring navigation first. Also uses filtered ports, see: https://app.asana.com/0/1177771139624306/1205376531515103/f
…ncoded document loads and unsupported schemes.
…gationProtectionIntegrationTests. Dependent on this PR: duckduckgo/privacy-test-pages#169
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! I left some comments in the code and have couple more simple asks here:
- (for findability) please add simple index.html in
/address-bar-spoofing/
folder that links to all examples - (for findability) please update main index.html so that it points to
/address-bar-spoofing/
- (to keep things tidy) if https://github.com/duckduckgo/privacy-test-pages/blob/main/security/spoof-js-page-rewrite.html is no longer needed - can you please check if any of our apps/extensions mentions it and, if not, remove it?
* Add title and run buttons where missing * Update download URL from Google to something we own
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks Thom! I left one comment, but feel free to merge after that. Deploy script checks every ~30min if there is anything new and auto deploys to http://privacy-test-pages.site
Asana Project: https://app.asana.com/0/72649045549333/1205794884403778/f
This PR adds security related test cases for address bar spoofing vulnerabilities that may arise in our browsers. The aim is to provide a more robust set of test cases to secure our browsers against address bar spoofing vulnerabilities.
Test cases covered: