duckduckgo · not-a-rootkit · Nov 9, 2023
diff --git a/security/address-bar-spoofing/index.html b/security/address-bar-spoofing/index.html
@@ -6,6 +6,7 @@
   </head>
   <body>
     <h1>Address Bar Spoofing Pages</h1>
+    <a href="/">[Home]</a>
     <ul>
         <li><a href="/security/address-bar-spoofing/spoof-about-blank-rewrite.html">About:Blank Rewrite Spoof</a></li>
         <li><a href="/security/address-bar-spoofing/spoof-application-scheme.html">Unsupported Application Scheme Spoof</a></li>

diff --git a/security/address-bar-spoofing/spoof-about-blank-rewrite.html b/security/address-bar-spoofing/spoof-about-blank-rewrite.html
@@ -19,7 +19,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
     This test will try to confuse the browser to show the wrong domain in the URL bar by opening an about:blank page,
     rewriting the content, starting a navigation elsewhere and quickly stopping the
     navigation using window.stop().

diff --git a/security/address-bar-spoofing/spoof-application-scheme.html b/security/address-bar-spoofing/spoof-application-scheme.html
@@ -15,7 +15,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
     This test uses an unsupported application scheme and a href target to trick the browser into displaying the href
     target as the current address bar value, while actually navigating to an attacker controlled page.
     <a id="run" href="https://duckduckgo.com:" target="aa" onclick="setTimeout('run()',100)">

diff --git a/security/address-bar-spoofing/spoof-basicauth-2028.html b/security/address-bar-spoofing/spoof-basicauth-2028.html
@@ -14,7 +14,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
     This test uses a unicode whitespace character (\u2028) inside the username field of the basicauth portion
     of the URL to perform an address bar spoofing attack.
     <button id="run" onclick="run()">run</button>

diff --git a/security/address-bar-spoofing/spoof-basicauth-2029.html b/security/address-bar-spoofing/spoof-basicauth-2029.html
@@ -14,7 +14,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
     This test uses a unicode whitespace character (\u2029) inside the username field of the basicauth portion
     of the URL to perform an address bar spoofing attack.
     <button id="run" onclick="run()">run</button>

diff --git a/security/address-bar-spoofing/spoof-basicauth-whitespace.html b/security/address-bar-spoofing/spoof-basicauth-whitespace.html
@@ -15,7 +15,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
     This test uses 300 repeated unicode whitespace characters inside the username field of the basicauth portion
     of the URL to perform an address bar spoofing attack.
     <button id="run" onclick="run()">run</button>

diff --git a/security/address-bar-spoofing/spoof-form-action.html b/security/address-bar-spoofing/spoof-form-action.html
@@ -15,7 +15,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
     This test uses a form action on a redirect URL to trick the browser into displaying the
     redirect URL as the current address bar value, while trying to remain on the current page.
     <button id="run" onclick="run()">run</button>

diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html
@@ -17,7 +17,7 @@
 </head>
 
 <body>
-  <p><a href="../index.html">[Home]</a></p>
+  <p><a href="./index.html">[Back]</a></p>
   This test uses a download URL for downloading a file to spoof the browser into displaying the download
   URL as the current origin while rewriting the document content to spoof the address bar.
   <button onclick="run()">Start</button>

diff --git a/security/address-bar-spoofing/spoof-js-page-rewrite.html b/security/address-bar-spoofing/spoof-js-page-rewrite.html
@@ -15,7 +15,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
 
     This test will try to confuse the browser to show the wrong domain in the URL bar by rewriting the current page
     content and loading a URL that will timeout.

diff --git a/security/address-bar-spoofing/spoof-open-b64-html.html b/security/address-bar-spoofing/spoof-open-b64-html.html
@@ -13,14 +13,14 @@
                 w.location = 'tel://duckduckgo.com'
                 setTimeout(function () {
                     w.history.back()
-                }, 2100)
-            }, 2000)
+                }, 600)
+            }, 500)
         }
     </script>
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
 
     This test will try to confuse the browser to show the wrong domain in the URL bar by loading a static Base64
     encoded document, rewriting the current page, and then navigating to a tel: URL.

diff --git a/security/address-bar-spoofing/spoof-unsupported-scheme.html b/security/address-bar-spoofing/spoof-unsupported-scheme.html
@@ -14,7 +14,7 @@
 </head>
 
 <body>
-    <p><a href="../index.html">[Home]</a></p>
+    <p><a href="./index.html">[Back]</a></p>
 
     This is the most simple test for URL spoofing. Simply rewrite the current location using an unsupported scheme.
-Original file line number
+Diff line change
@@ Expand Up / @@ -14,7 +14,7 @@ @@
     </head>
     <body>
-        <p><a href="../index.html">[Home]</a></p>
+        <p><a href="./index.html">[Back]</a></p>
         This is the most simple test for URL spoofing. Simply rewrite the current location using an unsupported scheme.
@@ Expand Down @@