[FIXED] Direct ip address site has a harmful rule suggestion

Bug reports and enhancement requests
Post Reply
jwi
Posts: 1
Joined: Wed Feb 07, 2018 3:51 pm

[FIXED] Direct ip address site has a harmful rule suggestion

Post by jwi »

I just did some development when I came along this behavior when opening phpMyAdmin in a local xampp instance:

NoScript seems to detect "127.0.0.1" (localhost) with "0.1" interpreted as host="0" and tld="1".
It suggests to add a rule for "... .0.1" which in my opinion makes no sense since it would also match "blablabla.0.1".

This behavior seems to be the same for all direct ip address URLs, which makes it even worse (misuse potential: trust for ip a.b.x.y also means trust for any c.d.x.y).

Shouldn't a plain ip address site result in a single rule suggestion including the full ip?
A simple regex could match the ip pattern in the first place.

Screenshot:
https://imgur.com/a/5YneT
Image

Versions:
NoScript: 10.1.6.4
Firefox: 58.0.1
Last edited by Giorgio Maone on Sat Feb 10, 2018 7:14 am, edited 2 times in total.
Reason: fix broken image
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Top
pal1000
Junior Member
Posts: 44
Joined: Tue Mar 10, 2015 1:30 pm

Re: Direct ip address site has a harmful rule suggestion

Post by pal1000 »

Fixed in 10.1.6.5rc4.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Top
Post Reply

Return to “NoScript Development”