Bug: Broken string parsing for location.replace() redirects
Posted: Sun May 27, 2012 6:12 pm
When a page contains a "JavaScript redirect" implemented using location.replace(), NoScript tries to detect it and substitute a link to the redirect target. However, the code for extracting the target URL is broken, in that it doesn't correctly parse JavaScript strings.
One place where this bug can be seen is on the t.co redirector, for example here: http://t.co/xAhdUpGh
The original HTML source of this page, as sent to Firefox 12 (the t.co servers apparently do user-agent sniffing) looks like this:
No, I don't know why t.co is replacing "/" with "\/" in the URL string, but that's perfectly valid JavaScript syntax. However, NoScript chokes on it, producing this output:
Notice that the link inserted by NoScript still contains the backslashes, causing it to break.
Of course, this bug is hardly a showstopper for t.co, since one can just click on the "Allow redirect" button above the link instead. Still, I wouldn't expect t.co to be the only site that triggers this bug, and some of the others might not provide a convenient meta refresh in addition to the JS redirect.
One place where this bug can be seen is on the t.co redirector, for example here: http://t.co/xAhdUpGh
The original HTML source of this page, as sent to Firefox 12 (the t.co servers apparently do user-agent sniffing) looks like this:
Code: Select all
<noscript><META http-equiv="refresh" content="0;URL=http://english.stackexchange.com/questions/68961/why-do-street-parking-signs-say-no-stopping-or-standing?atw=1"></noscript><script>location.replace("http:\/\/english.stackexchange.com\/questions\/68961\/why-do-street-parking-signs-say-no-stopping-or-standing?atw=1")</script>Code: Select all
<div style="background-image: url("resource://noscript_0.22024288252854363/icon32.png"); background-repeat: no-repeat; background-position: 2px 2px; padding: 4px 4px 4px 40px; display: block; min-height: 32px; text-align: left;"><a href="http:\/\/english.stackexchange.com\/questions\/68961\/why-do-street-parking-signs-say-no-stopping-or-standing?atw=1">http://t.co/%5C/%5C/english.stackexchange.com%5C/questions%5C/68961%5C/why-do-street-parking-signs-say-no-stopping-or-standing?atw=1</a><br></div>
Of course, this bug is hardly a showstopper for t.co, since one can just click on the "Allow redirect" button above the link instead. Still, I wouldn't expect t.co to be the only site that triggers this bug, and some of the others might not provide a convenient meta refresh in addition to the JS redirect.
