From 568a66854a3a18de69ada916449cebafef5d1e7e Mon Sep 17 00:00:00 2001 From: Thomas Espach Date: Thu, 16 Nov 2023 13:13:16 +0000 Subject: [PATCH] Update download URL to include a HTTP redirect in spoof-js-download-url --- .../address-bar-spoofing/spoof-js-download-url.html | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html index af12852..677181a 100644 --- a/security/address-bar-spoofing/spoof-js-download-url.html +++ b/security/address-bar-spoofing/spoof-js-download-url.html @@ -10,16 +10,20 @@ function run() { const w = open() w.opener = null - w.document.write('

Not Third Party Site.

') - w.location = 'https://bad.third-party.site/features/download/file/pdf' + w.document.write('

Not DDG.

') + w.location = 'https://tyny.to/s509a8' }

[Back]

- This test uses a download URL for downloading a file to spoof the browser into displaying the download - URL as the current origin while rewriting the document content to spoof the address bar. + This test uses a download URL that performs a HTTP redirect for downloading a file to trick the + browser into displaying the download URL as the current origin while rewriting the document content + resulting in a spoofed address bar. + The expected result is that the redirect should be followed and the file should be downloaded + in the about:blank context instead of in the context of the download URL where the document might + be spoofed by the previous page.