[test-assets] Limit open redirecton in redirect.py to enhance security (#1084) from Hao Li on 2014-06-28 (public-web-platform-tests-notifications@w3.org from June 2014)

From: Hao Li <web-platform-tests-notifications@w3.org>
Date: Sat, 28 Jun 2014 11:03:12 GMT
To: public-web-platform-tests-notifications@w3.org
Message-Id: <<web-platform-tests_issue_1084@w3.org>>

- The value of the location request parameter is used to perform an HTTP redirect, this will cause a redirection to other website URL by attacker. So limit the open redirection in same domain.

- It will print an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. Add try catch to avoid print sensitive information.

View on GitHub: https://github.com/w3c/web-platform-tests/pull/1084

Received on Saturday, 28 June 2014 11:03:18 UTC