Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#5042 closed defect (fixed)

LinkedIn bug / Chrome port appears to not respect exclusions in rulesets

Reported by: pde Owned by: aaronsw
Priority: Very High Milestone:
Component: HTTPS Everywhere/HTTPS Everywhere: Chrome Version:
Severity: Keywords:
Cc: mikeperry Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Reported here:

https://mail1.eff.org/pipermail/https-everywhere/2012-February/001274.html

(and I can reproduce this).  In Chrome, editing your linked in Profile causes a low-frequency reload loop.  Interestingly, it can be broken by clicking the browser's "stop" button.  This may be useful for investigation:

https://www.google.com/support/forum/p/Chrome/thread?tid=2f76303d4e166cdd&hl=en

Child Tickets

Change History (9)

comment:1 Changed 8 years ago by aaronsw

Status: newneeds_information

This doesn't happen in Firefox?

comment:2 Changed 8 years ago by pde

Cc: mikeperry added

No.

comment:3 Changed 8 years ago by pde

Owner: changed from aaronsw to pde
Status: needs_informationaccepted

comment:4 Changed 8 years ago by pde

Owner: changed from pde to aaronsw
Status: acceptedassigned

Ooops, changing the status seemed to automatically reassign this to me and knock aaron out of the bug.

comment:5 Changed 8 years ago by pde

Hmmm, perhaps "no" was wrong.  I had NoScript enabled in Firefox.  With NoScript off, the profile edit page loads but has some weird behaviour.  The browser issues asks a question about an insecure POST.  If you say "cancel" to that, the page loads fine; if you say "yes", Firefox never marks the page as fully loaded, which is visually quite different to what Chrome is doing but may be analogous.

comment:6 Changed 8 years ago by pde

Priority: majorcritical
Summary: Reload loop when editing a LinkedIn profile (Chrome only)Chrome port appears to not respect exclusions in rulesets

https://gitweb.torproject.org/https-everywhere.git/commitdiff/f6d18455d076aff69043e50fabe8992baad06180 fixed the problem in the LinkedIn Ruleset (which looks like a JavaScript redirection loop to me); however, it doesn't fix it in Chrome.

That turns out to be because of a much more serious problem, which is that the Chrome port implementation of <exclusion pattern="regexp"> elements in the rulesets!

comment:7 Changed 8 years ago by pde

Now that I test it myself, I'm not convinced that Seth's patch fixed the LinkedIn ruleset, but I think the larger Chrome bug is real.  Here are a couple of examples:

http://bauarbeiten.bahn.de/

http://weather.yandex.ru/

comment:8 Changed 8 years ago by pde

Resolution: fixed
Status: assignedclosed

Fixed in git, will release this now:

https://gitweb.torproject.org/https-everywhere.git/commitdiff/e76f306ab6336d409ea59184fc724771c3180449

comment:9 Changed 8 years ago by pde

Summary: Chrome port appears to not respect exclusions in rulesetsLinkedIn bug / Chrome port appears to not respect exclusions in rulesets
Note: See TracTickets for help on using tickets.