Skip to content

Adding URL related Taint Operations#350

Merged
leeN merged 1 commit into
SAP:mainfrom
tmbrbr:url-operations
Nov 26, 2025
Merged

Adding URL related Taint Operations#350
leeN merged 1 commit into
SAP:mainfrom
tmbrbr:url-operations

Conversation

@tmbrbr

@tmbrbr tmbrbr commented Nov 26, 2025

Copy link
Copy Markdown
Contributor

Adding taint operations for the following operations:

  • URL.parse
  • URLSearchParams.get
  • URLSearchParams.getAll

So now the operations will show up in functions like this one:

function load() {
  let url = URL.parse(location.toString());
  let params = url.searchParams;
  let p1 = params.get("p1");
  let p2 = params.get("p2");
  let d = document.getElementById("target");
  d.innerHTML = p1+" "+p2;
}

@tmbrbr tmbrbr self-assigned this Nov 26, 2025
@tmbrbr tmbrbr requested a review from leeN November 26, 2025 11:38
leeN
leeN approved these changes Nov 26, 2025
View reviewed changes

@leeN leeN left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@leeN

leeN commented Nov 26, 2025

Copy link
Copy Markdown
Collaborator

Looking at the CI, there seems to be a failure in taint/escape.js

I.e., the following log excerpt:

2025-11-26T13:07:54.3845748Z REFTEST TEST-LOAD | file:///home/runner/work/project-foxhound/project-foxhound/obj-tf-release/dist/test-stage/jsreftest/tests/js/src/tests/jsreftest.html?test=non262/taint/escape.js | 1892 / 52410 (3%)
2025-11-26T13:07:54.4044337Z !!! Tainted flow into document.write from location.search !!!
2025-11-26T13:07:54.4048173Z JavaScript warning: file:///home/runner/work/project-foxhound/project-foxhound/obj-tf-release/dist/test-stage/jsreftest/tests/js/src/tests/browser.js, line 526: Tainted flow from location.search into document.write!
2025-11-26T13:07:54.4050587Z !!! Tainted flow into document.write from location.search !!!
2025-11-26T13:07:54.4057351Z JavaScript warning: file:///home/runner/work/project-foxhound/project-foxhound/obj-tf-release/dist/test-stage/jsreftest/tests/js/src/tests/browser.js, line 526: Tainted flow from location.search into document.write!
2025-11-26T13:07:54.4060089Z !!! Tainted flow into document.write from location.search !!!
2025-11-26T13:07:54.4064585Z JavaScript warning: file:///home/runner/work/project-foxhound/project-foxhound/obj-tf-release/dist/test-stage/jsreftest/tests/js/src/tests/browser.js, line 526: Tainted flow from location.search into document.write!
2025-11-26T13:07:54.4066039Z !!! Tainted flow into document.write from location.search !!!
2025-11-26T13:07:54.4067768Z JavaScript warning: file:///home/runner/work/project-foxhound/project-foxhound/obj-tf-release/dist/test-stage/jsreftest/tests/js/src/tests/browser.js, line 526: Tainted flow from location.search into document.write!
2025-11-26T13:07:54.4069410Z !!! Tainted flow into document.write from location.search !!!
2025-11-26T13:07:54.4074823Z JavaScript warning: file:///home/runner/work/project-foxhound/project-foxhound/obj-tf-release/dist/test-stage/jsreftest/tests/js/src/tests/browser.js, line 526: Tainted flow from location.search into document.write!
2025-11-26T13:07:56.3671048Z A content process crashed and MOZ_CRASHREPORTER_SHUTDOWN is set, shutting down
2025-11-26T13:07:56.4034902Z 1764162476402 Marionette TRACE Received observer notification quit-application
2025-11-26T13:07:56.4036109Z 1764162476403 Marionette INFO Stopped listening on port 2828
2025-11-26T13:07:56.4057951Z 1764162476405 Marionette DEBUG Marionette stopped listening
2025-11-26T13:07:56.4162102Z [Parent 132484, IPC I/O Parent] WARNING: process 132726 exited on signal 11: file /home/runner/work/project-foxhound/project-foxhound/ipc/chromium/src/chrome/common/process_watcher_posix_sigchld.cc:132
2025-11-26T13:07:56.4201543Z !!! error running onStopped callback: TypeError: callback is not a function
2025-11-26T13:07:56.5635153Z REFTEST TEST-UNEXPECTED-FAIL | obj-tf-release/dist/test-stage/jsreftest/tests/js/src/tests/non262/taint/escape.js | application terminated with exit code 245`

@leeN

leeN commented Nov 26, 2025

Copy link
Copy Markdown
Collaborator

However, that seems unrelated to this change, so merging.

@leeN leeN merged commit 4be8d31 into SAP:main Nov 26, 2025
7 of 11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leeN leeN leeN approved these changes

Assignees

@tmbrbr tmbrbr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@tmbrbr @leeN