Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'Address of webpage' textbox needs to be readonly or changes to it need to be monitored #1836

Closed
jidanni opened this issue Nov 23, 2021 · 15 comments
Closed

'Address of webpage' textbox needs to be readonly or changes to it need to be monitored #1836

jidanni opened this issue Nov 23, 2021 · 15 comments
Labels
fixed issue has been addressed

Comments

@jidanni
Copy link

jidanni commented Nov 23, 2021

If the user changes what is in the Address of the web page: textbox,
those changes are ignored when he presses the Find similar reports button!
E.g., if he changes example.com to example.net, the form will still look for example.com reports!
Same with the Create new issue button.
If not planning to read what the user changed, then at least make that textbox readonly.

Originally posted by @jidanni in #1541 (comment)
@uBlock-user
Copy link
Contributor

Do not bypass the template.

@uBlock-user uBlock-user added the invalid not a uBlock issue label Nov 24, 2021
@gorhill
Copy link
Member

gorhill commented Nov 24, 2021

To be fair the template is no needed here for me to understand the reported issue. My thinking is it's best to leave it as is and see what happens in the future, someone could want to remove information from the URL without changing the target site itself. For now rather than adding restriction, I prefer to wait-and-see if this causes issues in the future (I expect it will not).

@gorhill gorhill added declined declined and removed invalid not a uBlock issue labels Nov 24, 2021
@jidanni
Copy link
Author

jidanni commented Nov 25, 2021

Do not bypass the template.

I hit "Reference in new issue". You need to add a template to it.
20211125T132929

@jidanni
Copy link
Author

jidanni commented Nov 25, 2021
edited
Loading

They can still 'remove' information by highlighting and copying the part they want to 'remove', from a readonly field instead.
Keeping it editable misleads users into thinking they are actually changing the form inputs.

@gorhill
Copy link
Member

gorhill commented Nov 25, 2021
edited
Loading

Also maybe you prefer to wait and see how things will evolve.

Yes.

All this needs road testing before asking for changes based on assumptions. There have been already changes in the template following the unforeseen spamming of issues raised yesterday, and we will keep fine tuning according to how things go rather than according to anyone's assumptions of how they will go.

@gorhill
Copy link
Member

gorhill commented Nov 25, 2021

I have not been asking for anything

I know, my answer was not directed at you, it is directed at whoever reads the thread to clarify how the specific issue opened by @jidanni is being handled.

@uBlock-user
Copy link
Contributor

That Reference in new issue button is just waiting to be exploited, GitHub didn't think about how it bypasses the templates before implementing it, now anybody can click on it and create a whole new issue based on a "comment" post on any issue.

@jidanni
Copy link
Author

jidanni commented Nov 25, 2021

All I know is if there is a search box

Search: ____A

and the user changes it to

Search: ____B

and hits ENTER, then he usually would expect it to search for ... B.
Else why let him change it?

@jidanni
Copy link
Author

jidanni commented Nov 26, 2021

someone may need to remove some private/tracking/sensitive information/parameter from URL (so called "redacting").

I see. Somebody is about to take a screenshot to post in a bug report, and wants to remove NSFW from NSFW.com or something, instead of blurring it later in the .JPG .

Seems like a 1/1000 rare case, and the other 999 are my 'I changed A to B but it still searched for A' head-scratchers. So nobody has convinced me. Sorry.

@jidanni
Copy link
Author

jidanni commented Nov 26, 2021

So,
the user removes the tracking parameters from the field,
but even so, they are sent anyway by the form upon him hitting submit, no?
So this is even worse than I thought.
The form fools him into thinking he has cleaned up his personal details,
but when he clicks submit, his personal details are sent anyway,
and perhaps he didn't notice,
or perhaps he did, but now it is too late!

@gorhill gorhill reopened this Nov 26, 2021
@gorhill
Copy link
Member

gorhill commented Nov 26, 2021

Yes, I need to fix this.

@uBlock-user uBlock-user added something to address something to address and removed declined declined labels Nov 26, 2021
gorhill added a commit to gorhill/uBlock that referenced this issue Nov 26, 2021
@gorhill
Allow reporter to select a choice of URLs to report
74d1f90 
Related issue:
- uBlockOrigin/uBlock-issues#1836

The URL to report can now be picked from a list of related
URLs in order to allow the reporter to publish edited version
of the reported URL.

Additionally, the hash, user name, and password which could be
present in a reported URL are always removed.
@uBlock-user uBlock-user added fixed issue has been addressed and removed something to address something to address labels Nov 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
fixed issue has been addressed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@gorhill @jidanni @uBlock-user and others