Vivaldi.net has some JS that updates location.href, allowing a harmless little oddity with URLs



  • Curious little quirk I just noticed: Go to [url=https://vivaldi.net/en-US/forum/modifications/14331-modding-vivaldi/#_________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________/../../../../../%69%6D%61%67%65%73%2F%61%6E%74%6F%6E%69%6F%2E%70%6E%67]this thread[/url]. After going to that thread, the page looks fine, but notice something funny about what the URL becomes? Hit your tab's Reload button and say hello to our fiery friend. :P It apparently happens because the site has some JS that updates document.href. I noticed this after someone else accidentally posted a link with a fragment identifier (the "anchor" part of a URL) containing a slash. It doesn't allow anything dangerous, so I guess it doesn't really matter much, as long as people use correct URLs.


  • Moderator

    Yes, only strange redirects can be done.
    I pinged the Vivaldi webdev about this issue.


Log in to reply
 

Looks like your connection to Vivaldi Forum was lost, please wait while we try to reconnect.