https://bugzilla.wikimedia.org/show_bug.cgi?id=38048
Web browser: ---
Bug #: 38048
Summary: Root article paths allow bypassing of nofollow and
attacks on Special:Random
Product: MediaWiki
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: General/Unknown
AssignedTo: wikibugs-l@lists.wikimedia.org
ReportedBy: mediawiki-b...@nadir-seen-fire.com
Blocks: 32620
Classification: Unclassified
Mobile Platform: ---
When you use a root article path, for [[/example.com]] getLocalURL will combine
the "/$1" and "/example.com" together and return "//example.com". This triggers
a browser's protocol-relative handling instead of acting as a relative url. As
long as you create an article at [[/example.com]] so that a live link shows up
instead of an edit link links like [[/example.com|Example]] will end up as <a
href="//example.com">Example</a>. Naturally this means you can abuse this to
link to other websites bypassing nofollow. Additionally doing this will also
cause Special:Random to randomly send users to other websites instead of pages
on the wiki when one of the [[/...]] articles is randomly picked.
--
Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
