This issue follows the issue: https://github.com/busyorg/busy/issues/1492 #### Expected behavior All external links are open in a new tab so users notice their are changing website. busy.org/@cryptohazard should open in the same tab while steemit.com/@cryptohazard opens in a new tab. #### Actual behavior There is an error in the way you parse the link. I can bypass your security by putting ```busy.org``` in the beginning of the url and it will open in the same tab. #### How to reproduce I made a post on busy.org to test the issue: https://busy.org/@cryptohazard/security-tests <br /><hr/><em>Posted on <a href="https://utopian.io/utopian-io/@cryptohazard/security-report-links-redirection-parsing-error">Utopian.io - Rewarding Open Source Contributors</a></em><hr/>
post_id | 37,627,645 | ||||||
---|---|---|---|---|---|---|---|
author | cryptohazard | ||||||
permlink | security-report-links-redirection-parsing-error | ||||||
category | utopian-io | ||||||
json_metadata | "{"repository": {"owner": {"login": "busyorg"}, "id": 64382195, "full_name": "busyorg/busy", "fork": false, "name": "busy", "html_url": "https://github.com/busyorg/busy"}, "moderator": {"flagged": false, "account": "espoem", "reviewed": true, "pending": false, "time": "2018-03-10T20:32:18.309Z"}, "format": "markdown", "issue": {"id": 304102388, "number": 1629, "title": "Security report: links redirection parsing error", "url": "https://github.com/busyorg/busy/issues/1629"}, "platform": "github", "tags": ["utopian-io", "busy", "security", "bug", "report"], "questions": [{"selected": 1, "question": "Is the language / grammar correct?", "answers": [{"value": "Yes", "score": 20, "selected": false}, {"value": "A few mistakes", "score": 10, "selected": true}, {"value": "It's pretty bad", "score": 0, "selected": false}]}, {"selected": 0, "question": "Was the template followed?", "answers": [{"value": "Yes", "score": 10, "selected": true}, {"value": "Partially", "score": 5, "selected": false}, {"value": "No", "score": 0, "selected": false}]}, {"selected": 0, "question": "Is the bug report formal / informal?", "answers": [{"value": "Yes straight to the point", "score": 50, "selected": true}, {"value": "No steps to reproduce", "score": 25, "selected": false}, {"value": "Not informal and not formal", "score": 0, "selected": false}]}, {"selected": 1, "question": "Is the bug report formal / professional?", "answers": [{"value": "Yes, straight to the point ", "score": 10, "selected": false}, {"value": "Almost, contains minor informal parts", "score": 5, "selected": true}]}, {"selected": 2, "question": "How severe is the bug?", "answers": [{"value": "Critical/Security/Crash, affects very critical functions or sensitive data", "score": 20, "selected": false}, {"value": "Major, functionality is affected, no workaround", "score": 15, "selected": false}, {"value": "Minor, functionality is affected, has easy and obvious workaround", "score": 10, "selected": true}, {"value": "Cosmetic, functionality is not affected", "score": 5, "selected": false}]}, {"selected": 0, "question": "Is there any unrelated content in the bug report?", "answers": [{"value": "No, post solely discusses only talk about the bug report", "score": 10, "selected": true}, {"value": "Yes, personal intro or other unrelated content ", "score": 0, "selected": false}]}], "community": "utopian", "type": "bug-hunting", "pullRequests": [], "app": "utopian/1.0.0", "users": ["cryptohazard"], "score": 25}" | ||||||
created | 2018-03-09 10:33:48 | ||||||
last_update | 2018-03-10 20:32:18 | ||||||
depth | 0 | ||||||
children | 7 | ||||||
net_rshares | 4,004,380,277,508 | ||||||
last_payout | 2018-03-16 10:33:48 | ||||||
cashout_time | 1969-12-31 23:59:59 | ||||||
total_payout_value | 8.552 SBD | ||||||
curator_payout_value | 3.679 SBD | ||||||
pending_payout_value | 0.000 SBD | ||||||
promoted | 0.000 SBD | ||||||
body_length | 779 | ||||||
author_reputation | 17,113,283,041,617 | ||||||
root_title | "Security report: links redirection parsing error" | ||||||
beneficiaries |
| ||||||
max_accepted_payout | 1,000,000.000 SBD | ||||||
percent_steem_dollars | 10,000 | ||||||
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
soushi888 | 0 | 1,257,636,076 | 10% | ||
mys | 0 | 1,670,139,315 | 2% | ||
wargof | 0 | 2,055,753,021 | 50% | ||
zonguin | 0 | 488,416,292 | 5% | ||
cifer | 0 | 8,452,292,879 | 65% | ||
leir | 0 | 2,672,866,445 | 97% | ||
yuxid | 0 | 14,946,205,281 | 20% | ||
lablockchain | 0 | 4,014,362,116 | 17% | ||
estoy | 0 | 61,339,120 | 10% | ||
loshcat | 0 | 1,709,757,513 | 100% | ||
baloox | 0 | 455,676,250 | 10% | ||
cryptotradingfr | 0 | 307,344,620 | 1% | ||
utopian-io | 0 | 3,950,655,284,540 | 2.48% | ||
greenorange | 0 | 613,506,280 | 100% | ||
dreamdev | 0 | 215,564,674 | 5% | ||
iptrucs | 0 | 110,283,823 | 10% | ||
fabinhocrypto | 0 | 574,698,530 | 10% | ||
mayrie28 | 0 | 341,026,062 | 10% | ||
subornalata | 0 | 554,457,559 | 100% | ||
duke77 | 0 | 79,740,598 | 7% | ||
irminsoul82 | 0 | 147,770,558 | 25% | ||
happydaddyfr | 0 | 86,193,257 | 1% | ||
slashformotion | 0 | 53,661,093 | 5% | ||
atelierminceur | 0 | 58,427,223 | 10% | ||
alucare | 0 | 79,274,506 | 10% | ||
gwys | 0 | 90,164,978 | 5% | ||
marie2018 | 0 | 266,714,427 | 100% | ||
gribouille | 0 | 51,618,783 | 10% | ||
itharagaian | 0 | 2,063,064,795 | 20% | ||
leguidecrypto | 0 | 1,144,408,411 | 10% | ||
orlandumike | 0 | 1,125,330,247 | 8% | ||
kelos | 0 | 545,637,463 | 50% | ||
galam | 0 | 504,634,432 | 10% | ||
worldiz | 0 | 272,679,271 | 10% | ||
florenceboens | 0 | 93,310,878 | 10% | ||
forexflo | 0 | 51,928,954 | 10% | ||
lebastion | 0 | 319,326,384 | 20% | ||
polbot | 0 | 1,093,639,917 | 50% | ||
hellofuture | 0 | 408,841,888 | 10% | ||
steemnova | 0 | 113,592,385 | 2% | ||
mukta9988 | 0 | 134,785,937 | 50% | ||
swisschain | 0 | 61,565,350 | 10% | ||
fikarvox | 0 | 401,358,905 | 100% | ||
toxibuzz | 0 | 51,359,441 | 10% | ||
thesport | 0 | 217,905,770 | 50% | ||
didizion | 0 | 61,373,261 | 10% | ||
imcore | 0 | 58,277,458 | 10% | ||
yann85 | 0 | 117,151,921 | 10% | ||
arslanmustafa | 0 | 596,666,855 | 100% | ||
jane83 | 0 | 61,289,755 | 10% | ||
abudabor | 0 | 187,721,457 | 100% | ||
tyjulie | 0 | 177,365,128 | 15% | ||
fanbasefr | 0 | 1,229,339,029 | 10% | ||
studio666 | 0 | 117,535,823 | 10% | ||
russellferris | 0 | 223,679,944 | 100% | ||
muhammadibra | 0 | 263,514,657 | 100% | ||
juanjo0968 | 0 | 612,815,973 | 100% |
Very good post
post_id | 37,631,624 |
---|---|
author | muhammadibra |
permlink | re-cryptohazard-security-report-links-redirection-parsing-error-20180309t110508673z |
category | utopian-io |
json_metadata | "{"app": "steemit/0.1", "tags": ["utopian-io"]}" |
created | 2018-03-09 11:05:18 |
last_update | 2018-03-09 11:05:18 |
depth | 1 |
children | 0 |
net_rshares | 257,386,409 |
last_payout | 2018-03-16 11:05:18 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 14 |
author_reputation | 357,547,160,450 |
root_title | "Security report: links redirection parsing error" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
author_curate_reward | "" |
voter | weight | wgt% | rshares | pct | time |
---|---|---|---|---|---|
muhammadibra | 0 | 257,386,409 | 100% |
Your contribution cannot be approved because it does not follow the [Utopian Rules](https://utopian.io/rules). Firstly you mention that that: "This issue follows the issue: https://github.com/busyorg/busy/issues/1492" From reading the issue it looks like you have already reported this issue to the busy team, please be aware that this breaks the following utopian.io rule: If you or someone else submitted the issue on GitHub first, the Bug Report will not be accepted. Approved Bug Reports will automatically be published on GitHub. Within bug-hunting contributions on utopian.io, you must provide all information to replicate the bug, stating "I made a post on busy.org to test the issue:" is not enough. Please be aware that this breaks the following from the [Utopian Rules](https://utopian.io/rules): You must provide sufficiant detail to reproduce the bug. You also haven't provided any information surrounding your environment which is against the [Utopian Rules](https://utopian.io/rules): Include information about your technical environment such as Device, Operating System, Browser and Application versions. You should also add screenshots, video recordings or animated GIFs, if they can help to understand the bug. This is a soft rule which means: All the rules marked as [SOFT] may lead to rejection if you have been notified about the same mistake multiple times. In any other case the Moderator will ask for a change but accept your contribution anyways. You can contact us on [Discord](https://discord.gg/uTyJkNm). **[[utopian-moderator]](https://utopian.io/moderators)**
post_id | 37,856,897 |
---|---|
author | tobias-g |
permlink | re-cryptohazard-security-report-links-redirection-parsing-error-20180310t181445787z |
category | utopian-io |
json_metadata | "{"app": "utopian/1.0.0", "community": "utopian", "tags": ["utopian-io"]}" |
created | 2018-03-10 18:14:51 |
last_update | 2018-03-10 18:14:51 |
depth | 1 |
children | 2 |
net_rshares | 0 |
last_payout | 2018-03-17 18:14:51 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 1,599 |
author_reputation | 78,222,795,638,600 |
root_title | "Security report: links redirection parsing error" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
#1492 is a different issue, you can keep this one.
post_id | 37,871,365 |
---|---|
author | fabien |
permlink | re-tobias-g-re-cryptohazard-security-report-links-redirection-parsing-error-20180310t202549117z |
category | utopian-io |
json_metadata | "{"app": "busy/2.4.0", "community": "busy", "tags": ["utopian-io"]}" |
created | 2018-03-10 20:26:12 |
last_update | 2018-03-10 20:26:12 |
depth | 2 |
children | 1 |
net_rshares | 0 |
last_payout | 2018-03-17 20:26:12 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 50 |
author_reputation | 16,638,382,769,448 |
root_title | "Security report: links redirection parsing error" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Cool :-D
post_id | 38,155,564 |
---|---|
author | cryptohazard |
permlink | re-fabien-re-tobias-g-re-cryptohazard-security-report-links-redirection-parsing-error-20180312t133027024z |
category | utopian-io |
json_metadata | "{"app": "steemit/0.1", "tags": ["utopian-io"]}" |
created | 2018-03-12 13:30:27 |
last_update | 2018-03-12 13:30:27 |
depth | 3 |
children | 0 |
net_rshares | 0 |
last_payout | 2018-03-19 13:30:27 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 8 |
author_reputation | 17,113,283,041,617 |
root_title | "Security report: links redirection parsing error" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
I have talked to fabien and we checked that the case with putting busy.org at the beginning of the url makes it open in the same tab. This has been approved. You can contact us on [Discord](https://discord.gg/uTyJkNm). **[[utopian-moderator]](https://utopian.io/moderators)**
post_id | 37,872,364 |
---|---|
author | espoem |
permlink | re-cryptohazard-security-report-links-redirection-parsing-error-20180310t203609309z |
category | utopian-io |
json_metadata | "{"app": "utopian/1.0.0", "community": "utopian", "tags": ["utopian-io"]}" |
created | 2018-03-10 20:36:09 |
last_update | 2018-03-10 20:36:09 |
depth | 1 |
children | 1 |
net_rshares | 0 |
last_payout | 2018-03-17 20:36:09 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 277 |
author_reputation | 59,186,440,518,630 |
root_title | "Security report: links redirection parsing error" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
Thanks. I just need to wait then?
post_id | 38,155,619 |
---|---|
author | cryptohazard |
permlink | re-espoem-re-cryptohazard-security-report-links-redirection-parsing-error-20180312t133048893z |
category | utopian-io |
json_metadata | "{"app": "steemit/0.1", "tags": ["utopian-io"]}" |
created | 2018-03-12 13:30:48 |
last_update | 2018-03-12 13:30:48 |
depth | 2 |
children | 0 |
net_rshares | 0 |
last_payout | 2018-03-19 13:30:48 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 33 |
author_reputation | 17,113,283,041,617 |
root_title | "Security report: links redirection parsing error" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |
### Hey @cryptohazard I am @utopian-io. I have just upvoted you! #### Achievements - This is your first accepted contribution here in Utopian. Welcome! #### Suggestions - Contribute more often to get higher and higher rewards. I wish to see you often! - Work on your followers to increase the votes/rewards. I follow what humans do and my vote is mainly based on that. Good luck! #### Get Noticed! - Did you know project owners can manually vote with their own voting power or by voting power delegated to their projects? Ask the project owner to review your contributions! #### Community-Driven Witness! I am the first and only Steem Community-Driven Witness. <a href="https://discord.gg/zTrEMqB">Participate on Discord</a>. Lets GROW TOGETHER! - <a href="https://v2.steemconnect.com/sign/account-witness-vote?witness=utopian-io&approve=1">Vote for my Witness With SteemConnect</a> - <a href="https://v2.steemconnect.com/sign/account-witness-proxy?proxy=utopian-io&approve=1">Proxy vote to Utopian Witness with SteemConnect</a> - Or vote/proxy on <a href="https://steemit.com/~witnesses">Steemit Witnesses</a> [![mooncryption-utopian-witness-gif](https://steemitimages.com/DQmYPUuQRptAqNBCQRwQjKWAqWU3zJkL3RXVUtEKVury8up/mooncryption-s-utopian-io-witness-gif.gif)](https://steemit.com/~witnesses) **Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x**
post_id | 38,317,765 |
---|---|
author | utopian-io |
permlink | re-cryptohazard-security-report-links-redirection-parsing-error-20180313t083834367z |
category | utopian-io |
json_metadata | "{"app": "utopian/1.0.0", "community": "utopian", "tags": ["utopian-io"]}" |
created | 2018-03-13 08:38:33 |
last_update | 2018-03-13 08:38:33 |
depth | 1 |
children | 0 |
net_rshares | 0 |
last_payout | 2018-03-20 08:38:33 |
cashout_time | 1969-12-31 23:59:59 |
total_payout_value | 0.000 SBD |
curator_payout_value | 0.000 SBD |
pending_payout_value | 0.000 SBD |
promoted | 0.000 SBD |
body_length | 1,451 |
author_reputation | 152,913,012,544,965 |
root_title | "Security report: links redirection parsing error" |
beneficiaries | [] |
max_accepted_payout | 1,000,000.000 SBD |
percent_steem_dollars | 10,000 |