Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Input validation is broken for read-only address onboarding page #3687

Open
Tracked by #819
beemeeupnow opened this issue Nov 29, 2023 · 0 comments
Open
Tracked by #819

Input validation is broken for read-only address onboarding page #3687

beemeeupnow opened this issue Nov 29, 2023 · 0 comments
Assignees
@jagodarybacka

Comments

@beemeeupnow
Copy link
Contributor

Discord Discussion Link

No response

What browsers are you seeing the problem on?

Chrome

What were you trying to do?

I was doing some testing and randomly performed what you might call manual fuzzing in the address field while on the read-only address onboarding page.

During this time, I managed to discover that values 42 characters long appeared to resolve and allowed continuing forward.

What did not work?

We are allowing 'asdfghjklgfsasdfaassfweofaacvvefadf.crypto' (or 'asdfghjklgfsasdfaassfweofaacvvefadf.wallet')

When I looked for that particular domain on the Unstoppable Domains site, it is not registered at all.

That made me realize that it must not actually come from domain resolution, but instead is being processed improperly.

I confirmed it by checking with a string of 42 period characters, which is also allowed: '..........................................'

Version

v0.52.0

Relevant log output

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jagodarybacka jagodarybacka

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mr-michael @jagodarybacka @beemeeupnow