New issue
Advanced search Search tips

Issue 801101 link

Starred by 3 users
Status: Unconfirmed
Owner: ----
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux
Pri: 2
Type: Bug



Sign in to add a comment

javascript code flud in time

Reported by arnoldki...@gmail.com, Jan 11 2018 
UserAgent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101 Firefox/52.0

Steps to reproduce the problem:
1)visit :https://chromium.googlesource.com/
2)click:Generate Password
3)then be redirect to this link:https://accounts.google.com/signin/oauth/oauthchooseaccount?client_id=413937457453.apps.googleusercontent.com&as=-1f14fb06385dcc2&destination=https%3A%2F%2Fwww.googlesource.com&approval_state=!ChRHc3loeGRVN2x5WlphYzdnTkJ4ZxIfNHpvR0VtWW11ZDRSMEFCaFBpNzRuMDhzdXZrS0RoWQ%E2%88%99ACThZt4AAAAAWleCjYx6cp1Dr-ncVW8UliR_ikJWUtkh&xsrfsig=AHgIfE9Mi16sJWp0cQu1NGurgKjiUxCTWA&flowName=GeneralOAuthFlow
4)then choose account to login for exemple :arnoldkik77@gmail.com
5login into accont this link open :https://www.googlesource.com/new-password?state=chromium&code=4/JcK-1B1dSyZJcKrcoRIbs3-riRweIXrgx9cipdWupLs#

What is the expected behavior?
when refrech refresh page the output result:

*400. That’s an error.

Expired or timed out approval to generate Git authentication information.

What went wrong?
i check this sript and i found this syntax:
<script type="text/javascript">
(function() {
  var s = document.getElementById("install");
  var sWin = document.getElementById("install-windows");
  var windowsText = document.getElementById("windows-text");
  var windowsContainer = document.getElementById("windows-container");

  var focusDefault = function() {
    if (windowsText.classList.contains("windows-hidden")) {
      s.focus();
    } else {
      sWin.focus();
    }
  };

  s.onfocus = function() {
    window.setTimeout(function() { s.select(); }, 10);
  }
  sWin.onfocus = function() {
    window.setTimeout(function() { sWin.select(); }, 10);
  }

  document.getElementById("windows-users").onclick = function() {
    windowsText.classList.toggle("windows-hidden");
    windowsContainer.classList.toggle("windows-limit-width");
    focusDefault();
  };

  if (navigator.userAgent.indexOf("Windows") > 0) {
    windowsText.classList.toggle("windows-hidden");
    windowsContainer.classList.toggle("windows-limit-width");
  }
  window.setTimeout(focusDefault, 50);
})();
</script>

*i foud the time of process to generate password and to get the Git 50 ms is to large i suggest 30 ms 
* window.setTimeout(focusDefault, 30); is applicable time to generate password and get git 

Did this work before? N/A 

Chrome version: Chrome Version: 18.0.1025469  Channel: n/a
OS Version: 
Flash Version:
Screenshot from 2018-01-11 11-18-18.png
105 KB View Download

Comment 1 by arnoldki...@gmail.com, Jan 11 2018

Screenshot from 2018-01-11 11-18-20.png
89.1 KB View Download

Comment 2 by arnoldki...@gmail.com, Jan 11 2018

Screenshot from 2018-01-11 11-18-18.png
105 KB View Download

Comment 3 by tkent@chromium.org, Jan 12 2018

Components: -Blink Infra>Git

Comment 4 by arnoldki...@gmail.com, Jan 12 2018 

yes

Comment 5 by elawrence@chromium.org, Jan 12 2018 

I believe this is working (pretty much) as expected: You generated a token. When you refresh the page, your permission to generate a token has expired (you need to go back to the prior page and try again) so you see an error page.

The 50ms setTimeout in the clientside JavaScript concerns focusing of a element on the page and has nothing to do with the HTTP/400 error page.

Comment 6 by arnoldki...@gmail.com, Jan 13 2018 

but is vulnerable to xss stored in  this page look Attach file
Screenshot from 2018-01-13 10-58-12.png
555 KB View Download

Comment 7 by elawrence@chromium.org, Mar 26 2018 

If you can provide a URL that reproduces a XSS vulnerability in the target page (e.g. alert(document.url)) this may be eligible for a bounty and we'd certainly be eager to fix it. The output from your scanning tool is insufficient to reproduce the issue.

Sign in to add a comment