solidos icon indicating copy to clipboard operation
solidos copied to clipboard
verified publisher icon SolidOS

Prevent user from creating profile file/html in localStorage

Open chunt007 opened this issue 2 years ago • 1 comments

When I was creating a test.html file for solid-panes repository to render the html and fix XSS bugs, I may have accidentally created a profile.html file in the main storage folder. This file mirrors the actual profile in some way. It is also undeletable.

the card#me is crashed and does not function.

chunt007 avatar Mar 13 '23 22:03 chunt007

@chunt007 The resources that where causing the issue where representing the following files : profile$.htm and profile$.ttl

I was able to reproduce the issue by creating a new resource test$.html. This resource is then stored as a 'test$.html file. Due to the resource mapping algorithm this file is retrieved as test resource.

In your case with profile' this went wrong. Solid do not allow container resource and document resource to have the same name. NSS should forbid this situation to occur. I suppose that NSS when creating profile$.ttl should check that the container resource profile did not exist The check was done with profile$

bourgeoa avatar Mar 14 '23 10:03 bourgeoa