Fix address bar spoofing server routes (#244)

duckduckgo · Nov 20, 2024 · 7359c84 · 7359c84
1 parent d652d9b
commit 7359c84
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 4 deletions.
diff --git a/security/address-bar-spoofing/spoof-js-download-url.html b/security/address-bar-spoofing/spoof-js-download-url.html
@@ -11,7 +11,7 @@
       const w = open()
       w.opener = null
       w.document.write('<h1>Not DDG.</h1>')
-      w.location = '/security/address-bar-spoofing-download-redirect'
+      w.location = '/security/abs/download-redirect'
     }
   </script>
 </head>

diff --git a/security/address-bar-spoofing/spoof-new-window.html b/security/address-bar-spoofing/spoof-new-window.html
@@ -19,7 +19,7 @@
                 try {
                     w.location.href;
                 } catch (e) {
-                    w.location.href = 'https://broken.third-party.site/security/address-bar-spoofing/no-content';
+                    w.location.href = 'https://broken.third-party.site/security/abs/no-content';
                     clearInterval(i);
                 }
             }, 1);
@@ -37,7 +37,7 @@
     vulnerable to this attack. Note: this won't work if run from broken.third-party.site. Ensure it is run from 
     another origin such as https://privacy-test-pages.site.
 
-    
+
     <button onclick="newWindow()">New Window</button>
     <button onclick="spoof()">Spoof</button>
 </body>

diff --git a/server.js b/server.js
@@ -279,7 +279,7 @@ const viewportRoutes = require('./viewport/server/routes.js');
 app.use('/viewport', viewportRoutes);
 
 const addressBarSpoofingRoutes = require('./security/address-bar-spoofing/server/routes.js');
-app.use('/security/address-bar-spoofing-download-redirect', addressBarSpoofingRoutes);
+app.use('/security/abs/', addressBarSpoofingRoutes);
 
 const phishingDetectionRoutes = require('./security/badware/server/routes.js');
 app.use('/security/badware/phishing-redirect', phishingDetectionRoutes);