HackerOne: External URL page bypass

2015-05-20T21:58:06
ID H1:63158
Type hackerone
Reporter danielchatfield
Modified 2015-05-28T08:36:19

Description

A specially crafted URL can bypass the external URL warning page.

Details

A url that starts with two forward slashes is treated as absolute by browsers. The markdown renderer refuses to render links that start like this, however it can be tricked by using a control character e.g.

"test"