[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted
From: |
Lars Magne Ingebrigtsen |
Subject: |
bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls |
Date: |
Sun, 11 Sep 2011 20:16:45 +0200 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) |
Glenn Morris <rgm@gnu.org> writes:
> (url-cookie-host-can-set-p "images.google.com" ".google.com")
>
> returns non-nil (because "com" is in url-cookie-two-dot-domains).
>
> And so does:
>
> (setq url-cookie-two-dot-domains "\\.nl\\'")
> (url-cookie-host-can-set-p "images.google.nl" ".google.nl")
>
> But having
>
> (url-cookie-host-can-set-p "foo.co.uk" ".co.uk")
>
> return non-nil would be bad.
>
> It cetainly seems like this problem to me:
>
> http://my.opera.com/yngve/blog/show.dml/267415
I think you're right. Nobody proposed a solution, though. :-)
Is there a list of known safe two-dot domains that we could use out
there somewhere?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog http://lars.ingebrigtsen.no/
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls,
Lars Magne Ingebrigtsen <=
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Glenn Morris, 2011/09/12
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Lars Magne Ingebrigtsen, 2011/09/13
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Glenn Morris, 2011/09/13
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Lars Magne Ingebrigtsen, 2011/09/13
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Glenn Morris, 2011/09/13
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Lars Magne Ingebrigtsen, 2011/09/14
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Stefan Monnier, 2011/09/14
- bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls, Lars Magne Ingebrigtsen, 2011/09/15