GNU bug report logs - #1401
23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls

Previous Next

Package: emacs;

Reported by: "Karol Hosiawa" <hosiawak <at> gmail.com>

Date: Fri, 21 Nov 2008 15:30:02 UTC

Severity: normal

Tags: fixed, patch

Fixed in version 24.2

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 1401 <at> emacsbugs.donarmstrong.com (full text, mbox):

From: Glenn Morris <rgm <at> gnu.org>
To: "Karol Hosiawa" <hosiawak <at> gmail.com>
Cc: 1401 <at> debbugs.gnu.org
Subject: Re: bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls
Date: Tue, 02 Dec 2008 15:56:16 -0500

"Karol Hosiawa" wrote:

> (url-cookie-host-can-set-p "images.google.nl" ".google.nl")
> nil


Yes, but

(url-cookie-host-can-set-p "images.google.com" ".google.com")

returns non-nil (because "com" is in url-cookie-two-dot-domains).

And so does:

(setq url-cookie-two-dot-domains "\\.nl\\'")
(url-cookie-host-can-set-p "images.google.nl" ".google.nl")

But having

(url-cookie-host-can-set-p "foo.co.uk" ".co.uk")

return non-nil would be bad.


It cetainly seems like this problem to me:

http://my.opera.com/yngve/blog/show.dml/267415

This bug report was last modified 13 years and 101 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #1401 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls

GNU bug report logs - #1401
23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls