GNU bug report logs - #1401
23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls

Previous Next

Package: emacs;

Reported by: "Karol Hosiawa" <hosiawak <at> gmail.com>

Date: Fri, 21 Nov 2008 15:30:02 UTC

Severity: normal

Tags: fixed, patch

Fixed in version 24.2

Done: Lars Magne Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Magne Ingebrigtsen <larsi <at> gnus.org>
To: Glenn Morris <rgm <at> gnu.org>
Cc: 1401 <at> debbugs.gnu.org, Karol Hosiawa <hosiawak <at> gmail.com>
Subject: bug#1401: 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls
Date: Tue, 13 Sep 2011 21:38:03 +0200

Glenn Morris <rgm <at> gnu.org> writes:

>> Is there a list of known safe two-dot domains that we could use out
>> there somewhere?
>
> http://publicsuffix.org/

Oh, dear.  That's a huge list.  

http://mxr.mozilla.org/mozilla-central/source/netwerk/dns/effective_tld_names.dat?raw=1

And it probably changes quite a bit.  Is it worth including this 70K
file in Emacs to deal with the cookie-setting problem?

-- 
(domestic pets only, the antidote for overdose, milk.)
  bloggy blog http://lars.ingebrigtsen.no/

This bug report was last modified 13 years and 102 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #1401 23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls

GNU bug report logs - #1401
23.0.60; url-cookie-handle-set-cookie doesnt check for trusted urls