[or-cvs] [https-everywhere/master 2/2] securecookie: Dropbox, Evernote, Github
Robert Ransom
rransom.8774 at gmail.com
Fri Nov 12 22:15:55 UTC 2010
On Fri, 12 Nov 2010 18:38:09 +0000 (UTC)
pde at torproject.org wrote:
> Author: Peter Eckersley <pde at eff.org>
> Date: Fri, 12 Nov 2010 10:24:51 -0800
> Subject: securecookie: Dropbox, Evernote, Github
> Commit: 4d87e583e18b42373343e6b19820710fd1a4a088
>
> ---
> src/chrome/content/rules/Dropbox.xml | 2 ++
> src/chrome/content/rules/Evernote.xml | 2 ++
> src/chrome/content/rules/Facebook.xml | 2 +-
> src/chrome/content/rules/Github.xml | 2 ++
> 4 files changed, 7 insertions(+), 1 deletions(-)
>
> diff --git a/src/chrome/content/rules/Dropbox.xml b/src/chrome/content/rules/Dropbox.xml
> index 7df8033..712ad26 100644
> --- a/src/chrome/content/rules/Dropbox.xml
> +++ b/src/chrome/content/rules/Dropbox.xml
> @@ -2,6 +2,8 @@
> <target host="www.dropbox.com" />
> <target host="dropbox.com" />
>
> + <securecookie host="^(.*\.)?dropbox.com$" name=".*" />
The hostname has an unescaped dot. The Evernote and Github
securecookie rules have the same problem.
Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101112/5a19a7e7/attachment.pgp>
More information about the tor-dev
mailing list