Invalid HTML / Don't use GET

VERIFIED FIXED in Bugzilla old

Status

()

Bugzilla
Bugzilla-General
P3
normal
VERIFIED FIXED
19 years ago
a year ago

People

(Reporter: philemon, Assigned: Terry Weissman)

Tracking

unspecified
Bugzilla old

Details

(URL)

(Reporter)

Description

19 years ago
It's my first bug report here, so please bear with me. I have searched for a
similar bug, but found none.

On http://bugzilla.mozilla.org/changepassword.cgi, if one fills in the data and
presses "Login", the URL contains the password.

Well, IMHO, it's generally a bad idea to use METHOD="get" when sending password
due to additional security loss (ok, which security ;-). If this is intention
for bookmarking the URL, well you may want to reconsider it nevertheless.

----

Second (sorry, if this should be in a second bug): The resulting page contains
no end tag for the FORM element. Therefore this page does not work with either
M10 or Amiga Voyager V3pre2: Everything is displayed fine, but nothing happens,
when "Submit" is pressed.

end of BODY and HTML are also missing, but the FORM is what causes it to stop
working. Additionally, no DTD is specified at top.

I did not search for further mistakes. You may want to apply a HTML checker on
all pages. ;-)
(Assignee)

Updated

19 years ago
Status: NEW → RESOLVED
Last Resolved: 19 years ago
Resolution: --- → FIXED
(Assignee)

Comment 1

19 years ago
Yes, two bug reports would have been better, but no big deal.

Fixed.  (Well, there are still some cases where the password can appear up in
the URL, because of bookmarking stuff and the like, but this particular obvious
case has been fixed.)

And I added a "</FORM>".
per Terry, auto-verifying any resolved bug that hasn't been touched since before 
2.10 was released.
Status: RESOLVED → VERIFIED
Moving to Bugzilla product
Component: Bugzilla → Bugzilla-General
Product: Webtools → Bugzilla
QA Contact: matty
Target Milestone: --- → Bugzilla old
Version: other → unspecified
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.