Closed
Bug 139948
Opened 23 years ago
Closed 23 years ago
SSL Tooltip not updated when going from one ssl site to another
Categories
(Core Graveyard :: Security: UI, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.3
People
(Reporter: kitame, Assigned: KaiE)
References
Details
(Whiteboard: [adt1])
Attachments
(2 files)
2.57 KB,
patch
|
Details | Diff | Splinter Review | |
2.62 KB,
patch
|
javi
:
review+
jag+mozilla
:
superreview+
jesup
:
approval+
|
Details | Diff | Splinter Review |
on 1.0RC1 and trunk (2002-04-23).
Go to https://mail.epost.de/
this is a SSL site signed by verisign (check with tooltip of over the lock icon).
Now go to https://www.entrust.net/
have a look at the tooltip. Hey, why do entrust.net have their website
signed by verisign?
Now a more dangerous case: go to
https://ssl.drinsama.de/
and accept the certificate.
check with the tooltip that you still are on a site sigend by
verisign!
Comment 1•23 years ago
|
||
->PSM
Assignee: mstoltz → ssaux
Component: Security: General → Client Library
Product: Browser → PSM
QA Contact: bsharma → junruh
Version: other → 2.3
Comment 2•23 years ago
|
||
kai.
Can you take a look at this asap?
Assignee: ssaux → kaie
Priority: -- → P1
Target Milestone: --- → 2.3
Comment 3•23 years ago
|
||
It might be of some use to note that Galeon had a bug very similar to this,
which was basically the result of some wise guy who said "Why should we update
the security icon if we're going from one secure site to another??" --
unfortunately, the same function that updated the security icon also updated the
security tooltip. Someone fix this soon so Debian can apply the patch to 1.0
rc1 before releasing Woody on May 1 :P
Assignee | ||
Comment 4•23 years ago
|
||
confirming and accepting bug
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 5•23 years ago
|
||
Jared, I agree, the problem is similar.
I trace the code and see, the security code correctly updates its internal
information to contain the correct new tooltip string.
However, currently security code does not actively push that information to the UI.
Instead, the UI is fetching the string, and seems to cache that string until the
security state changes.
Currently the security code will only notify others when the security state
changes. Obviously this is not correct, it must notify whenever a page finished
loading, and the tooltip text could have potentially changed, to allow the UI to
refetch the tooltip text.
I'm attaching a simple patch, that fixes the problem for me.
Blocks: lockicon
Assignee | ||
Comment 6•23 years ago
|
||
Assignee | ||
Comment 7•23 years ago
|
||
This patch shows that the change only consists of moving one bracket.
It has the effect that the notifying code will be executed in any case a
document loading stops (no longer only if the state differs from the previous
state).
Assignee | ||
Comment 8•23 years ago
|
||
Javi, can you please review?
Jag, can you please superreview?
Comment 9•23 years ago
|
||
Comment on attachment 81452 [details] [diff] [review]
Same Patch with bigger context and ignoring whitespace
r=javi
Attachment #81452 -
Flags: review+
Updated•23 years ago
|
Attachment #81452 -
Flags: superreview+
Comment 10•23 years ago
|
||
sr=jag
Comment 12•23 years ago
|
||
Comment on attachment 81452 [details] [diff] [review]
Same Patch with bigger context and ignoring whitespace
a=rjesup@wgate.com for branch checkin; please make sure it's in trunk as well
Attachment #81452 -
Flags: approval+
Assignee | ||
Comment 13•23 years ago
|
||
Checked in to trunk, fixed.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Comment 14•23 years ago
|
||
adding adt1.0.0+. Please check this into the branch and add the fixed1.0.0 keyword.
Comment 16•23 years ago
|
||
Verified on branch.
Status: RESOLVED → VERIFIED
Keywords: fixed1.0.0 → verified1.0.0
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•