Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI

RESOLVED FIXED in Firefox 61

Status

()

defect
P3
normal
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: valentin, Assigned: valentin)

Tracking

(Blocks 1 bug)

Trunk
mozilla61
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox60 wontfix, firefox61 fixed)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 attachment)

This bug was filed because of bug 1433958 comment 52

At the moment, when the username is "" we also strip the password.
First of all, this does not follow the spec.
Secondly, while it's not clear that we can get into a situation where the username is empty and the password is not, we should ensure that it is always cleared when calling SetPassword("")

Comment 2

a year ago
mozreview-review
Comment on attachment 8967886 [details]
Bug 1439632 - Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI

https://reviewboard.mozilla.org/r/236576/#review244154
Attachment #8967886 - Flags: review?(honzab.moz) → review+

Comment 3

a year ago
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/b4b2f2f22ab8
Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI r=mayhemer

Comment 4

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/b4b2f2f22ab8
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.