Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI

RESOLVED FIXED in Firefox 61

Status

()

defect
P3
normal
RESOLVED FIXED
Last year
Last year

People

(Reporter: valentin.gosu, Assigned: valentin.gosu)

Tracking

(Blocks 1 bug)

Trunk
mozilla61
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox60 wontfix, firefox61 fixed)

Details

(Whiteboard: [necko-triaged])

Attachments

(1 attachment)

This bug was filed because of bug 1433958 comment 52

At the moment, when the username is "" we also strip the password.
First of all, this does not follow the spec.
Secondly, while it's not clear that we can get into a situation where the username is empty and the password is not, we should ensure that it is always cleared when calling SetPassword("")
Comment on attachment 8967886 [details]
Bug 1439632 - Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI

https://reviewboard.mozilla.org/r/236576/#review244154
Attachment #8967886 - Flags: review?(honzab.moz) → review+
Pushed by valentin.gosu@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/b4b2f2f22ab8
Make sure password is always empty after calling SetPassword(EmptyCString()) on a URI r=mayhemer
https://hg.mozilla.org/mozilla-central/rev/b4b2f2f22ab8
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
You need to log in before you can comment on or make changes to this bug.