Midori Web Browser

webkit caches res://, stock:// resources

Bug #1210915 reported by gue5t gue5t
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Midori Web Browser
New
Undecided
Unassigned

Bug Description

It looks like webkit caches the responses to res:// and stock:// URIs: midori_view_web_view_resource_request_cb is never called in some cases, so we don't even get a chance to check the "special" flag before providing access; webkit short-circuits us.

This is not a security problem because only pre-cached resources are visible, and those contain no personally identifying information; at best an untrusted web-page can identify that midori is being used, and perhaps its version.

To reproduce:

Download the attached files to the same directory and run the .sh (after reading it, of course).

Revision history for this message
gue5t gue5t (gue5t) wrote :
Revision history for this message
gue5t gue5t (gue5t) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.