Refuse non-https URLs
Bug #1039084 reported by
Ken VanDine
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Online Accounts: Sign-on UI |
Fix Released
|
Undecided
|
Alberto Mardegan | ||
account-plugins (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
signon-ui (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Based on feedback from the security team in the MIR review bug 1029549, signon-ui needs to only load https URLS.
Related branches
lp:~mardy/signon-ui/webkit-security
- jenkins (community): Needs Fixing (continuous-integration)
- David King (community): Approve
-
Diff: 214 lines (+84/-18)2 files modifiedsrc/browser-request.cpp (+80/-16)
tests/tests.pro (+4/-2)
Changed in signon-ui (Ubuntu): | |
milestone: | none → ubuntu-12.10 |
assignee: | nobody → Alberto Mardegan (mardy) |
importance: | Undecided → High |
status: | New → Triaged |
Changed in online-accounts-signon-ui: | |
assignee: | nobody → Alberto Mardegan (mardy) |
Changed in signon-ui (Ubuntu): | |
assignee: | Alberto Mardegan (mardy) → nobody |
Changed in online-accounts-signon-ui: | |
status: | New → In Progress |
Changed in online-accounts-signon-ui: | |
status: | In Progress → Fix Committed |
Changed in online-accounts-signon-ui: | |
status: | Fix Committed → Fix Released |
Changed in account-plugins (Ubuntu): | |
milestone: | none → ubuntu-12.10-beta-2 |
Changed in signon-ui (Ubuntu): | |
milestone: | ubuntu-12.10 → ubuntu-12.10-beta-2 |
To post a comment you must log in.
This bug was fixed in the package signon-ui - 0.7-0ubuntu1
---------------
signon-ui (0.7-0ubuntu1) quantal; urgency=low
* New upstream release. patches/ unit_tests_ only.patch, merged upstream
- protect webkit from untrusted content, only allow https (LP: #1039084)
* -debian/
-- Ken VanDine <email address hidden> Fri, 07 Sep 2012 09:33:56 -0400