2] securecookie: Dropbox, Evernote, Github

Robert Ransom Fri, 12 Nov 2010 14:16:08 -0800

On Fri, 12 Nov 2010 18:38:09 +0000 (UTC)
[email protected] wrote:

> Author: Peter Eckersley <[email protected]>
> Date: Fri, 12 Nov 2010 10:24:51 -0800
> Subject: securecookie: Dropbox, Evernote, Github
> Commit: 4d87e583e18b42373343e6b19820710fd1a4a088
> 
> ---
>  src/chrome/content/rules/Dropbox.xml  |    2 ++
>  src/chrome/content/rules/Evernote.xml |    2 ++
>  src/chrome/content/rules/Facebook.xml |    2 +-
>  src/chrome/content/rules/Github.xml   |    2 ++
>  4 files changed, 7 insertions(+), 1 deletions(-)
> 
> diff --git a/src/chrome/content/rules/Dropbox.xml 
> b/src/chrome/content/rules/Dropbox.xml
> index 7df8033..712ad26 100644
> --- a/src/chrome/content/rules/Dropbox.xml
> +++ b/src/chrome/content/rules/Dropbox.xml
> @@ -2,6 +2,8 @@
>    <target host="www.dropbox.com" />
>    <target host="dropbox.com" />
>  
> +  <securecookie host="^(.*\.)?dropbox.com$" name=".*" />


The hostname has an unescaped dot.  The Evernote and Github
securecookie rules have the same problem.


Robert Ransom

signature.asc
Description: PGP signature

Re: [or-cvs] [https-everywhere/master 2/2] securecookie: Dropbox, Evernote, Github

Reply via email to