Status: Assigned Owner: pkast...@chromium.org CC: bre...@chromium.org Labels: Type-Bug Pri-2 OS-All Area-BrowserUI Mstone-X
New issue 26653 by pkast...@chromium.org: Improve omnibox/history system handling of HTTP auth URLs http://code.google.com/p/chromium/issues/detail?id=26653 There are two related fixes that need to be made: * URLs with HTTP auth info should have usernames/passwords stripped before entering the URL DB. Otherwise, simply hitting ctrl-h and copying the link address reveals the credentials. It also prevents autocompletion on the hostname, since we prefix-check against the credentials instead. When we do this we should probably "migrate" all the old data by stripping these. * In either the AutocompleteInput parser or the HistoryURLProvider (I'm not sure which), attempted usernames or passwords should be stripped off before running autocomplete. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
