Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
Already on GitHub? Sign in to your account
HTTPS subresource validation fail #315
Comments
lwindolf
added
the
bug
label
Feb 23, 2016
|
WebKit 2 pass that test, so this is fixed in 1.12. |
Leiaz
closed this
Oct 21, 2016
lwindolf
added this to the 1.12-RC1 milestone
Oct 21, 2016
lwindolf
self-assigned this
Oct 21, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
damascene commentedFeb 12, 2016
Liferea will silently load content, including scripts, from servers with invalid certificates. This allows a MitM attacker to inject code into most web pages.
Further explanation and test case: https://rya.nc/https-script.html
You can directly do some tests using this rss feed https://raw.githubusercontent.com/damascene/s-check/master/rss.xml from s-check