Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handling of credentials embedded in URLs #5410

Open
The-Compiler opened this issue May 6, 2020 · 1 comment
Open

Handling of credentials embedded in URLs #5410

The-Compiler opened this issue May 6, 2020 · 1 comment
Labels
priority: 1 - middle Issues which should be done at some point, but aren't that important.

Comments

@The-Compiler
Copy link
Member

Looks like there's a long consensus (to some degree) between browser vendors to ignore credentials which are parts of URLs:

We probably already get the underlying Chromium changes (Chromium 59, so Qt 5.10), but I wonder if there's anything left for qutebrowser to do there.
@The-Compiler The-Compiler added the priority: 1 - middle Issues which should be done at some point, but aren't that important. label May 6, 2020
@Kingdread
Copy link
Contributor

It looks like at least the saved session can contain user/password combinations:

windows:
- [...]
  tabs:
  - active: true
    history:
    - active: true
      [...]
      url: https://foo:bar@kingdread.de/

Maybe worth stripping them there too, for the sake of security and since Chromium probably will start rejecting them at some point anyway then.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority: 1 - middle Issues which should be done at some point, but aren't that important.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@The-Compiler @Kingdread