[Webkit-unassigned] [Bug 222130] New: hasBrokenEncryptedMediaAPISupportQuirk has overly permissive whitelist

Thu Feb 18 13:37:58 PST 2021

https://bugs.webkit.org/show_bug.cgi?id=222130

            Bug ID: 222130
           Summary: hasBrokenEncryptedMediaAPISupportQuirk has overly
                    permissive whitelist
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rich at rd.nz

The hasBrokenEncryptedMediaAPISupportQuirk enables quirks behaviour for several whitelisted domains. The rule to allow subdomains of hulu.com appears to be missing a "." so it would also allow sites like "notreallyhulu.com" as well as genuine subdomains.

In other words, the check 'domain.endsWith("hulu.com")' should probably be 'domain.endsWith(".hulu.com")'. This would bring it in line with rules for the other domains.

See: https://github.com/WebKit/WebKit/blob/4e8064a058644469e9312abdb736c4164c848e71/Source/WebCore/page/Quirks.cpp#L187

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210218/4d168320/attachment.htm>