[Webkit-unassigned] [Bug 261738] HTTP Basic Auth in URL not used
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Sep 21 07:25:20 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=261738
Anne van Kesteren <annevk at annevk.nl> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |BrowserCompat
CC| |karlcow at apple.com
Status|RESOLVED |REOPENED
Resolution|INVALID |---
--- Comment #4 from Anne van Kesteren <annevk at annevk.nl> ---
Thanks, I guess we should keep this open for now then. The phishing aspect for these URLs is mainly that you could put something before the `@` that might confuse the end user about where they are going.
It's deprecated for all URLs apparently: https://www.rfc-editor.org/rfc/rfc3986.html#section-3.2.1. https://url.spec.whatwg.org agrees with this though states it in a less obvious manner.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230921/8ac5e518/attachment-0001.htm>
More information about the webkit-unassigned
mailing list