author Johann Hofmann <jhofmann@mozilla.com>

Wed, 24 May 2017 22:04:01 +0200

changeset 704722 b9d55d687307067a2aecfa6f139975fbe62f0319

parent 704706 c2248f85346939d3e0b01f57276c440ccb2d16a1

child 742137 9c8b8941e354b8483ac820019e01cf8b958bb759

push id 91221

push user bmo:jhofmann@mozilla.com

push date Tue, 28 Nov 2017 21:56:31 +0000

reviewers MattN

bugs 1364208

milestone 59.0a1

toolkit/components/passwordmgr/InsecurePasswordUtils.jsm file | annotate | diff | comparison | revisions
--- a/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
+++ b/toolkit/components/passwordmgr/InsecurePasswordUtils.jsm
@@ -82,17 +82,20 @@ this.InsecurePasswordUtils = {
   _checkFormSecurity(aForm) {
     let isFormSubmitHTTP = false, isFormSubmitSecure = false;
     if (aForm.rootElement instanceof Ci.nsIDOMHTMLFormElement) {
       let uri = Services.io.newURI(aForm.rootElement.action || aForm.rootElement.baseURI);
       let principal = gScriptSecurityManager.createCodebasePrincipal(uri, {});
 
       if (uri.schemeIs("http")) {
         isFormSubmitHTTP = true;
-        if (gContentSecurityManager.isOriginPotentiallyTrustworthy(principal)) {
+        if (gContentSecurityManager.isOriginPotentiallyTrustworthy(principal) ||
+            // Ignore sites with local IP addresses pointing to local forms.
+            (this._isPrincipalForLocalIPAddress(aForm.rootElement.nodePrincipal) &&
+             this._isPrincipalForLocalIPAddress(principal))) {
           isFormSubmitSecure = true;
         }
       } else {
         isFormSubmitSecure = true;
       }
     }
 
     return { isFormSubmitHTTP, isFormSubmitSecure };
author	Johann Hofmann <jhofmann@mozilla.com>
	Wed, 24 May 2017 22:04:01 +0200
changeset 704722	b9d55d687307067a2aecfa6f139975fbe62f0319
parent 704706	c2248f85346939d3e0b01f57276c440ccb2d16a1
child 742137	9c8b8941e354b8483ac820019e01cf8b958bb759
push id	91221
push user	bmo:jhofmann@mozilla.com
push date	Tue, 28 Nov 2017 21:56:31 +0000
reviewers	MattN
bugs	1364208
milestone	59.0a1