[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: Bug#14253: kmail html security bug
From: Daniel Naber <daniel.naber () t-online ! de>
Date: 2000-11-01 13:33:20
[Download RAW message or body]
On Wednesday 01 November 2000 13:18, Michael Haeckel wrote:
> I just fixed it in the HEAD branch. If someone confirms, that the
> attached patch is correct, I commit it also to the KDE_2_0_BRANCH and
> send a mail to the translators.
The patch works for me. But from a security point of view, it would be
better to revert the first if(). i.e. don't check when to use the popup,
but check when not to use it (e.g. text/html). On the other hand, I don't
think we should not trust findByURL() at all. It's more secure to always
pop up the dialog (with "open" instead of "execute" if it makes more
sense).
Regards
Daniel
--
Daniel Naber, Paul-Gerhardt-Str. 2, 33332 Gütersloh
Tel. 05241-59371, Mobil 0170-4819674
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic