[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    Bug#14253: kmail html security bug
From:       Daniel Naber <daniel.naber () t-online ! de>
Date:       2000-11-01 13:33:20
[Download RAW message or body]

On Wednesday 01 November 2000 13:18, Michael Haeckel wrote:

> I just fixed it in the HEAD branch. If someone confirms, that the
> attached patch is correct, I commit it also to the KDE_2_0_BRANCH and
> send a mail to the translators.

The patch works for me. But from a security point of view, it would be 
better to revert the first if(). i.e. don't check when to use the popup, 
but check when not to use it (e.g. text/html). On the other hand, I don't 
think we should not trust findByURL() at all. It's more secure to always 
pop up the dialog (with "open" instead of "execute" if it makes more 
sense).

Regards
 Daniel

-- 
Daniel Naber, Paul-Gerhardt-Str. 2, 33332 Gütersloh
Tel. 05241-59371, Mobil 0170-4819674

[prev in list] [next in list] [prev in thread] [next in thread]