[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Review Request: Consider data: URLs local in KIO::AccessManager
From: "Dawit Alemayehu" <adawit () kde ! org>
Date: 2011-04-16 19:01:04
Message-ID: 20110416190104.29300.55070 () vidsolbach ! de
[Download RAW message or body]
> On April 16, 2011, 4:45 p.m., Kevin Krammer wrote:
> > Wouldn't it make more sense to change KProtocolInfo::protocolClass() such that it \
> > considers data: to be local access?
>
> Volker Krause wrote:
> That was indeed my first attempt, but David pointed out that this would have \
> further (security) implications, since the protocol class is also used in a number \
> of different places where the use of data: might not be desired. Instead, I \
> followed the approach chosen by KHTML now, explicitly white-listing data: only for \
> retrieval but nothing else.
Well I guess I am the one that broke this in an attempt to make it more generic. The \
change seems fine, but you patch should then do the following:
if (scheme.compare(QL1S("data"), Qt::CaseInsensitive) == 0)
return true;
if (KProtocolInfo::isKnownProtocol(scheme) &&
KProtocolInfo::protocolClass(scheme).compare(QL1S(":local"), \
Qt::CaseInsensitive) == 0) return true;
return false;
since isLocalRequest is more likely to encounter the "data" protocol than any other \
local protocol.
- Dawit
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/101140/#review2680
-----------------------------------------------------------
On April 16, 2011, 4:27 p.m., Volker Krause wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/101140/
> -----------------------------------------------------------
>
> (Updated April 16, 2011, 4:27 p.m.)
>
>
> Review request for kdelibs.
>
>
> Summary
> -------
>
> Currently KIO::AccessManager blocks retrieval of embedded data: URLs if external \
> references are disabled. This does not match the behavior in KHTML and breaks for \
> example the display of sender photos/logos in KMail (which uses kdewebkit).
>
> Diffs
> -----
>
> kio/kio/accessmanager.cpp bfb4721
>
> Diff: http://git.reviewboard.kde.org/r/101140/diff
>
>
> Testing
> -------
>
>
> Thanks,
>
> Volker
>
>
[Attachment #3 (text/html)]
<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 \
solid;"> <tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="http://git.reviewboard.kde.org/r/101140/">http://git.reviewboard.kde.org/r/101140/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <p style="margin-top: 0;">On April 16th, 2011, 4:45 p.m., <b>Kevin \
Krammer</b> wrote:</p> <blockquote style="margin-left: 1em; border-left: 2px solid \
#d0d0d0; padding-left: 10px;"> <pre style="white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Wouldn't it make more sense to change KProtocolInfo::protocolClass() \
such that it considers data: to be local access?</pre> </blockquote>
<p>On April 16th, 2011, 5:30 p.m., <b>Volker Krause</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: \
10px;"> <pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">That was indeed my first \
attempt, but David pointed out that this would have further (security) implications, \
since the protocol class is also used in a number of different places where the use \
of data: might not be desired. Instead, I followed the approach chosen by KHTML now, \
explicitly white-listing data: only for retrieval but nothing else.</pre> \
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: \
-pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Well I guess I am the \
one that broke this in an attempt to make it more generic. The change seems fine, but \
you patch should then do the following:
if (scheme.compare(QL1S("data"), Qt::CaseInsensitive) == 0)
return true;
if (KProtocolInfo::isKnownProtocol(scheme) &&
KProtocolInfo::protocolClass(scheme).compare(QL1S(":local"), \
Qt::CaseInsensitive) == 0) return true;
return false;
since isLocalRequest is more likely to encounter the "data" protocol than \
any other local protocol.</pre> <br />
<p>- Dawit</p>
<br />
<p>On April 16th, 2011, 4:27 p.m., Volker Krause wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" \
style="background-image: \
url('http://git.reviewboard.kde.org/media/rb/images/review_request_box_top_bg.png'); \
background-position: left top; background-repeat: repeat-x; border: 1px black \
solid;"> <tr>
<td>
<div>Review request for kdelibs.</div>
<div>By Volker Krause.</div>
<p style="color: grey;"><i>Updated April 16, 2011, 4:27 p.m.</i></p>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: \
1px solid #b8b5a0"> <tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: \
-moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: \
break-word;">Currently KIO::AccessManager blocks retrieval of embedded data: URLs if \
external references are disabled. This does not match the behavior in KHTML and \
breaks for example the display of sender photos/logos in KMail (which uses \
kdewebkit).</pre> </td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>kio/kio/accessmanager.cpp <span style="color: grey">(bfb4721)</span></li>
</ul>
<p><a href="http://git.reviewboard.kde.org/r/101140/diff/" style="margin-left: \
3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic