'Re: Outstanding critical issue for KDE 2.2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Outstanding critical issue for KDE 2.2
From:       Kurt Granroth <granroth () suse ! com>
Date:       2001-08-01 22:10:40
[Download RAW message or body]

On Wednesday 01 August 2001 02:49 pm, Waldo Bastian wrote:
> > Is that perhaps overkill?  From what I gather, passwords are already
> > protected, and the only other item we are concerned about is credit card
> > numbers.  Well, those are relatively easy to identify:  '^[0-9 -]{6,}$'
> > (this net is too large as well but I would think most other forms with
> > over 5 chars have at least one alpha character).  Maybe just disable if
> > that regex matches?  I think we will get 1,000,000 bug reports saying
> > "form completion does not work sometimes", and really it would not be
> > unreasonable to consider complete disabling of auto-completion based on
> > http/https a UI bug.
>
> That might work. Aren't credit card input fields sometimes split into 3
> seperate fields though? Maybe something like "don't store anything with
> more numbers than other characters". That would probably exclude dates and
> phone numbers as well though, I guess that's a small price to pay.

How about the attached patch?  It looks at the to-be-stored value and if it 
is all numbers or '-', it returns.  If it contains anything else, we assume 
it's not a cc number and store it.
-- 
Kurt Granroth            | http://www.granroth.org
KDE Developer/Evangelist | SuSE Labs Open Source Developer
granroth@kde.org         | granroth@suse.com
            KDE -- Conquer Your Desktop

["khtmlview.diff" (text/x-diff)]

Index: khtmlview.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/khtmlview.cpp,v
retrieving revision 1.397
diff -b -u -u -r1.397 khtmlview.cpp
--- khtmlview.cpp	2001/07/30 00:18:27	1.397
+++ khtmlview.cpp	2001/08/01 22:07:24
@@ -1051,6 +1051,20 @@
 {
     if (!m_part->settings()->isFormCompletionEnabled())
         return;
+    // don't store values that are all numbers or just numbers with
+    // dashes as those are likely things like credit card numbers
+    bool cc_number(true);
+    for (int i = 0; i < value.length(); ++i)
+    {
+      QChar c(value[i]);
+      if (!c.isNumber() && c != '-')
+      {
+        cc_number = false;
+        break;
+      }
+    }
+    if (cc_number)
+      return;
     QStringList items = formCompletionItems(name);
     if (!items.contains(value))
         items.prepend(value);


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic