[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Patch: konqueror form attacks
From:       Matthias Hoelzer-Kluepfel <mhk () caldera ! de>
Date:       2001-09-03 14:51:00
[Download RAW message or body]

On Monday 03 September 2001 16:08, you wrote:
> On Mon, 3 Sep 2001, Matthias Hoelzer-Kluepfel wrote:
> > Sounds reasonable. One problem, however, is that with your modification,
> > the user can allow to use protocols other than http and https. This is
> > blocked in konqueror, currently, but maybe we should still disallow it at
> > this place. What do you think?
>
> I'm all for allowing it if the user specifically requests it - what's
> wrong with e.g.
>
> <p>Please let me know what you think about my website</p>
> <form method=post action="mailto:foo@bar.com">
> <textarea>Your comments here!</textarea>
> </form>
>
> This stuff is not very nice, but I don't see why it shouldn't work (and
> yes, I've actually seen people doing this, mostly while learning html).

Ok, agreed to that.

Now the only question left is: Can we add this new string at this point?

Bye,
Matthias.

[prev in list] [next in list] [prev in thread] [next in thread]