[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Patch: konqueror form attacks
From: Matthias Hoelzer-Kluepfel <mhk () caldera ! de>
Date: 2001-09-03 14:51:00
[Download RAW message or body]
On Monday 03 September 2001 16:08, you wrote:
> On Mon, 3 Sep 2001, Matthias Hoelzer-Kluepfel wrote:
> > Sounds reasonable. One problem, however, is that with your modification,
> > the user can allow to use protocols other than http and https. This is
> > blocked in konqueror, currently, but maybe we should still disallow it at
> > this place. What do you think?
>
> I'm all for allowing it if the user specifically requests it - what's
> wrong with e.g.
>
> <p>Please let me know what you think about my website</p>
> <form method=post action="mailto:foo@bar.com">
> <textarea>Your comments here!</textarea>
> </form>
>
> This stuff is not very nice, but I don't see why it shouldn't work (and
> yes, I've actually seen people doing this, mostly while learning html).
Ok, agreed to that.
Now the only question left is: Can we add this new string at this point?
Bye,
Matthias.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic