[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Patch: konqueror form attacks
From: Martijn Klingens <mklingens () yahoo ! com>
Date: 2001-09-03 18:39:45
[Download RAW message or body]
On Monday 03 September 2001 20:21, Waldo Bastian wrote:
> As far as "mailto:" requests go, "mailto" is not a protocol in the sense of
> KIO, so such URLs should never end up in http_post(). http_post should
> _ONLY_ be called with http or https URLs since only the http and https
> KIO-protocols support the POST action. The assert is there to make that
> sure. Calling it with any other URL is a software error, it's not a runtime
> error because the calling function should have checked that already.
Doesn't POST work on file: ? AFAIK it is possible to process form data with
JavaScript, so file: is not entirely ridiculous, though it should only be
allowed IMO if both source and destination are file:, not if only destination
is.
Or is JavaScript only able to process GET forms ?
Martijn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic