[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Patch: konqueror form attacks
From:       Martijn Klingens <mklingens () yahoo ! com>
Date:       2001-09-03 18:39:45
[Download RAW message or body]

On Monday 03 September 2001 20:21, Waldo Bastian wrote:
> As far as "mailto:" requests go, "mailto" is not a protocol in the sense of
> KIO, so such URLs should never end up in http_post(). http_post should
> _ONLY_ be called with http or https URLs since only the http and https
> KIO-protocols support the POST action. The assert is there to make that
> sure. Calling it with any other URL is a software error, it's not a runtime
> error because the calling function should have checked that already.

Doesn't POST work on file: ? AFAIK it is possible to process form data with 
JavaScript, so file: is not entirely ridiculous, though it should only be 
allowed IMO if both source and destination are file:, not if only destination 
is.

Or is JavaScript only able to process GET forms ?

Martijn

[prev in list] [next in list] [prev in thread] [next in thread]