[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Something fishy about link security checking
From: Peter Eisentraut <peter_e () gmx ! net>
Date: 2005-11-29 0:01:48
Message-ID: 200511290101.49130.peter_e () gmx ! net
[Download RAW message or body]
I'm analyzing this Debian bug:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332778>. KMLDonkey
registers a ed2k protocol which calls an external helper program.
Clicking on such a link published on an internet site exposes the
following strange behavior:
First, you are asked "This untrusted page links to xyz. Do you want to
follow the link?" If you then click on "Follow", you get a message
saying "Access by untrusted page to xyz denied." (the very thing I just
agreed to).
I traced this through the code in kdelibs/khtml/khtml_part.cpp. The
first call to checkLinkSecurity (which prints these messages) is in
method KHTMLPart::urlSelected line 3756 in my copy. If you click
"Follow", the code continues, according to my guess, to call
requestObject, where checkLinkSecurity is called again, without a
dialog to choose, so the check fails. Somehow, the second call ought
to be avoided.
I have kdelibs 3.4.2-4 from Debian.
Does anyone have an idea what's going on here?
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic