[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Something fishy about link security checking
From:       Peter Eisentraut <peter_e () gmx ! net>
Date:       2005-11-29 0:01:48
Message-ID: 200511290101.49130.peter_e () gmx ! net
[Download RAW message or body]

I'm analyzing this Debian bug: 
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=332778>.  KMLDonkey 
registers a ed2k protocol which calls an external helper program.  
Clicking on such a link published on an internet site exposes the 
following strange behavior:

First, you are asked "This untrusted page links to xyz. Do you want to 
follow the link?"  If you then click on "Follow", you get a message 
saying "Access by untrusted page to xyz denied." (the very thing I just 
agreed to).

I traced this through the code in kdelibs/khtml/khtml_part.cpp.  The 
first call to checkLinkSecurity (which prints these messages) is in 
method KHTMLPart::urlSelected line 3756 in my copy.  If you click 
"Follow", the code continues, according to my guess, to call 
requestObject, where checkLinkSecurity is called again, without a 
dialog to choose, so the check fails.  Somehow, the second call ought 
to be avoided.

I have kdelibs 3.4.2-4 from Debian.

Does anyone have an idea what's going on here?
 
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]