--------------Boundary-00=_O5AB77IEP34M4OLZ6NDB
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

On Tuesday 31 October 2000 20:34, TiloUlbrich@web.de wrote:

> So it is possible to exec programms which needn't arguments. E.g
> "/sbin/halt" if I work with "root" were big shit.

Nobody is supposed to run KDE as root.

> It was a good thing to disable the HTML-View for default.

It is, or wasn't it for you?

Anyway, thanks for the bug report. I will also increase severity, as it 
should be fixed. See below for how to reproduce (you need the file
of course. click on the link and it will start.)

To the khtml guys: how can we disable executing local URLs on click?

regards
 Daniel

-- 
Daniel Naber, Paul-Gerhardt-Str. 2, 33332 Gütersloh
Tel. 05241-59371, Mobil 0170-4819674

--------------Boundary-00=_O5AB77IEP34M4OLZ6NDB
Content-Type: text/html;
  name="localexec.html"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="localexec.html"

<html><head><title>test local /usr/bin/ls</title></head>
<body>

test: <a href="/usr/bin/xmms">/usr/bin/xmms</a>

</body>
</html>

--------------Boundary-00=_O5AB77IEP34M4OLZ6NDB--
 
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<