On Thursday 11 October 2001 20:50, David Faure wrote:
>
> We already have this, see originCheck. in kjs_proxy or kjs_binding.
> I think you are all talking about a theorical security problem without
> even testing if it exists......

Well, when displaying the example given by Malte in Konqueror via http I =
get a=20
security warning I can't get rid of without killing Konqeror. Closing it=20
opens it again.
However in a HTML e-mail it is displayed.
Also if a HTML mail contains a iframe with an external page it is display=
ed,=20
even if external references are disabled.

Regards,
Michael H=E4ckel