[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Re: Fwd: [Bug 22558] referrer leaks through to non-referring site
From: Waldo Bastian <bastian () kde ! org>
Date: 2003-07-10 10:52:20
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 07 July 2003 16:27, you wrote:
> On Mon, 07 Jul 2003, Waldo Bastian wrote:
> > Attached are two patches as a partial fix to the referrer problem. It
> > changes the way how d->m_pageReferrer is set within KHTMLPart: It is now
> > set according to the information that it gets back from the io-slave
> > (http slave). This ensures that the document.referrer is better synced to
> > the actual referrer send by the http-slave.
>
> Not that I actually read the patch yet, but I just wanted to note that
> document.referrer is not supposed to be synced with the referrer that the
> kio_http sends. it should contain the url the user browsed before, not the
> one embedded objects refer to.
It seems that KDE 3.1.1 broke this (r1.828/r1.770.2.15 to be exacly)
khtml_part.h says
/**
* Referrer used for links in this page.
*/
QString referrer() const;
But the implementation returns d->m_pageReferrer which is the url the user
browsed before. Javascript's document.referrer() should clearly return
d->m_pageReferrer but e.g. saveLinkAs should use d->m_referrer. Since KDE
3.1.1 it uses d->m_pageReferrer which is wrong.
I suggest to revert referrer() to it's KDE 3.1 behavior and add an additional
function QString pageReferrer() const; which can then be used by
document.referrer()
Cheers,
Waldo
- --
bastian@kde.org -=|[ SuSE, The Linux Desktop Experts ]|=- bastian@suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/DUVkN4pvrENfboIRAl+XAJ4zYuL1SiO7mK5uok4SRHRRoEF0ngCghMTm
fvqaDuWarVfwDlIZa+W+Cpk=
=Rw1B
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic