On Sunday 22 April 2001 16:11, Michael Häckel wrote: > ---------- Forwarded Message ---------- > Subject: Re: Bug#24528 acknowledged by developer (kmail URL reference > "file:" not "recognised") > Date: Sun, 22 Apr 2001 12:11:52 +0200 > From: Remko Scharroo > To: Michael Häckel > > > On Sunday, 22. April 2001 02:11, remko@deos.tudelft.nl wrote: > > > When using an http: or ftp: reference in a mail it is recognised as a > > > URL, is highlighted and is clickable. However, not so with file: > > > > We intentionally disabled file: some time ago for security reasons and > > because we didn't consider local links in a mail useful. > > Otherwise it might be too easy possible to execute a possibly dangerous > > local command with a single click. Maybe in text mails that does not > > happen that easy, since the users sees the real URL, but at least in HTML > > mail that is more dangerous, since the displayed string and the URL can > > differ very much. > > > > Regards, > > Michael Häckel > > Dear Michael, > > Although I see your point about security, I do not think it is the task of > the developper to disable options that may possibly form threats to > security by the stupidity or negligance of the user. No comment. > I frequently use file: references in my text mails to colleagues on our > local network. Instead of attaching a possibly large document to the mail, > I just refer them directly to the file on disk. Saves disk space, download > and handling time. I do the same in reverse. When I get large attachments > that I have to save anyhow to do something useful with them, I replace the > MIME encoded part by the file: reference. It's a bit annoying that it is no > longer clickable, while it is (still) in Netscape. > > I suggest either of the following options: > 1) Enable active file: references in text (non-html mails) > 2) Add an option to enable or disable active file: (or anything) references > in text (and/or html) mails. > > Again, I do not think that (in this case) the developper should make his > own interpretation of what should be a useful link or not. Besides, I do > not see why a file: link should be more dangerous than an http: link. The issue is flammable. I would send a link to the mailing list discussion but the web site is down. > Looking forward to your views on this issue. I suggest using ftp links, or creating a web page. Don. _______________________________________________ Kmail Developers mailing list Kmail@master.kde.org http://master.kde.org/mailman/listinfo/kmail