Hi,
while fixing the KHTML-API usage of kmail I noticed a few things:
- in kmreaderwin.cpp it disables all potentially insecure khtml-features
_except_ setOnlyLocalReferences(true) ? Why?
- KMail seems to be the only application that uses
setMetaRefreshEnabled(false). can you please explain what security-issue
this is supposed to fix or if it can be merged with
setOnlyLocalReferences(true) ?
- What do you think of an "enableSecureMode()" that does all that stuff
in khtml (disabling JScript, Java and so on). looks a lot more
forward compatible to me for future extensions.
Please keep me on CC I'm not subscribed. Thanks,
Dirk
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail