Hi, 

while fixing the KHTML-API usage of kmail I noticed a few things: 

- in kmreaderwin.cpp it disables all potentially insecure khtml-features
  _except_ setOnlyLocalReferences(true) ? Why?

- KMail seems to be the only application that uses 
  setMetaRefreshEnabled(false). can you please explain what security-issue
  this is supposed to fix or if it can be merged with 
  setOnlyLocalReferences(true) ?

- What do you think of an "enableSecureMode()" that does all that stuff
  in khtml (disabling JScript, Java and so on). looks a lot more
  forward compatible to me for future extensions. 


Please keep me on CC I'm not subscribed. Thanks,


Dirk
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail