[prev in list] [next in list] [prev in thread] [next in thread]
List: kmail-devel
Subject: Re: KHTML API cleanup
From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker () epost ! de>
Date: 2001-08-11 8:39:37
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday, 10. August 2001 11:44, Dirk Mueller wrote:
> - KMail seems to be the only application that uses
> setMetaRefreshEnabled(false). can you please explain what
> security-issue this is supposed to fix or if it can be merged with
> setOnlyLocalReferences(true) ?
We should disallow all meta refreshs, not only external meta refreshs.
Please have a look at the attached example. Something like this
shouldn't be possible.
BTW, it seems setMetaRefreshEnabled(bool) has already been removed from
khtml because I had to remove the corresponding calls in KMail's source
code to make it compile again. Please revert this change.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE7dO9JGnR+RTDgudgRAqlHAJ4oeQLoR2Lz7j/T8lhAN3ZEl27y/QCgre8d
CldyUxColqfM+FBmBqo3wOo=
=uDoh
-----END PGP SIGNATURE-----
["meta.etc_passwd" (message/rfc822)]
From: Ingo
To: Ingo
Subject: Meta Refresh /etc/passwd
Content-type: text/html
Content-transfer-encoding: 8-bit
MIME-Version: 1.0
<html>
<head>
<meta http-equiv="refresh" content="2; URL=file:/etc/passwd">
</head>
<body>
Let's have a look at your /etc/passwd.
</body>
</html>
_______________________________________________
Kmail Developers mailing list
Kmail@master.kde.org
http://master.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic