From kde-bugs-dist  Sat Jan 31 23:05:24 2004
From: dabfus <kde () dabfus ! net>
Date: Sat, 31 Jan 2004 23:05:24 +0000
To: kde-bugs-dist
Subject: [Bug 73928] New: Strange behaviour when typing the "$" string in
Message-Id: <20040131230524.12270.qmail () ktown ! kde ! org>
X-MARC-Message: https://marc.info/?l=kde-bugs-dist&m=107559033029689

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
      
http://bugs.kde.org/show_bug.cgi?id=73928      
           Summary: Strange behaviour when typing the "$" string in the
                    location bar
           Product: konqueror
           Version: unspecified
          Platform: Debian stable
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: general
        AssignedTo: konq-bugs@kde.org
        ReportedBy: kde@dabfus.net


Version:            (using KDE KDE 3.1.4)
Installed from:    Debian stable Packages
OS:          Linux

When typing a "$" character in the location bar of konqueror, many env or others variables appears.
For example, just type "$" in the location bar (URL bar), and then konqueror propose to you theses "URLs" :
$SSH_AGENT_PID
$SSH_AUTH_SOCK
$SHELL
$USER
etc ...

And if you click one of them, konqueror will try to go to the URL, but of course the value of the variable will be something wrong, as for example a path to a file

Is the value of theses variables can be "get" by using a cross site scripting attack, as they may contains important datas ?

dabfus.