PATCH: 2 small KHTML patches...

Waldo Bastian bastian at kde.org
Wed Jan 7 11:32:19 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed January 07 2004 01:56, Dirk Mueller wrote:
> On Saturday 03 January 2004 18:00, Waldo Bastian wrote:
> > > 1.) If a meta-redirection is scheduled in a framed page the wrong
> > > referrer header is sent. This happens because the referrer string is
> > > incorrectly set to "" in ::slotRedirect.
> >
> > Yes, that line looked strange indeed.
>
> This line is there to make sure that we don't send a referrer when either
> the client or the server is doing a redirection, or when some javascript
> opens a new page.

What makes you think that no referrer should be send?

> If khtml is now sending a referrer header in any of those cases, you just 
> introduced a security problem. Congratulations.

Can you explain this problem in more detail? Can you add a testcase for it?

Cheers,
Waldo
- -- 
bastian at kde.org -=|[ KDE: K Desktop for the Enterprise ]|=- bastian at suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/++5DN4pvrENfboIRAkj6AJ4u/W8JdB55zKGbZwGx/CJpcIy5xACeL3Wa
su8VFajRTF0wE2Ndnz3RW/I=
=95Yi
-----END PGP SIGNATURE-----




More information about the kde-core-devel mailing list