Feedback wanted regarding prettyURL()

Thiago Macieira thiago at
Thu Aug 16 22:56:19 BST 2007

Dirk Mueller wrote:
>To avoid the latest announced url spoofing attacks in a general way, I
>suggested to shorten the username, to avoid that the user misinterprets
> the username actually as part of the hostname.
>this however breaks the url pretty badly: the username is not really
> valid anymore. on the other hand, its unlikely that there will be a
> very long username given, especially if no password has been added.
>Comments, opinions?

Let me understand the objective:

we want the UI to show a shortened username so that a spoofer doesn't 
write, for instance:
which displays in Konqueror:

First things first, I'd recommend leaving those %HH quoted. I'll check 
that QUrl in Qt4 does have that behaviour.

Second, would be users fooled by the %2F there? Or %40?

If so, then I agree with the patch. Pressing Enter on the Konqueror 
Location bar doesn't necessarily go to the same website as it is 

  Thiago Macieira  -  thiago (AT) - thiago (AT)
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the kde-core-devel mailing list