Feedback wanted regarding prettyURL()

George Staikos staikos at
Thu Aug 16 23:39:13 BST 2007

FYI Mozilla is working on a "location bar v2" where they visually  
separate the elements when it doesn't have key focus.  What dirk  
provided might be a good step but I think a full solution will  
require much more thought and work.

On 16-Aug-07, at 5:56 PM, Thiago Macieira wrote:

> Dirk Mueller wrote:
>> Hi,
>> To avoid the latest announced url spoofing attacks in a general  
>> way, I
>> suggested to shorten the username, to avoid that the user  
>> misinterprets
>> the username actually as part of the hostname.
>> this however breaks the url pretty badly: the username is not really
>> valid anymore. on the other hand, its unlikely that there will be a
>> very long username given, especially if no password has been added.
>> Comments, opinions?
> Let me understand the objective:
> we want the UI to show a shortened username so that a spoofer doesn't
> write, for instance:
> which displays in Konqueror:
> First things first, I'd recommend leaving those %HH quoted. I'll check
> that QUrl in Qt4 does have that behaviour.
> Second, would be users fooled by the %2F there? Or %40?
> If so, then I agree with the patch. Pressing Enter on the Konqueror
> Location bar doesn't necessarily go to the same website as it is
> displaying.
> -- 
>   Thiago Macieira  -  thiago (AT) - thiago (AT)
>     PGP/GPG: 0x6EF45358; fingerprint:
>     E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

George Staikos
KDE Developer
Staikos Computing Services Inc.

More information about the kde-core-devel mailing list