[PATCH] Support for bookmarklets
David Faure
faure at kde.org
Thu Feb 5 11:16:03 GMT 2009
On Wednesday 04 February 2009, Maksim Orlovich wrote:
>
> > Here is a improved version of the khtml patch, which keeps the current
> > url instead of replacing it with the bookmarklet.
>
> I cannot be confident that this patch does not introduce XSS vurnerabilities,
> so I'll want to re-read it a few times.
Hmm indeed... strange, I thought openUrl already handled javascript urls...
I guess it was only in the link handler up to now.
Then yes I guess this change might make it possible to do things like
redirect to javascript urls, unless we catch that earlier on...
> David, openUrlRequest will be
> routed to openUrl or openUrlInFrame by konq, right?
Correct.
--
David Faure, faure at kde.org, sponsored by Qt Software @ Nokia to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).
More information about the kde-core-devel
mailing list