Review Request: Consider data: URLs local in KIO::AccessManager

Dawit Alemayehu adawit at kde.org
Sat Apr 16 20:01:04 BST 2011 


> On April 16, 2011, 4:45 p.m., Kevin Krammer wrote:
> > Wouldn't it make more sense to change KProtocolInfo::protocolClass() such that it considers data: to be local access?
> 
> Volker Krause wrote:
>     That was indeed my first attempt, but David pointed out that this would have further (security) implications, since the protocol class is also used in a number of different places where the use of data: might not be desired. Instead, I followed the approach chosen by KHTML now, explicitly white-listing data: only for retrieval but nothing else.

Well I guess I am the one that broke this in an attempt to make it more generic. The change seems fine, but you patch should then do the following:

    if (scheme.compare(QL1S("data"), Qt::CaseInsensitive) == 0)
        return true;

    if (KProtocolInfo::isKnownProtocol(scheme) &&
        KProtocolInfo::protocolClass(scheme).compare(QL1S(":local"), Qt::CaseInsensitive) == 0)
        return true;

    return false;

since isLocalRequest is more likely to encounter the "data" protocol than any other local protocol.


- Dawit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/101140/#review2680
-----------------------------------------------------------


On April 16, 2011, 4:27 p.m., Volker Krause wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/101140/
> -----------------------------------------------------------
> 
> (Updated April 16, 2011, 4:27 p.m.)
> 
> 
> Review request for kdelibs.
> 
> 
> Summary
> -------
> 
> Currently KIO::AccessManager blocks retrieval of embedded data: URLs if external references are disabled. This does not match the behavior in KHTML and breaks for example the display of sender photos/logos in KMail (which uses kdewebkit).
> 
> 
> Diffs
> -----
> 
>   kio/kio/accessmanager.cpp bfb4721 
> 
> Diff: http://git.reviewboard.kde.org/r/101140/diff
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Volker
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20110416/22ffd457/attachment.htm>

More information about the kde-core-devel mailing list