Review Request: Prevent Konqueror's address bar from being hidden by default

David Faure faure at kde.org
Fri Jul 27 09:50:37 BST 2012 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/105749/#review16512
-----------------------------------------------------------


I like the idea, but why the non-editable combo? What happens when navigating, in that window? Doesn't the combo then start to be messed up (the code assuming that it is editable, has history items, has completion, etc.) ... especially history handling could create additional trouble.

I'm just not sure there is any point in preventing the user from typing another url there, like in any other konqueror window.

- David Faure


On July 27, 2012, 1:23 a.m., Dawit Alemayehu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/105749/
> -----------------------------------------------------------
> 
> (Updated July 27, 2012, 1:23 a.m.)
> 
> 
> Review request for KDE Base Apps and David Faure.
> 
> 
> Description
> -------
> 
> The attached patch attempts to resolve a security concern in Konqueror when browsing the web. The concern results from a website, through the use of the javascript window.open API, requests the creation of a new window (pop up window) with all its toolbars disabled. When Konqueror gets such requests it simply disables all toolbars in the main window including the one that contains the address line edit widget. This is a problem because it makes it possible for sites to spoof the user into providing personal information by mimicking native input dialog such as the password dialog.
> 
> As such this patch attempts to solve the problem in the same manner it seems to be addressed in other major browsers such as Firefox and Chromium. Namely, Konqueror will no longer hide the toolbar containing the address line edit widget by default. The user must explicitly override the default settings by adding the following configuration option to konquerorrc:
> 
> [DisableWindowOpenFeatures]
> LocationBar=false
>     
> 
> 
> Diffs
> -----
> 
>   konqueror/src/konqcombo.cpp cdf840a 
>   konqueror/src/konqmainwindow.cpp 081509e 
> 
> Diff: http://git.reviewboard.kde.org/r/105749/diff/
> 
> 
> Testing
> -------
> 
> 
> Screenshots
> -----------
> 
> before the change
>   http://git.reviewboard.kde.org/r/105749/s/645/
> after the change
>   http://git.reviewboard.kde.org/r/105749/s/646/
> 
> 
> Thanks,
> 
> Dawit Alemayehu
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20120727/1ee43b27/attachment.htm>

More information about the kde-core-devel mailing list