PATCH: Don't load external iframes when external references are disabled
Michael Häckel
haeckel at kde.org
Sun Apr 28 14:18:21 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
The patch below
a) fixes the possible security problem, that external iframes are loaded, even
if external references are disabled. The were already not displayed without
this change, but nevertheless they were loaded from the internet.
b) prevents KMail from crashing, when replying to a HTML mail containing an
iframe
Please review.
Regards,
Michael Häckel
Index: khtml_part.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/khtml_part.cpp,v
retrieving revision 1.695
diff -u -3 -p -r1.695 khtml_part.cpp
- --- khtml_part.cpp 2002/04/19 03:02:45 1.695
+++ khtml_part.cpp 2002/04/28 13:17:10
@@ -2467,7 +2467,9 @@ bool KHTMLPart::requestFrame( khtml::Ren
myurl.setPath(res.asString());
return processObjectRequest(&(*it), myurl, QString("text/html") );
}
- - return requestObject( &(*it), completeURL( url ));
+ KURL fullURL = completeURL( url );
+ if (onlyLocalReferences() && fullURL.protocol() != "file") return FALSE;
+ return requestObject( &(*it), fullURL);
}
QString KHTMLPart::requestFrameName()
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8y/age9KEPyN2R8URAhsrAJ9dCxUHWMg1fsH52UA+ZkDvQEzIFACbBIGM
zKnVbAcMst9MCvPE4GTN8WY=
=crhs
-----END PGP SIGNATURE-----
More information about the kfm-devel
mailing list