[Bug 56812] javascript:popup causes error "protocol not supported javascript"
Dawit A.
adawit at kde.org
Fri Apr 4 07:10:32 BST 2003
On Thursday 03 April 2003 20:57, cparpart at surakware.net wrote:
> ------- You are receiving this mail because: -------
> You are the assignee for the bug, or are watching the assignee.
>
> ------- Additional Comments From cparpart at surakware.net 2003-04-04 03:57
> ------- Subject: Re: javascript:popup causes error "protocol not supported
> javascript"
>
> well, while this really seem to be a lag of implementation (i'm not the
> coder ;) you can alternatively try the following:
No, the issue is not a lag of implementation, but rather a change committed
after 3.1.1 release. See commit Revision 1.794 here:
http://webcvs.kde.org/cgi-bin/cvsweb.cgi/kdelibs/khtml/khtml_part.cpp
> <a href="" onclick="popup(...)">foo</a>
Only links that contain a "target" attribute fail. For whatever reason many
sites seem to incorrectly include this attribute in their links. Here is an
example:
<HTML>
<HEAD>
<TITLE>XSS Fix Test</TITLE>
</HEAD>
<BODY>
<A HREF="javascript:window.open('http://www.kde.org')" target="_self">Link
with target</A>
<p>
<A HREF="javascript:window.open('http://www.kde.org')">Link without
target</A>
<p>
<A HREF="http://www.kde.org" target="_top">Non-js link with target</A>
</BODY>
</HTML>
KHTML treats the two javascript based links differently. Perhaps the attached
patch was the intention of the original fix in revision 1.794 ? The patch
simply ignores the target attribute unless the page is frame based. Dunno if
that was the desired behavior though...
Regards,
Dawit A.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: khtml_part-20030404-1.diff
Type: text/x-diff
Size: 814 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20030404/ad5a595a/attachment.diff>
More information about the kfm-devel
mailing list