potential disclosure of private data in konqueror
Alexander Kellett
lypanov at kde.org
Mon Jan 13 13:06:56 GMT 2003
On Sun, Jan 12, 2003 at 10:59:58PM +0100, Dirk Mueller wrote:
> Hi,
>
> think about this: you fight with copy&paste (thanks to klipper) and you
> accidentally paste something in the location bar of konqueror that shouldn't
> end up there.
i'm not sure how you could do this?
you mean, you paste and then press return?
or that the copied text had a \n in it?
surely we can thus skip the \n on paste into the lineedit?
personally i'd like the completion system to
show on the first line the corrected version of
what you've typed in. therefore when you type
a url that does not resolve (they are resolved
dynamically anyway aren't they? not on return?)
it should show "gg:blah" in the completion popup.
mozilla does the same sort of thing but does not
automatically fall back on the search, you have
to explicitly pick the search in the completion
popup (iirc). imo it works quite nicely.
related to this is the fact that typing "blah.b"
shouldn't really have the completion option "www.blah.blah"
as the "blah." is usually the protocol. i'll look into
"fixing" this one soon.
more scary is the fact that i don't think
mmb paste into konqi automatically loading
the page can currently be disabled. i noticed
that klas kallas (spelling?) was working on
this at linuxtag, but i don't think it was
ever completed?, or at least i missed the commit :)
Alex
p.s: whats the policy on this list wrt. cc:íng on reply?
--
"[...] Konqueror open source project. Weighing in at less than
one tenth the size of another open source renderer"
Apple, Jan 2003 (http://www.apple.com/safari/)
More information about the kfm-devel
mailing list