Fwd: [Bug 22558] referrer leaks through to non-referring site

Waldo Bastian bastian at kde.org
Mon Jul 7 16:11:23 BST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Monday 07 July 2003 16:27, Dirk Mueller wrote:
> On Mon, 07 Jul 2003, Waldo Bastian wrote:
> > Attached are two patches as a partial fix to the referrer problem. It
> > changes the way how d->m_pageReferrer is set within KHTMLPart: It is now
> > set according to the information that it gets back from the io-slave
> > (http slave). This ensures that the document.referrer is better synced to
> > the actual referrer send by the http-slave.
>
> Not that I actually read the patch yet, but I just wanted to note that
> document.referrer is not supposed to be synced with the referrer that the
> kio_http sends. it should contain the url the user browsed before, not the
> one embedded objects refer to.

I'm not sure what you mean with that. You have the html page itself and 
(embedded?) objects on that the page.

I think that document.referrer should match with the HTTP referrer used to 
http-get the html page. That referrer differs from the one that is used to 
http-get the (embedded?) objects on the page, because that referrer would be 
the URL of the html-page itself.

Are you saying that the rules differ for e.g. embedded html iframes?

Cheers,
Waldo
- -- 
bastian at kde.org -=|[ SuSE, The Linux Desktop Experts ]|=- bastian at suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/CY2bN4pvrENfboIRAgPUAJ4/7hCTRZoSnE4hYNBZ3ejBeJlr7QCfdyi4
7Aa7P5vk/h2lV5oRrHReqvs=
=YuAN
-----END PGP SIGNATURE-----




More information about the kfm-devel mailing list