Fwd: [Bug 22558] referrer leaks through to non-referring site
Waldo Bastian
bastian at kde.org
Thu Jul 10 11:52:20 BST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Monday 07 July 2003 16:27, you wrote:
> On Mon, 07 Jul 2003, Waldo Bastian wrote:
> > Attached are two patches as a partial fix to the referrer problem. It
> > changes the way how d->m_pageReferrer is set within KHTMLPart: It is now
> > set according to the information that it gets back from the io-slave
> > (http slave). This ensures that the document.referrer is better synced to
> > the actual referrer send by the http-slave.
>
> Not that I actually read the patch yet, but I just wanted to note that
> document.referrer is not supposed to be synced with the referrer that the
> kio_http sends. it should contain the url the user browsed before, not the
> one embedded objects refer to.
It seems that KDE 3.1.1 broke this (r1.828/r1.770.2.15 to be exacly)
khtml_part.h says
/**
* Referrer used for links in this page.
*/
QString referrer() const;
But the implementation returns d->m_pageReferrer which is the url the user
browsed before. Javascript's document.referrer() should clearly return
d->m_pageReferrer but e.g. saveLinkAs should use d->m_referrer. Since KDE
3.1.1 it uses d->m_pageReferrer which is wrong.
I suggest to revert referrer() to it's KDE 3.1 behavior and add an additional
function QString pageReferrer() const; which can then be used by
document.referrer()
Cheers,
Waldo
- --
bastian at kde.org -=|[ SuSE, The Linux Desktop Experts ]|=- bastian at suse.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/DUVkN4pvrENfboIRAl+XAJ4zYuL1SiO7mK5uok4SRHRRoEF0ngCghMTm
fvqaDuWarVfwDlIZa+W+Cpk=
=Rw1B
-----END PGP SIGNATURE-----
More information about the kfm-devel
mailing list