Fwd: [Bug 97722] New: SECURITY - Form input field focus stealing using tabs + javascript

Waldo Bastian bastian at kde.org
Mon Jan 24 10:23:51 GMT 2005 

http://bugs.kde.org/show_bug.cgi?id=97722

Patch attached to bugreport, please review.

Cheers,
Waldo

On Sunday 23 January 2005 21:12, George Staikos wrote:
> ----------  Forwarded Message  ----------
>
> Subject: [Bug 97722] New: SECURITY - Form input field focus stealing using
> tabs + javascript
> Date: Sunday 23 January 2005 10:21
> From: marazm at navigator.lv
> To: konq-bugs at kde.org
>
> ------- You are receiving this mail because: -------
> You are the assignee for the bug, or are watching the assignee.
>
> http://bugs.kde.org/show_bug.cgi?id=97722
>            Summary: SECURITY - Form input field focus stealing using tabs +
>                     javascript
>            Product: konqueror
>            Version: unspecified
>           Platform: Gentoo Packages
>         OS/Version: Linux
>             Status: UNCONFIRMED
>           Severity: normal
>           Priority: NOR
>          Component: general
>         AssignedTo: konq-bugs kde org
>         ReportedBy: marazm navigator lv
>
>
> Version:            (using KDE KDE 3.3.2)
> Installed from:    Gentoo Packages
> Compiler:          gcc version 3.4.3 20041125
> OS:                Linux
>
> Javascript fom another tab can steal input focus from other tabs.
> How to Reproduce:
> 1) Open any page with some input field (page 1);
> 2) Open in new tab http://mans.tvnet.lv/mail/login.php?new_lang=en_US (This
>  page uses Horde IMP) (page 2); 3) Switch back to in 1st step opened tab
>  (page 1) and start to type in some text while page 2 continues and
> finishes to load. 4) Wola! Some text inputed in page 1 now is in page 2.
> Hitting ENTER key will submit form on page 2 with all entered information,
> but You will see page 1 on Your screen and think, that You are submiting
> info on page 1 :)
>
> Reproducable: always. I often instead of my email login send some garbage
>  from other pages (blog comments etc.).
>
> This bug is similar to bug #87588
>  (http://bugs.kde.org/show_bug.cgi?id=87588), but more easy to reproduce.
> Oh, yeah, I was able to reproduce bug #87588 also, but not as good as in my
> example. _______________________________________________
> Konq-bugs mailing list
> Konq-bugs at mail.kde.org
> https://mail.kde.org/mailman/listinfo/konq-bugs
>
> -------------------------------------------------------

-- 
bastian at kde.org   |   Free Novell Linux Desktop 9 Evaluation Download
bastian at suse.com  |   http://www.novell.com/products/desktop/eval.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20050124/b9a900b5/attachment.sig>

More information about the kfm-devel mailing list