Review Request: Prevent Konqueror's address bar from being hidden by default
Parker Coates
coates at kde.org
Fri Jul 27 16:03:46 BST 2012
> On July 27, 2012, 8:50 a.m., David Faure wrote:
> > I like the idea, but why the non-editable combo? What happens when navigating, in that window? Doesn't the combo then start to be messed up (the code assuming that it is editable, has history items, has completion, etc.) ... especially history handling could create additional trouble.
> >
> > I'm just not sure there is any point in preventing the user from typing another url there, like in any other konqueror window.
>
> Dawit Alemayehu wrote:
> I made the combo box non-editable only because both Chromium and Firefox do the same thing. IOW, I was simply copying them. In fact both of those browsers seem to change the address bar from a combobox to a staright line edit widget. Since I really do not have any objection or see any problem with letting the user edit the address bar, I can most definitely change the patch to allow it.
My guess (and it's purely a guess) is that the intention is to prevent the user from entering a new URL manually, opening a new page in the "neutered" window, and then being frustrated that they don't have any of the normal toolbars, tabs, menus, etc. (I've actually seen this happen to a user.) Making the URL read-only effectively locks chromeless window to the current task and prevents the user from using it for general browsing.
- Parker
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/105749/#review16512
-----------------------------------------------------------
On July 27, 2012, 8:52 a.m., Dawit Alemayehu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/105749/
> -----------------------------------------------------------
>
> (Updated July 27, 2012, 8:52 a.m.)
>
>
> Review request for Dolphin, KDE Base Apps and David Faure.
>
>
> Description
> -------
>
> The attached patch attempts to resolve a security concern in Konqueror when browsing the web. The concern results from a website, through the use of the javascript window.open API, requests the creation of a new window (pop up window) with all its toolbars disabled. When Konqueror gets such requests it simply disables all toolbars in the main window including the one that contains the address line edit widget. This is a problem because it makes it possible for sites to spoof the user into providing personal information by mimicking native input dialog such as the password dialog.
>
> As such this patch attempts to solve the problem in the same manner it seems to be addressed in other major browsers such as Firefox and Chromium. Namely, Konqueror will no longer hide the toolbar containing the address line edit widget by default. The user must explicitly override the default settings by adding the following configuration option to konquerorrc:
>
> [DisableWindowOpenFeatures]
> LocationBar=false
>
>
>
> Diffs
> -----
>
> konqueror/src/konqcombo.cpp cdf840a
> konqueror/src/konqmainwindow.cpp 081509e
>
> Diff: http://git.reviewboard.kde.org/r/105749/diff/
>
>
> Testing
> -------
>
>
> Screenshots
> -----------
>
> before the change
> http://git.reviewboard.kde.org/r/105749/s/645/
> after the change
> http://git.reviewboard.kde.org/r/105749/s/646/
>
>
> Thanks,
>
> Dawit Alemayehu
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20120727/b4f58ae7/attachment.htm>
More information about the kfm-devel
mailing list