form security stuff
Dirk Mueller
mueller at kde.org
Sat Apr 19 02:32:16 CEST 2003
On Fre, 18 Apr 2003, Darin Adler wrote:
> Like WinIE, we now don't save anything on a page that includes a secure
> form or a password field. I don't just mean that we don't store the
> user-entered input, but rather that we don't store these pages in the
> cache at all. That's because such pages often contain information about
> the user, not just typed into the fields but in the default values and
> outside the form itself.
Point taken, we should merge this. However, the part I don't get: Why did
you implement it in such a complicated way? IMHO its enough to add a bool
"dontCacheThisPage" to either document or the page cache entry, and set it
to true if we encounter a password field or a https form during saveState().
All done, and maybe 5 lines of code, compared to over 50 lines for the
reference counting you added.
Explanation? :-)
BTW, this bank that evaluted Safari support: Do they lock out Mozilla?
Because Mozilla does not implement this rather paranoid IE behaviour.
Strange world..
--
Dirk
More information about the Khtml-devel
mailing list