Version: 3.5.2 (using KDE 3.5.2, Frugalware Linux) Compiler: Target: i686-pc-linux-gnu OS: Linux (i686) release 2.6.16-fw4 Find should not search through the password field. we can reveal a full password using a few searches. example: visit: http://mail.yahoo.com in the "password field" enter any value say 12345, which will be shown as ***** (5 stars) press '/' or ctrl+f to search, enter 12345 or 123, and press f3 to search again, you can see that find dialog parses even the *password* fields, and shows *** highlighted. which can be easily used to create the whole password. I think it should not read/parse the password field. Though it's not a big security issue like kwallet which reveals passwords in clear text and *always visible in the systray* for people to exploit.

Find should not find into password widgets.

SVN commit 537375 by mueller: don't allow to find text in password fields BUG: 126745 M +5 -3 khtml_part.cpp --- branches/KDE/3.5/kdelibs/khtml/khtml_part.cpp #537374:537375 @@ -3160,7 +3160,8 @@ else if ( renderLineText ) { khtml::RenderLineEdit *parentLine= static_cast<khtml::RenderLineEdit *>(obj); - s = parentLine->widget()->text(); + if (parentLine->widget()->echoMode() == QLineEdit::Normal) + s = parentLine->widget()->text(); s = s.replace(0xa0, ' '); } else if ( obj->isText() ) @@ -3470,7 +3471,8 @@ text += static_cast<HTMLTextAreaElementImpl*>(n.handle())->value().string(); break; case ID_INPUT: - text += static_cast<HTMLInputElementImpl*>(n.handle())->value().string(); + if (static_cast<HTMLInputElementImpl*>(n.handle())->inputType() != HTMLInputElementImpl::PASSWORD) + text += static_cast<HTMLInputElementImpl*>(n.handle())->value().string(); break; case ID_SELECT: text += static_cast<HTMLSelectElementImpl*>(n.handle())->value().string(); @@ -4477,7 +4479,7 @@ } child->m_serviceType = mimetype; - if ( child->m_frame ) + if ( child->m_frame && part->widget() ) child->m_frame->setWidget( part->widget() ); if ( child->m_type != khtml::ChildFrame::Object )