Summary: | KHTML loads javascript from hosts fro which the policy is reject | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Anders Lund <anderslund> |
Component: | khtml ecma | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | grave | ||
Priority: | NOR | ||
Version: | 3.3 | ||
Target Milestone: | --- | ||
Platform: | unspecified | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Anders Lund
2004-09-26 14:54:13 UTC
In this example, isn't the javascript technically not from adtech.de? The links certainly reference it, but the javascript itself isn't actually *from* adtech.de, so is this behavior should be expected, right? I mean, no javascript from adtech.de is being executed which is what is supposed to happen. This is a typical example: The script prints a new SCRIPT element to the page, which again fetches a script located at adtech.de. It is *that* script that should not be fetched. But it is, and it is also executed. I have earlier sent this patch to kfm-devel, which would actually fix it: Index: loader.cpp =================================================================== RCS file: /home/kde/kdelibs/khtml/misc/loader.cpp,v retrieving revision 1.178 diff -u -u -b -B -r1.178 loader.cpp --- loader.cpp 12 Nov 2004 00:02:21 -0000 1.178 +++ loader.cpp 7 Dec 2004 11:31:22 -0000 @@ -974,6 +974,8 @@ CachedScript *DocLoader::requestScript( const DOM::DOMString &url, const QString& charset) { DOCLOADER_SECCHECK(true); + if ( ! KHTMLFactory::defaultHTMLSettings()->isJavaScriptEnabled(fullURL.host()) ) + return 0L; CachedScript* s = Cache::requestObject<CachedScript, CachedObject::Script>( this, fullURL, 0 ); if ( s ) CVS commit by alund: Do not load javascript from unwanted sources. Approved by David Faure. BUG: 90267 M +10 -8 loader.cpp 1.180 --- kdelibs/khtml/misc/loader.cpp #1.179:1.180 @@ -977,4 +977,6 @@ CachedScript *DocLoader::requestScript( { DOCLOADER_SECCHECK(true); + if ( ! KHTMLFactory::defaultHTMLSettings()->isJavaScriptEnabled(fullURL.host()) ) + return 0L; CachedScript* s = Cache::requestObject<CachedScript, CachedObject::Script>( this, fullURL, 0 ); |