Version: 3.3 (using KDE 3.3.89 (CVS >= 20040820), compiled sources) Compiler: gcc version 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) OS: Linux (i686) release 2.6.9-rc1-love1 I have a javascript policy of "reject" for the domain ".adtech.de". However, when a page (on a different domain) has the following code on a page: <script language="JavaScript"><!-- var myDate = new Date(); AT_MISC = myDate.getTime(); document.write('<scr' + 'ipt src="http://adserver.adtech.de/?addyn|2.0|323|92676|1|277|target=_blank;loc=100;misc=' + AT_MISC + ';">'); if (navigator.userAgent.indexOf("Mozilla/2.") >= 0 || navigator.userAgent.indexOf("MSIE") >= 0) { document.write('<a href="http://adserver.adtech.de/?adlink|2.0|323|92676|1|277|ADTECH;loc=200;" target="_blank"><img src="http://adserver.adtech.de/?adserv|2.0|323|92676|1|277|ADTECH;loc=200;" border="0" width="2" height="2" alt="0"></a>'); } document.write('</scr' + 'ipt>');// --> </script> that script will be requested and executed by KHTML.
In this example, isn't the javascript technically not from adtech.de? The links certainly reference it, but the javascript itself isn't actually *from* adtech.de, so is this behavior should be expected, right? I mean, no javascript from adtech.de is being executed which is what is supposed to happen.
This is a typical example: The script prints a new SCRIPT element to the page, which again fetches a script located at adtech.de. It is *that* script that should not be fetched. But it is, and it is also executed. I have earlier sent this patch to kfm-devel, which would actually fix it: Index: loader.cpp =================================================================== RCS file: /home/kde/kdelibs/khtml/misc/loader.cpp,v retrieving revision 1.178 diff -u -u -b -B -r1.178 loader.cpp --- loader.cpp 12 Nov 2004 00:02:21 -0000 1.178 +++ loader.cpp 7 Dec 2004 11:31:22 -0000 @@ -974,6 +974,8 @@ CachedScript *DocLoader::requestScript( const DOM::DOMString &url, const QString& charset) { DOCLOADER_SECCHECK(true); + if ( ! KHTMLFactory::defaultHTMLSettings()->isJavaScriptEnabled(fullURL.host()) ) + return 0L; CachedScript* s = Cache::requestObject<CachedScript, CachedObject::Script>( this, fullURL, 0 ); if ( s )
CVS commit by alund: Do not load javascript from unwanted sources. Approved by David Faure. BUG: 90267 M +10 -8 loader.cpp 1.180 --- kdelibs/khtml/misc/loader.cpp #1.179:1.180 @@ -977,4 +977,6 @@ CachedScript *DocLoader::requestScript( { DOCLOADER_SECCHECK(true); + if ( ! KHTMLFactory::defaultHTMLSettings()->isJavaScriptEnabled(fullURL.host()) ) + return 0L; CachedScript* s = Cache::requestObject<CachedScript, CachedObject::Script>( this, fullURL, 0 );