[Tickets #8836] Re: Signal the browser to turn off DNS prefetching when displaying untrusted content
bugs at horde.org
bugs at horde.org
Thu Jul 1 18:41:28 UTC 2010
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: http://bugs.horde.org/ticket/8836
------------------------------------------------------------------------------
Ticket | 8836
Updated By | Michael Slusarz <slusarz at horde.org>
Summary | Signal the browser to turn off DNS prefetching when
| displaying untrusted content
Queue | IMP
Version | Git master
Type | Enhancement
-State | Resolved
+State | Assigned
Priority | 1. Low
Milestone |
Patch |
Owners | Michael Slusarz
------------------------------------------------------------------------------
Michael Slusarz <slusarz at horde.org> (2010-07-01 14:41) wrote:
Altered how we do this (see commit message below).
Note that we disable DNS prefetching page-wide in the following cases:
Message view (DIMP/IMP/MIMP) - this takes care of links that may be in
the subject/list headers and any inline viewable parts
Thread view (IMP)
We do (will) NOT disable prefetching in the following cases:
Viewing the contents of a part directly (i.e. view in a popup window).
If the user proactively takes the step of wanting to view a
particular message part, that is sufficient to indicate that they are
vouching for the integrity of the message.
Print view (see above)
Compose view - I have no clue if links that appear in Ckeditor are
prefetched or not, but the same reasoning applies - if you are
replying/forwarding to a message, you are vouching for integrity of
message.
More information about the bugs
mailing list