6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
9/12/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#8836] Signal the browser to turn off DNS prefetching when displaying untrusted content
*
Your Email Address
*
Spam protection
Enter the letters below:
__..__ .___..___.. . (__ [__) | _/ |__| .__)| | ./__.| |
Comment
> Altered how we do this (see commit message below). > > Note that we disable DNS prefetching page-wide in the following cases: > Message view (DIMP/IMP/MIMP) - this takes care of links that may be > in the subject/list headers and any inline viewable parts > Thread view (IMP) > > We do (will) NOT disable prefetching in the following cases: > Viewing the contents of a part directly (i.e. view in a popup > window). If the user proactively takes the step of wanting to view a > particular message part, that is sufficient to indicate that they are > vouching for the integrity of the message. > Print view (see above) > Compose view - I have no clue if links that appear in Ckeditor are > prefetched or not, but the same reasoning applies - if you are > replying/forwarding to a message, you are vouching for integrity of > message.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers