>>> _SURF_GO just after it's set?
>>
>> _SURF_GO shouldn't be read, though, it's only used for telling surf
>> to load a new page. Unless I'm misunderstanding your point.
>>
> If it can't be read, then what's the original security breach?
Nick wrote it shouldn't be read, but it can. So right now you can set _SURF_GO and what you set is visible (including any passwords) using "xprop", while _SURF_URI contains same URL but this time password-less.
-- Adam StrzeleckiReceived on Sat Apr 09 2011 - 22:06:26 CEST
This archive was generated by hypermail 2.2.0 : Sat Apr 09 2011 - 22:12:02 CEST