Eric Cooper <[EMAIL PROTECTED]> > When I click on this feed: http://www.borowitzreport.com/, the first > item is (currently) the following. Liferea pops up a browser window > for the embedded URL in the <iframe> whenever I try to display > headlines -- I'm not even trying to read the body of the item. > > The fact that the link points to a site in Changzhou, China, and the > strange nesting of the end tag -- <</iframe>/iframe> -- makes me think > this feed was hijacked, so liferea's behavior is a security hole.
As I stated in the original bug report, I don't quite agree with the security hole characterization of this bug, as it is essentially imposible for liferea to detect a hijacked feed. This bug is currently the only reason for liferea not to be in lenny. Since upstream has stated that the 1.4 series will *not* be updated to deal with this issue, and I lack the time for now to attempt a backport, this means a fix for this will not be ready before the freeze. Would I be justified in downgrading this to important? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
