"vulnerability" is a too strong word for this case. The way I look it is more like enforcing this contract:
Setting a user agent should not falsify any other part of the HTTP header sent to the server. Note that some advanced QtWebKit-based browser may want to give its user the option to set a custom user agent. While it does make sense to enforce that contract at the level of the API user (i.e. in the said browser), it still does make sense to enforce it also within (Qt)WebKit. -- Ariya Hidayat, http://ariya.ofilabs.com _______________________________________________ webkit-qt mailing list webkit-qt@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-qt
