On Thu, Apr 07, 2011 at 02:15:11PM +0200, Adam Strzelecki wrote: > (2) surf-2-delete-_SURF_GO-once-received.patch > > This xprop (atom) may be used to tell *surf* to go to specific URL. It is > safer to remove this atom just after it is set in case we send some URL > containing passwords or auth tokens such as > http://login:mypassw...@myserver.com/ > Anyway _SURF_URI will represents current page URL, so keeping _SURF_GO makes > no sense. In our case it is matter of safety to not expose this one.
Cool, good idea. Can't _SURF_URI have login/password info in too (I haven't checked)?
