>>> _SURF_GO just after it's set? >> >> _SURF_GO shouldn't be read, though, it's only used for telling surf >> to load a new page. Unless I'm misunderstanding your point. >> > If it can't be read, then what's the original security breach?
Nick wrote it shouldn't be read, but it can. So right now you can set _SURF_GO and what you set is visible (including any passwords) using "xprop", while _SURF_URI contains same URL but this time password-less. -- Adam Strzelecki
