PATCH: kdelibs/kdecore/kstringhandler.cpp tagURLs() method
Marc Mutz
Marc.Mutz at uni-bielefeld.de
Thu Jul 11 11:38:58 BST 2002
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 11 July 2002 07:48, Stephan Hermann wrote:
<snip>
> > Also, for speed, the parentheses (foo) should be written as the
> > non-capturing (and very much faster) version (?:foo). The use of
> > cap(1) can be replaced with something like href.beginsWith( "www."
> > ) and href.beginsWith( "ftp." ).
>
> Is it not the same ?
<snip>
No, with (foo), QRegExp is forced to keep track of the captured text,
while (?:foo) is just a grouping construct and is optimized away at
(regexp) compile time.
<snip>
> Well, that is true. (Trolltechs Implementation mistake ;)) The only
> safe way is to escape those placeholders, e.g. before you use the
> QString::arg() method, you have to do something like this:
> QString::replace(QRegExp("%\\d"),"");
> (the empty string is a little bit to hard ;))
No, the safe way is to use operator+:
QString url = "<a href=\"" + hrefProtocol + "\">" + href + "</a>";
> After all, I'm searching for a better URL regexp with increased
> speed. But after all, please check the old version of
> KStringHandler::tagURLs, you can found the same format string
> vulnerability.
<snip>
I didn't say you introduced it ;-)
Marc
- --
Marc Mutz <mutz at kde.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9LWBM3oWD+L2/6DgRAnzZAJ9IMLlKABWaGC3tXMuq/fG1oAIoxwCfYcj2
2REawUh340yoiHx480y80XA=
=gBdD
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list