Porting KUrl::prettyUrl: please do not reintroduce CVE-2013-2074!
kevin.kofler at chello.at
Fri Oct 17 01:53:25 BST 2014
just a small public service announcement: The correct replacement for:
in Qt 5 is NOT:
url.toString() // BAD!
The old KUrl::prettyUrl() always removed passwords. You DON'T want to show
passwords in user output:
(I found this reviewing the initial port of Kompare.)
Thanks for reading,
More information about the kde-core-devel