Porting KUrl::prettyUrl: please do not reintroduce CVE-2013-2074!

Kevin Kofler kevin.kofler at chello.at
Fri Oct 17 23:26:00 BST 2014


I wrote:
> just a small public service announcement: The correct replacement for:
> url.prettyUrl()
> in Qt 5 is NOT:
> url.toString() // BAD!
> but:
> url.toString(QUrl::RemovePassword)
or, even better:
url.toDisplayString()
as pointed out by Andrea Iacovitti. (I guess his message is pending 
moderation.)

        Kevin Kofler





More information about the kde-core-devel mailing list