[WebKit-devel] [Bug 217464] Universal XSS and / or crash
Dawit Alemayehu
adawit at kde.org
Sat Dec 5 22:40:39 CET 2009
https://bugs.kde.org/show_bug.cgi?id=217464
--- Comment #3 from Dawit Alemayehu <adawit kde org> 2009-12-05 22:40:32 ---
SVN commit 1059140 by adawit:
Do not fall for XSS tricks when loading error pages.
Escaping the output of KUrl::prettyUrl might be sufficient for
khtml, but it does not work for webkit.
NOTE: This only fixes the issue in kwebkitpart, no where else.
CCBUG: 217464
M +1 -1 webkitpart.cpp
WebSVN link: http://websvn.kde.org/?view=rev&revision=1059140
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the WebKit-devel
mailing list