[WebKit-devel] [Bug 217464] Universal XSS
Andrea Diamantini
adjam7 at gmail.com
Tue Oct 12 18:07:03 CEST 2010
https://bugs.kde.org/show_bug.cgi?id=217464
--- Comment #16 from Andrea Diamantini <adjam7 gmail com> 2010-10-12 18:06:01 ---
commit 68330c38941be0246716c8035a010d082cf16a9d
Author: Andrea Diamantini <adjam7 at gmail.com>
Date: Tue Oct 12 18:08:03 2010 +0200
This change to be sure universal XSS bug has been fixed.
Anyway, from Eelko's patch on, this was no more reproducible, so... :)
Does the CVE request need to be updated??
CCBUG:217464
CCMAIL:tampakrap at gmail.com
diff --git a/src/webpage.cpp b/src/webpage.cpp
index d481567..61c6a32 100644
--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -68,6 +68,9 @@
// Qt Includes
#include <QtCore/QFileInfo>
+
+#include <QtGui/QTextDocument>
+
#include <QtDBus/QDBusConnection>
#include <QtDBus/QDBusConnectionInterface>
#include <QtDBus/QDBusInterface>
@@ -599,7 +602,10 @@ QString WebPage::errorPage(QNetworkReply *reply)
}
QString title = i18n("There was a problem while loading the page");
- QString urlString = reply->url().toString(QUrl::RemoveUserInfo |
QUrl::RemoveQuery | QUrl::RemovePath);
+
+ // NOTE:
+ // this, to be sure BUG 217464 (Universal XSS) has been fixed..
+ QString urlString = Qt::escape(reply->url().toString(QUrl::RemoveUserInfo
| QUrl::RemoveQuery | QUrl::RemovePath));
QString iconPath = QString("file://") +
KIconLoader::global()->iconPath("dialog-warning" , KIconLoader::Small);
iconPath.replace(QL1S("16"), QL1S("128"));
--
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the WebKit-devel
mailing list