This change to be sure universal XSS bug has been fixed.

Anyway, from Eelko's patch on, this was no more reproducible, so... :) Does the CVE request need to be updated?? CCBUG:217464 CCMAIL:tampakrap@gmail.com
author: Andrea Diamantini <adjam7@gmail.com> 2010-10-12 18:08:03 +0200
committer: Andrea Diamantini <adjam7@gmail.com> 2010-10-12 18:08:03 +0200
commit: 68330c38941be0246716c8035a010d082cf16a9d (patch)
tree: b53007aa61299a2b6c595334fd705a402de5d887
parent: Merge branch 'm213' (diff)
download: rekonq-68330c38941be0246716c8035a010d082cf16a9d.tar.xz
1 files changed, 7 insertions, 1 deletions
diff --git a/src/webpage.cpp b/src/webpage.cpp
index d481567f..61c6a325 100644
--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -68,6 +68,9 @@
 
 // Qt Includes
 #include <QtCore/QFileInfo>
+
+#include <QtGui/QTextDocument>
+
 #include <QtDBus/QDBusConnection>
 #include <QtDBus/QDBusConnectionInterface>
 #include <QtDBus/QDBusInterface>
@@ -599,7 +602,10 @@ QString WebPage::errorPage(QNetworkReply *reply)
     }
 
     QString title = i18n("There was a problem while loading the page");
-    QString urlString = reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath);
+    
+    // NOTE: 
+    // this, to be sure BUG 217464 (Universal XSS) has been fixed..
+    QString urlString = Qt::escape(reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath));
 
     QString iconPath = QString("file://") + KIconLoader::global()->iconPath("dialog-warning" , KIconLoader::Small);
     iconPath.replace(QL1S("16"), QL1S("128"));
author	Andrea Diamantini <adjam7@gmail.com>	2010-10-12 18:08:03 +0200
committer	Andrea Diamantini <adjam7@gmail.com>	2010-10-12 18:08:03 +0200
commit	68330c38941be0246716c8035a010d082cf16a9d (patch)
tree	b53007aa61299a2b6c595334fd705a402de5d887
parent	Merge branch 'm213' (diff)
download	rekonq-68330c38941be0246716c8035a010d082cf16a9d.tar.xz