summaryrefslogtreecommitdiff
path: root/src/application.cpp
diff options
context:
space:
mode:
authorPanagiotis Papadopoulos <pano_90@gmx.net>2009-12-09 17:23:35 +0100
committerPanagiotis Papadopoulos <pano_90@gmx.net>2009-12-09 17:23:35 +0100
commitba21553e2e6ce17fc4ad84b5ab587b4e7bc5345c (patch)
tree64f7b3a5cec066f06268e954899a78523dcaedf5 /src/application.cpp
parentChange a bit the WebKit settings UI (diff)
parentxss attach prevention. (diff)
downloadrekonq-ba21553e2e6ce17fc4ad84b5ab587b4e7bc5345c.tar.xz
Merge branch 'master' of git://gitorious.org/rekonq/mainline into click-to-flash-ui
Diffstat (limited to 'src/application.cpp')
-rw-r--r--src/application.cpp80
1 files changed, 25 insertions, 55 deletions
diff --git a/src/application.cpp b/src/application.cpp
index 3a0ce638..246d6aa5 100644
--- a/src/application.cpp
+++ b/src/application.cpp
@@ -52,6 +52,7 @@
#include <KUriFilter>
#include <KMessageBox>
#include <KWindowInfo>
+#include <KUrl>
// Qt Includes
#include <QRegExp>
@@ -265,71 +266,26 @@ KIcon Application::icon(const KUrl &url)
}
-KUrl Application::guessUrlFromString(const QString &string)
-{
- QString urlStr = string.trimmed();
- QRegExp test(QLatin1String("^[a-zA-Z]+\\:.*"));
-
- // Might be a file.
- if (QFile::exists(urlStr))
- {
- QFileInfo info(urlStr);
- return KUrl::fromPath(info.absoluteFilePath());
- }
-
- // Check if it looks like a qualified URL. Try parsing it and see.
- if (test.exactMatch(urlStr))
- {
- KUrl url(urlStr);
-
- if (url.isValid())
- {
- return url;
- }
- }
- else // Might be a shorturl - try to detect the schema.
- {
- int dotIndex = urlStr.indexOf(QLatin1Char(':'));
-
- if (dotIndex != -1)
- {
- QString prefix = urlStr.left(dotIndex).toLower();
- QString schema = (prefix == QLatin1String("ftp")) ? prefix : QLatin1String("http");
- QUrl qurl(schema + QLatin1String("://") + urlStr, QUrl::TolerantMode);
- KUrl url(qurl);
-
- if (url.isValid())
- {
- return url;
- }
- }
- }
-
- // Fall back to QUrl's own tolerant parser.
- KUrl url = KUrl(urlStr);
-
- return url;
-}
-
-
void Application::loadUrl(const KUrl& url, const Rekonq::OpenType& type)
{
if (url.isEmpty())
return;
- if ( !url.isValid() )
+ KUrl loadingUrl = xssSanitization(url);
+
+ if ( !loadingUrl.isValid() )
{
- KMessageBox::error(0, i18n("Malformed URL:\n%1", url.url()));
+ KMessageBox::error(0, i18n("Malformed URL:\n%1", loadingUrl.url(KUrl::RemoveTrailingSlash)));
return;
}
// loading home pages
- if (mainWindow()->newTabPage(url))
+ if (mainWindow()->newTabPage(loadingUrl))
return;
- if (url.scheme() == QLatin1String("mailto"))
+ if (loadingUrl.scheme() == QLatin1String("mailto"))
{
- KToolInvocation::invokeMailer(url);
+ KToolInvocation::invokeMailer(loadingUrl);
return;
}
@@ -365,8 +321,6 @@ void Application::loadUrl(const KUrl& url, const Rekonq::OpenType& type)
// - web shortcuts with space separator
// - relative urls
// - ...
- KUrl loadingUrl(url);
-
if (loadingUrl.isRelative())
{
QString fn = loadingUrl.url(KUrl::RemoveTrailingSlash);
@@ -408,7 +362,7 @@ void Application::loadUrl(const KUrl& url, const Rekonq::OpenType& type)
void Application::loadUrl(const QString& urlString, const Rekonq::OpenType& type)
{
- return loadUrl( guessUrlFromString(urlString), type );
+ return loadUrl( QUrl::fromUserInput(urlString), type );
}
@@ -445,3 +399,19 @@ AdBlockManager *Application::adblockManager()
}
return s_adblockManager;
}
+
+
+KUrl Application::xssSanitization(const KUrl &url)
+{
+ QString urlString = url.url();
+
+ QList<QChar> l; // TODO: learn regular expression
+ l << '\'' << '\"' << '<' << '>';
+ foreach(const QChar &c, l)
+ {
+ QStringList list = urlString.split(c);
+ urlString = list.at(0);
+ }
+ return KUrl(urlString);
+}
+ \ No newline at end of file