diff options
author | Panagiotis Papadopoulos <pano_90@gmx.net> | 2009-12-09 17:23:35 +0100 |
---|---|---|
committer | Panagiotis Papadopoulos <pano_90@gmx.net> | 2009-12-09 17:23:35 +0100 |
commit | ba21553e2e6ce17fc4ad84b5ab587b4e7bc5345c (patch) | |
tree | 64f7b3a5cec066f06268e954899a78523dcaedf5 /src/application.cpp | |
parent | Change a bit the WebKit settings UI (diff) | |
parent | xss attach prevention. (diff) | |
download | rekonq-ba21553e2e6ce17fc4ad84b5ab587b4e7bc5345c.tar.xz |
Merge branch 'master' of git://gitorious.org/rekonq/mainline into click-to-flash-ui
Diffstat (limited to 'src/application.cpp')
-rw-r--r-- | src/application.cpp | 80 |
1 files changed, 25 insertions, 55 deletions
diff --git a/src/application.cpp b/src/application.cpp index 3a0ce638..246d6aa5 100644 --- a/src/application.cpp +++ b/src/application.cpp @@ -52,6 +52,7 @@ #include <KUriFilter> #include <KMessageBox> #include <KWindowInfo> +#include <KUrl> // Qt Includes #include <QRegExp> @@ -265,71 +266,26 @@ KIcon Application::icon(const KUrl &url) } -KUrl Application::guessUrlFromString(const QString &string) -{ - QString urlStr = string.trimmed(); - QRegExp test(QLatin1String("^[a-zA-Z]+\\:.*")); - - // Might be a file. - if (QFile::exists(urlStr)) - { - QFileInfo info(urlStr); - return KUrl::fromPath(info.absoluteFilePath()); - } - - // Check if it looks like a qualified URL. Try parsing it and see. - if (test.exactMatch(urlStr)) - { - KUrl url(urlStr); - - if (url.isValid()) - { - return url; - } - } - else // Might be a shorturl - try to detect the schema. - { - int dotIndex = urlStr.indexOf(QLatin1Char(':')); - - if (dotIndex != -1) - { - QString prefix = urlStr.left(dotIndex).toLower(); - QString schema = (prefix == QLatin1String("ftp")) ? prefix : QLatin1String("http"); - QUrl qurl(schema + QLatin1String("://") + urlStr, QUrl::TolerantMode); - KUrl url(qurl); - - if (url.isValid()) - { - return url; - } - } - } - - // Fall back to QUrl's own tolerant parser. - KUrl url = KUrl(urlStr); - - return url; -} - - void Application::loadUrl(const KUrl& url, const Rekonq::OpenType& type) { if (url.isEmpty()) return; - if ( !url.isValid() ) + KUrl loadingUrl = xssSanitization(url); + + if ( !loadingUrl.isValid() ) { - KMessageBox::error(0, i18n("Malformed URL:\n%1", url.url())); + KMessageBox::error(0, i18n("Malformed URL:\n%1", loadingUrl.url(KUrl::RemoveTrailingSlash))); return; } // loading home pages - if (mainWindow()->newTabPage(url)) + if (mainWindow()->newTabPage(loadingUrl)) return; - if (url.scheme() == QLatin1String("mailto")) + if (loadingUrl.scheme() == QLatin1String("mailto")) { - KToolInvocation::invokeMailer(url); + KToolInvocation::invokeMailer(loadingUrl); return; } @@ -365,8 +321,6 @@ void Application::loadUrl(const KUrl& url, const Rekonq::OpenType& type) // - web shortcuts with space separator // - relative urls // - ... - KUrl loadingUrl(url); - if (loadingUrl.isRelative()) { QString fn = loadingUrl.url(KUrl::RemoveTrailingSlash); @@ -408,7 +362,7 @@ void Application::loadUrl(const KUrl& url, const Rekonq::OpenType& type) void Application::loadUrl(const QString& urlString, const Rekonq::OpenType& type) { - return loadUrl( guessUrlFromString(urlString), type ); + return loadUrl( QUrl::fromUserInput(urlString), type ); } @@ -445,3 +399,19 @@ AdBlockManager *Application::adblockManager() } return s_adblockManager; } + + +KUrl Application::xssSanitization(const KUrl &url) +{ + QString urlString = url.url(); + + QList<QChar> l; // TODO: learn regular expression + l << '\'' << '\"' << '<' << '>'; + foreach(const QChar &c, l) + { + QStringList list = urlString.split(c); + urlString = list.at(0); + } + return KUrl(urlString); +} +
\ No newline at end of file |