diff options
author | Andrea Diamantini <adjam7@gmail.com> | 2010-10-12 18:08:03 +0200 |
---|---|---|
committer | Andrea Diamantini <adjam7@gmail.com> | 2010-10-12 18:08:03 +0200 |
commit | 68330c38941be0246716c8035a010d082cf16a9d (patch) | |
tree | b53007aa61299a2b6c595334fd705a402de5d887 /src | |
parent | Merge branch 'm213' (diff) | |
download | rekonq-68330c38941be0246716c8035a010d082cf16a9d.tar.xz |
This change to be sure universal XSS bug has been fixed.
Anyway, from Eelko's patch on, this was no more reproducible, so... :)
Does the CVE request need to be updated??
CCBUG:217464
CCMAIL:tampakrap@gmail.com
Diffstat (limited to 'src')
-rw-r--r-- | src/webpage.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/webpage.cpp b/src/webpage.cpp index d481567f..61c6a325 100644 --- a/src/webpage.cpp +++ b/src/webpage.cpp @@ -68,6 +68,9 @@ // Qt Includes #include <QtCore/QFileInfo> + +#include <QtGui/QTextDocument> + #include <QtDBus/QDBusConnection> #include <QtDBus/QDBusConnectionInterface> #include <QtDBus/QDBusInterface> @@ -599,7 +602,10 @@ QString WebPage::errorPage(QNetworkReply *reply) } QString title = i18n("There was a problem while loading the page"); - QString urlString = reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath); + + // NOTE: + // this, to be sure BUG 217464 (Universal XSS) has been fixed.. + QString urlString = Qt::escape(reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath)); QString iconPath = QString("file://") + KIconLoader::global()->iconPath("dialog-warning" , KIconLoader::Small); iconPath.replace(QL1S("16"), QL1S("128")); |