summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAndrea Diamantini <adjam7@gmail.com>2010-10-12 18:08:03 +0200
committerAndrea Diamantini <adjam7@gmail.com>2010-10-12 18:08:03 +0200
commit68330c38941be0246716c8035a010d082cf16a9d (patch)
treeb53007aa61299a2b6c595334fd705a402de5d887 /src
parentMerge branch 'm213' (diff)
downloadrekonq-68330c38941be0246716c8035a010d082cf16a9d.tar.xz
This change to be sure universal XSS bug has been fixed.
Anyway, from Eelko's patch on, this was no more reproducible, so... :) Does the CVE request need to be updated?? CCBUG:217464 CCMAIL:tampakrap@gmail.com
Diffstat (limited to 'src')
-rw-r--r--src/webpage.cpp8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/webpage.cpp b/src/webpage.cpp
index d481567f..61c6a325 100644
--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -68,6 +68,9 @@
// Qt Includes
#include <QtCore/QFileInfo>
+
+#include <QtGui/QTextDocument>
+
#include <QtDBus/QDBusConnection>
#include <QtDBus/QDBusConnectionInterface>
#include <QtDBus/QDBusInterface>
@@ -599,7 +602,10 @@ QString WebPage::errorPage(QNetworkReply *reply)
}
QString title = i18n("There was a problem while loading the page");
- QString urlString = reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath);
+
+ // NOTE:
+ // this, to be sure BUG 217464 (Universal XSS) has been fixed..
+ QString urlString = Qt::escape(reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath));
QString iconPath = QString("file://") + KIconLoader::global()->iconPath("dialog-warning" , KIconLoader::Small);
iconPath.replace(QL1S("16"), QL1S("128"));