From 68330c38941be0246716c8035a010d082cf16a9d Mon Sep 17 00:00:00 2001
From: Andrea Diamantini <adjam7@gmail.com>
Date: Tue, 12 Oct 2010 18:08:03 +0200
Subject: This change to be sure universal XSS bug has been fixed. Anyway, from
 Eelko's patch on, this was no more reproducible, so... :)

Does the CVE request need to be updated??

CCBUG:217464
CCMAIL:tampakrap@gmail.com
---
 src/webpage.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'src/webpage.cpp')

diff --git a/src/webpage.cpp b/src/webpage.cpp
index d481567f..61c6a325 100644
--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -68,6 +68,9 @@
 
 // Qt Includes
 #include <QtCore/QFileInfo>
+
+#include <QtGui/QTextDocument>
+
 #include <QtDBus/QDBusConnection>
 #include <QtDBus/QDBusConnectionInterface>
 #include <QtDBus/QDBusInterface>
@@ -599,7 +602,10 @@ QString WebPage::errorPage(QNetworkReply *reply)
     }
 
     QString title = i18n("There was a problem while loading the page");
-    QString urlString = reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath);
+    
+    // NOTE: 
+    // this, to be sure BUG 217464 (Universal XSS) has been fixed..
+    QString urlString = Qt::escape(reply->url().toString(QUrl::RemoveUserInfo | QUrl::RemoveQuery | QUrl::RemovePath));
 
     QString iconPath = QString("file://") + KIconLoader::global()->iconPath("dialog-warning" , KIconLoader::Small);
     iconPath.replace(QL1S("16"), QL1S("128"));
-- 
cgit v1.2.1