[webkit-qt] [Qt] HTTP header injection vulnerability (QWebPage::userAgentForUrl)
Jarred Nicholls
jarred at sencha.com
Thu Sep 22 06:00:06 PDT 2011
On Thu, Sep 22, 2011 at 3:16 AM, Ariya Hidayat <ariya.hidayat at gmail.com>wrote:
> "vulnerability" is a too strong word for this case.
>
Right. It's not really a security issue and more of a straight up ugly bug.
If I set my user agent to "blah blah\nwhoops I left a newline in there" I
wouldn't expect my result to be "blah blah" when I pull the header on the
server side.
>
> The way I look it is more like enforcing this contract:
>
> Setting a user agent should not falsify any other part of the HTTP
> header sent to the server.
>
> Note that some advanced QtWebKit-based browser may want to give its
> user the option to set a custom user agent. While it does make sense
> to enforce that contract at the level of the API user (i.e. in the
> said browser), it still does make sense to enforce it also within
> (Qt)WebKit.
>
>
> --
> Ariya Hidayat, http://ariya.ofilabs.com
> _______________________________________________
> webkit-qt mailing list
> webkit-qt at lists.webkit.org
> http://lists.webkit.org/mailman/listinfo.cgi/webkit-qt
>
--
................................................................
*Sencha*
Jarred Nicholls, Senior Software Architect
@jarrednicholls
<http://twitter.com/jarrednicholls>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-qt/attachments/20110922/a28056f8/attachment-0001.html>
More information about the webkit-qt
mailing list