[webkit-qt] How to disable URL encoding of the query string
hari
jayaradhashyam at gmail.com
Sat Oct 26 02:56:05 PDT 2013
Hi guys,
I'm using qtwebkit to build a DOM-XSS scanner. By default qtwebkit is
automatically URL encoding/escaping the query part of the URL. Javascript
gets the URL encoded.
For example, when you visit the URL "http://test.com/?param=value<b>value</b>",
location.href will contain the value "
http://test.com/?param=value%3Cb%3Evalue%3C/b%3E"
This is a big problem for me in detecting DOM-XSS vulnerabilities because I
don't know if the browser did the encoding or the webpage did it. I'm
trying to disable this functionality but I'm lost in the qtwebkit source
code.
Anybody can help me by telling me where exactly in the code (in what file)
the URL encoding takes place so I can modify the source code and recompile
it?
I've been browsing the source code for 3 days now and I didn't make any
progress.
Thank you very much in advance for any help.
hari
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-qt/attachments/20131026/238ce563/attachment.html>
More information about the webkit-qt
mailing list