[Webkit-unassigned] [Bug 51159] [Qt] Permit qrc resources to load in QWebSettings::setUserStyleSheetUrl()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 16 11:28:11 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=51159
--- Comment #3 from Ariya Hidayat <ariya.hidayat at gmail.com> 2010-12-16 11:28:11 PST ---
(From update of attachment 76727)
View in context: https://bugs.webkit.org/attachment.cgi?id=76727&action=review
> WebCore/platform/qt/KURLQt.cpp:51
> + if (isValid() && (protocolIs("file") || protocolIs("qrc"))) {
> + // A valid qrc resource path begins with a colon
> + if (protocolIs("qrc"))
> + return ":" + path();
Is there a security implication of this? For example, can now any application which is granted the access to local file also upload/peek any resource (in particular in a hybrid QtWebKit-based app)?
> WebCore/platform/qt/KURLQt.cpp:54
> + return static_cast<QUrl>(*this).toLocalFile();
This static_cast is rather scary. I can't think of a better solution right now :(
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list