[Webkit-unassigned] [Bug 32252] Universal XSS in Rekonq inherited from QtDemoBrowser?

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Mar 13 12:37:46 PST 2010


Robert Hogan <robert at webkit.org> changed:

           What    |Removed                     |Added
             Status|UNCONFIRMED                 |NEW
                 CC|                            |robert at webkit.org
     Ever Confirmed|0                           |1

--- Comment #3 from Robert Hogan <robert at webkit.org>  2010-03-13 12:37:46 PST ---
The QtDemoBrowser is not part of QtWebKit. QtLauncher does seem to suffer from
this problem though, as it uses the string reported to ErrorPageExtension for
reporting errors.

ErrorPageExtension uses the failingUrl() and localizedDescription()
ResourceError passed by QNetworkReplyHandler:

        if (httpStatusCode) {
            ResourceError error("HTTP", httpStatusCode, url.toString(),
            client->didFail(m_resourceHandle, error);
        } else {
            ResourceError error("QtNetwork", m_reply->error(), url.toString(),
            client->didFail(m_resourceHandle, error);
So these strings look to be unsanitized. I guess this could be done in
ResourceError's Qt-specific constructor in platform/qt/ResourceError.h.

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list