[Webkit-unassigned] [Bug 32252] Universal XSS in Rekonq inherited from QtDemoBrowser?
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 13 12:37:46 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=32252
Robert Hogan <robert at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
CC| |robert at webkit.org
Ever Confirmed|0 |1
--- Comment #3 from Robert Hogan <robert at webkit.org> 2010-03-13 12:37:46 PST ---
The QtDemoBrowser is not part of QtWebKit. QtLauncher does seem to suffer from
this problem though, as it uses the string reported to ErrorPageExtension for
reporting errors.
ErrorPageExtension uses the failingUrl() and localizedDescription()
ResourceError passed by QNetworkReplyHandler:
if (httpStatusCode) {
ResourceError error("HTTP", httpStatusCode, url.toString(),
m_reply->attribute(QNetworkRequest::HttpReasonPhraseAttribute).toString());
client->didFail(m_resourceHandle, error);
} else {
ResourceError error("QtNetwork", m_reply->error(), url.toString(),
m_reply->errorString());
client->didFail(m_resourceHandle, error);
}
So these strings look to be unsanitized. I guess this could be done in
ResourceError's Qt-specific constructor in platform/qt/ResourceError.h.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list