[Webkit-unassigned] [Bug 32252] Universal XSS in Rekonq inherited from QtDemoBrowser?

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 15 11:54:32 PDT 2010


--- Comment #5 from Robert Hogan <robert at webkit.org>  2010-03-15 11:54:32 PST ---
(In reply to comment #4)
> I can reproduce this in the QtLauncher. Exactly which URL did you type into the
> location field?
Do you mean 'can't'?

I wasn't able to reproduce myself - like you, not exactly sure what to enter as
the url so just browsed the code for evidence of sanitizing urls. You're right
that the problem may well be in the urls that are accepted for navigation.

> If we're somehow parsing http://foo.com/some-html-content into a valid URL and
> then end up also injecting that as page content at some point I'd say we need
> to look at the URL parsing and see if that makes sense first. If that URL is
> valid then I'm guessing this would be a problem in other places too?

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list