diff options
Diffstat (limited to 'kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch')
-rw-r--r-- | kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch new file mode 100644 index 000000000000..f5050abaa5bb --- /dev/null +++ b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch @@ -0,0 +1,45 @@ +From: Albert Astals Cid <aacid@kde.org> +Date: Thu, 13 Nov 2014 14:06:01 +0000 +Subject: Sanitize html +X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689 +--- +Sanitize html + +As discussed by the security team +--- + + +--- a/src/webpage.cpp ++++ b/src/webpage.cpp +@@ -226,23 +226,26 @@ + doc += QL1S( "<h3>" ); + doc += i18n( "Details of the Request:" ); + doc += QL1S( "</h3><ul><li>" ); +- doc += i18n( "URL: %1", reqUrl.url() ); ++ // escape URL twice: once for i18n, and once for HTML. ++ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) ); + doc += QL1S( "</li><li>" ); + + const QString protocol (reqUrl.protocol()); + if ( !protocol.isNull() ) { +- doc += i18n( "Protocol: %1", protocol ); ++ // escape protocol twice: once for i18n, and once for HTML. ++ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) ); + doc += QL1S( "</li><li>" ); + } + + doc += i18n( "Date and Time: %1", + KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) ); + doc += QL1S( "</li><li>" ); +- doc += i18n( "Additional Information: %1" , text ); ++ // escape text twice: once for i18n, and once for HTML. ++ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) ); + doc += QL1S( "</li></ul><h3>" ); + doc += i18n( "Description:" ); + doc += QL1S( "</h3><p>" ); +- doc += description; ++ doc += Qt::escape( description ); + doc += QL1S( "</p>" ); + + if ( causes.count() ) { + |