summaryrefslogtreecommitdiff
blob: 4fbd5e39ace1141ead7eaf7221bd42d070faedbc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
From a06cef31cc4c908bc9b76bd9d103fe9c60e0953f Mon Sep 17 00:00:00 2001
From: Montel Laurent <montel@kde.org>
Date: Tue, 11 Oct 2016 11:11:08 +0200
Subject: [PATCH] Add more autotests

---
 autotests/ktexttohtmltest.cpp | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
index c5690e8..0179a00 100644
--- a/autotests/ktexttohtmltest.cpp
+++ b/autotests/ktexttohtmltest.cpp
@@ -392,6 +392,21 @@ void KTextToHTMLTest::testHtmlConvert_data()
                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
                                << "https://\"><!--";
 
+   QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                               << "https://192.168.1.1:\"><!--";
+
+   QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                               << "https://<IP>:\"><!--";
+
+   QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                               << "https://<IP>:/\"><!--";
+
+   QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                               << "https://<IP>:/\"><script>alert(1);</script><!--";
 }
 
 
-- 
2.7.3

From 5e13d2439dbf540fdc840f0b0ab5b3ebf6642c6a Mon Sep 17 00:00:00 2001
From: Montel Laurent <montel@kde.org>
Date: Tue, 11 Oct 2016 11:40:10 +0200
Subject: [PATCH] Display bad url

---
 autotests/ktexttohtmltest.cpp | 14 +++++++++-----
 src/lib/text/ktexttohtml.cpp  | 18 +++++++++++++++++-
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/autotests/ktexttohtmltest.cpp b/autotests/ktexttohtmltest.cpp
index 0179a00..ccac29a 100644
--- a/autotests/ktexttohtmltest.cpp
+++ b/autotests/ktexttohtmltest.cpp
@@ -390,23 +390,27 @@ void KTextToHTMLTest::testHtmlConvert_data()
    //Fix url exploit
    QTest::newRow("url-exec-html") << "https://\"><!--"
                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                               << "https://\"><!--";
+                               << "https://&quot;&gt;&lt;!--";
 
    QTest::newRow("url-exec-html-2") << "https://192.168.1.1:\"><!--"
                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                               << "https://192.168.1.1:\"><!--";
+                               << "https://192.168.1.1:&quot;&gt;&lt;!--";
 
    QTest::newRow("url-exec-html-3") << "https://<IP>:\"><!--"
                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                               << "https://<IP>:\"><!--";
+                               << "https://&lt;IP&gt;:&quot;&gt;&lt;!--";
 
    QTest::newRow("url-exec-html-4") << "https://<IP>:/\"><!--"
                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                               << "https://<IP>:/\"><!--";
+                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;!--";
 
    QTest::newRow("url-exec-html-5") << "https://<IP>:/\"><script>alert(1);</script><!--"
                                << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
-                               << "https://<IP>:/\"><script>alert(1);</script><!--";
+                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--";
+
+   QTest::newRow("url-exec-html-6") << "https://<IP>:/\"><script>alert(1);</script><!--\nTest2"
+                               << KTextToHTML::Options(KTextToHTML::PreserveSpaces)
+                               << "https://&lt;IP&gt;:/&quot;&gt;&lt;script&gt;alert(1);&lt;/script&gt;&lt;!--\nTest2";
 }
 
 
diff --git a/src/lib/text/ktexttohtml.cpp b/src/lib/text/ktexttohtml.cpp
index 97c5eab..30e0b5d 100644
--- a/src/lib/text/ktexttohtml.cpp
+++ b/src/lib/text/ktexttohtml.cpp
@@ -423,7 +423,23 @@ QString KTextToHTML::convertToHtml(const QString &plainText, const KTextToHTML::
                 bool badUrl = false;
                 str = helper.getUrl(&badUrl);
                 if (badUrl) {
-                    return helper.mText;
+                    QString resultBadUrl;
+                    const int helperTextSize(helper.mText.count());
+                    for (int i = 0; i < helperTextSize; ++i) {
+                        const QChar chBadUrl = helper.mText[i];
+                        if (chBadUrl == QLatin1Char('&')) {
+                            resultBadUrl += QLatin1String("&amp;");
+                        } else if (chBadUrl == QLatin1Char('"')) {
+                            resultBadUrl += QLatin1String("&quot;");
+                        } else if (chBadUrl == QLatin1Char('<')) {
+                            resultBadUrl += QLatin1String("&lt;");
+                        } else if (chBadUrl == QLatin1Char('>')) {
+                            resultBadUrl += QLatin1String("&gt;");
+                        } else {
+                            resultBadUrl += chBadUrl;
+                        }
+                    }
+                    return resultBadUrl;
                 }
                 if (!str.isEmpty()) {
                     QString hyperlink;
-- 
2.7.3