summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch')
-rw-r--r--kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch45
1 files changed, 45 insertions, 0 deletions
diff --git a/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch
new file mode 100644
index 00000000000..f5050abaa5b
--- /dev/null
+++ b/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch
@@ -0,0 +1,45 @@
+From: Albert Astals Cid <aacid@kde.org>
+Date: Thu, 13 Nov 2014 14:06:01 +0000
+Subject: Sanitize html
+X-Git-Url: http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689
+---
+Sanitize html
+
+As discussed by the security team
+---
+
+
+--- a/src/webpage.cpp
++++ b/src/webpage.cpp
+@@ -226,23 +226,26 @@
+ doc += QL1S( "<h3>" );
+ doc += i18n( "Details of the Request:" );
+ doc += QL1S( "</h3><ul><li>" );
+- doc += i18n( "URL: %1", reqUrl.url() );
++ // escape URL twice: once for i18n, and once for HTML.
++ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
+ doc += QL1S( "</li><li>" );
+
+ const QString protocol (reqUrl.protocol());
+ if ( !protocol.isNull() ) {
+- doc += i18n( "Protocol: %1", protocol );
++ // escape protocol twice: once for i18n, and once for HTML.
++ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
+ doc += QL1S( "</li><li>" );
+ }
+
+ doc += i18n( "Date and Time: %1",
+ KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
+ doc += QL1S( "</li><li>" );
+- doc += i18n( "Additional Information: %1" , text );
++ // escape text twice: once for i18n, and once for HTML.
++ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
+ doc += QL1S( "</li></ul><h3>" );
+ doc += i18n( "Description:" );
+ doc += QL1S( "</h3><p>" );
+- doc += description;
++ doc += Qt::escape( description );
+ doc += QL1S( "</p>" );
+
+ if ( causes.count() ) {
+