Commit f9d0cb47 authored by Albert Astals Cid's avatar Albert Astals Cid

Sanitize URLs before passing them to FindProxyForURL

Remove user/password information
For https: remove path and query

Thanks to safebreach.com for reporting the problem

CCMAIL: yoni.fridburg@safebreach.com
CCMAIL: amit.klein@safebreach.com
CCMAIL: itzik.kotler@safebreach.com
parent cae36e0e
......@@ -754,9 +754,16 @@ QString Script::evaluate(const QUrl &url)
}
}
QUrl cleanUrl = url;
cleanUrl.setUserInfo(QString());
if (cleanUrl.scheme() == QLatin1String("https")) {
cleanUrl.setPath(QString());
cleanUrl.setQuery(QString());
}
QScriptValueList args;
args << url.url();
args << url.host();
args << cleanUrl.url();
args << cleanUrl.host();
QScriptValue result = func.call(QScriptValue(), args);
if (result.isError()) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment