[gentoo-commits] gentoo-x86 commit in kde-misc/kwebkitpart/files: kwebkitpart-1.3.4-CVE-2014-8600.patch

Sun, 16 Nov 2014 02:49:22 -0800 

alexxy      14/11/16 10:48:18

  Added:                kwebkitpart-1.3.4-CVE-2014-8600.patch
  Log:
  Update per CVE-2014-8600
  
  (Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 
F82F92E6)

Revision  Changes    Path
1.1                  
kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/kde-misc/kwebkitpart/files/kwebkitpart-1.3.4-CVE-2014-8600.patch?rev=1.1&content-type=text/plain

Index: kwebkitpart-1.3.4-CVE-2014-8600.patch
===================================================================
From: Albert Astals Cid <[email protected]>
Date: Thu, 13 Nov 2014 14:06:01 +0000
Subject: Sanitize html
X-Git-Url: 
http://quickgit.kde.org/?p=kwebkitpart.git&a=commitdiff&h=641aa7c75631084260ae89aecbdb625e918c6689
---
Sanitize html

As discussed by the security team
---


--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -226,23 +226,26 @@
     doc += QL1S( "<h3>" );
     doc += i18n( "Details of the Request:" );
     doc += QL1S( "</h3><ul><li>" );
-    doc += i18n( "URL: %1", reqUrl.url() );
+    // escape URL twice: once for i18n, and once for HTML.
+    doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
     doc += QL1S( "</li><li>" );
 
     const QString protocol (reqUrl.protocol());
     if ( !protocol.isNull() ) {
-        doc += i18n( "Protocol: %1", protocol );
+        // escape protocol twice: once for i18n, and once for HTML.
+        doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
         doc += QL1S( "</li><li>" );
     }
 
     doc += i18n( "Date and Time: %1",
                  
KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), 
KLocale::LongDate) );
     doc += QL1S( "</li><li>" );
-    doc += i18n( "Additional Information: %1" ,  text );
+    // escape text twice: once for i18n, and once for HTML.
+    doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) 
) );
     doc += QL1S( "</li></ul><h3>" );
     doc += i18n( "Description:" );
     doc += QL1S( "</h3><p>" );
-    doc += description;
+    doc += Qt::escape( description );
     doc += QL1S( "</p>" );
 
     if ( causes.count() ) {

Reply via email to