Hi guys, I'm using qtwebkit to build a DOM-XSS scanner. By default qtwebkit is automatically URL encoding/escaping the query part of the URL. Javascript gets the URL encoded.
For example, when you visit the URL "http://test.com/?param=value<b>value</b>", location.href will contain the value " http://test.com/?param=value%3Cb%3Evalue%3C/b%3E"; This is a big problem for me in detecting DOM-XSS vulnerabilities because I don't know if the browser did the encoding or the webpage did it. I'm trying to disable this functionality but I'm lost in the qtwebkit source code. Anybody can help me by telling me where exactly in the code (in what file) the URL encoding takes place so I can modify the source code and recompile it? I've been browsing the source code for 3 days now and I didn't make any progress. Thank you very much in advance for any help. hari
_______________________________________________ webkit-qt mailing list webkit-qt@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-qt
