current/SOURCES/kwebkitpart-1.3.4-CVE-2014-8600.patch

From 641aa7c75631084260ae89aecbdb625e918c6689 Mon Sep 17 00:00:00 2001
From: Albert Astals Cid <aacid@kde.org>
Date: Thu, 13 Nov 2014 15:06:01 +0100
Subject: [PATCH] Sanitize html

As discussed by the security team
---
 src/webpage.cpp | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/src/webpage.cpp b/src/webpage.cpp
index df1c41c..3e20b38 100644
--- a/src/webpage.cpp
+++ b/src/webpage.cpp
@@ -226,23 +226,26 @@ QString WebPage::errorPage(int code, const QString& text, const KUrl& reqUrl) co
     doc += QL1S( "<h3>" );
     doc += i18n( "Details of the Request:" );
     doc += QL1S( "</h3><ul><li>" );
-    doc += i18n( "URL: %1", reqUrl.url() );
+    // escape URL twice: once for i18n, and once for HTML.
+    doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
     doc += QL1S( "</li><li>" );
 
     const QString protocol (reqUrl.protocol());
     if ( !protocol.isNull() ) {
-        doc += i18n( "Protocol: %1", protocol );
+        // escape protocol twice: once for i18n, and once for HTML.
+        doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
         doc += QL1S( "</li><li>" );
     }
 
     doc += i18n( "Date and Time: %1",
                  KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
     doc += QL1S( "</li><li>" );
-    doc += i18n( "Additional Information: %1" ,  text );
+    // escape text twice: once for i18n, and once for HTML.
+    doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
     doc += QL1S( "</li></ul><h3>" );
     doc += i18n( "Description:" );
     doc += QL1S( "</h3><p>" );
-    doc += description;
+    doc += Qt::escape( description );
     doc += QL1S( "</p>" );
 
     if ( causes.count() ) {
-- 
1.9.3

1	From 641aa7c75631084260ae89aecbdb625e918c6689 Mon Sep 17 00:00:00 2001
2	From: Albert Astals Cid <aacid@kde.org>
3	Date: Thu, 13 Nov 2014 15:06:01 +0100
4	Subject: [PATCH] Sanitize html
5
6	As discussed by the security team
7	---
8	src/webpage.cpp \| 11 +++++++----
9	1 file changed, 7 insertions(+), 4 deletions(-)
10
11	diff --git a/src/webpage.cpp b/src/webpage.cpp
12	index df1c41c..3e20b38 100644
13	--- a/src/webpage.cpp
14	+++ b/src/webpage.cpp
15	@@ -226,23 +226,26 @@ QString WebPage::errorPage(int code, const QString& text, const KUrl& reqUrl) co
16	doc += QL1S( "<h3>" );
17	doc += i18n( "Details of the Request:" );
18	doc += QL1S( "</h3><ul><li>" );
19	- doc += i18n( "URL: %1", reqUrl.url() );
20	+ // escape URL twice: once for i18n, and once for HTML.
21	+ doc += i18n( "URL: %1", Qt::escape( Qt::escape( reqUrl.prettyUrl() ) ) );
22	doc += QL1S( "</li><li>" );
23
24	const QString protocol (reqUrl.protocol());
25	if ( !protocol.isNull() ) {
26	- doc += i18n( "Protocol: %1", protocol );
27	+ // escape protocol twice: once for i18n, and once for HTML.
28	+ doc += i18n( "Protocol: %1", Qt::escape( Qt::escape( protocol ) ) );
29	doc += QL1S( "</li><li>" );
30	}
31
32	doc += i18n( "Date and Time: %1",
33	KGlobal::locale()->formatDateTime(QDateTime::currentDateTime(), KLocale::LongDate) );
34	doc += QL1S( "</li><li>" );
35	- doc += i18n( "Additional Information: %1" , text );
36	+ // escape text twice: once for i18n, and once for HTML.
37	+ doc += i18n( "Additional Information: %1", Qt::escape( Qt::escape( text ) ) );
38	doc += QL1S( "</li></ul><h3>" );
39	doc += i18n( "Description:" );
40	doc += QL1S( "</h3><p>" );
41	- doc += description;
42	+ doc += Qt::escape( description );
43	doc += QL1S( "</p>" );
44
45	if ( causes.count() ) {
46	--
47	1.9.3
48