diff options
| author | darin@apple.com <darin@apple.com> | 2014-05-06 13:29:14 +0200 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-05-07 11:22:09 +0200 |
| commit | 0fd6d091cbf7963584418f03701bf7e5311eaf17 (patch) | |
| tree | 7e9c8ed89393f4260248f47d44320577699d8bcc /Source | |
| parent | 40304f3d611ce9210c29e87c4ea0ad0e042979de (diff) | |
| download | qtwebkit-0fd6d091cbf7963584418f03701bf7e5311eaf17.tar.gz | |
Origin spoofing possible due to inappropriate URL escape sequence decoding
https://bugs.webkit.org/show_bug.cgi?id=131837
rdar://problem/15211936
Reviewed by Anders Carlsson and Dave Hyatt.
Tests: fast/dom/DOMURL/parsing.html
fast/dom/HTMLAnchorElement/anchor-element-href-parsing.html
* platform/URL.cpp:
(WebCore::URL::host): Removed unnecessary call to
decodeURLEscapeSequences, which caused
problems and was not needed.
Change-Id: Idddc6efe310389b8e68db2d8c312c2098121e6d9
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@167480 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
Diffstat (limited to 'Source')
| -rw-r--r-- | Source/WebCore/platform/KURL.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Source/WebCore/platform/KURL.cpp b/Source/WebCore/platform/KURL.cpp index 014d3d738..91c7d04cd 100644 --- a/Source/WebCore/platform/KURL.cpp +++ b/Source/WebCore/platform/KURL.cpp @@ -579,7 +579,7 @@ String KURL::protocol() const String KURL::host() const { int start = hostStart(); - return decodeURLEscapeSequences(m_string.substring(start, m_hostEnd - start)); + return m_string.substring(start, m_hostEnd - start); } unsigned short KURL::port() const |