From 0d71069122e1d4abf65f376a3d67b4d4cecce1b4 Mon Sep 17 00:00:00 2001
From: David Rosca <nowrep@gmail.com>
Date: Mon, 29 Jan 2018 22:18:01 +0100
Subject: [PATCH] LocationBar: Don't suggest to search for javascript: scheme

---
 autotests/locationbartest.cpp      |  8 ++++++++
 src/lib/navigation/locationbar.cpp | 11 +++++++----
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/autotests/locationbartest.cpp b/autotests/locationbartest.cpp
index 25ad204b0..14e746565 100644
--- a/autotests/locationbartest.cpp
+++ b/autotests/locationbartest.cpp
@@ -172,6 +172,14 @@ void LocationBarTest::loadActionSpecialSchemesTest()
     action = LocationBar::loadAction("about:blank");
     QCOMPARE(action.type, LocationBar::LoadAction::Url);
     QCOMPARE(action.loadRequest.url(), QUrl("about:blank"));
+
+    action = LocationBar::loadAction("javascript:test");
+    QCOMPARE(action.type, LocationBar::LoadAction::Url);
+    QCOMPARE(action.loadRequest.url(), QUrl("javascript:test"));
+
+    action = LocationBar::loadAction("javascript:alert(' test ');");
+    QCOMPARE(action.type, LocationBar::LoadAction::Url);
+    QCOMPARE(action.loadRequest.url(), QUrl("javascript:alert('%20test%20');"));
 }
 
 void LocationBarTest::loadAction_issue2578()
diff --git a/src/lib/navigation/locationbar.cpp b/src/lib/navigation/locationbar.cpp
index 874f610ab..6df264b19 100644
--- a/src/lib/navigation/locationbar.cpp
+++ b/src/lib/navigation/locationbar.cpp
@@ -183,7 +183,8 @@ void LocationBar::showDomainCompletion(const QString &completion)
 QString LocationBar::convertUrlToText(const QUrl &url)
 {
     // It was most probably entered by user, so don't urlencode it
-    if (url.scheme().isEmpty()) {
+    // Also don't urlencode JavaScript code
+    if (url.scheme().isEmpty() || url.scheme() == QL1S("javascript")) {
         return QUrl::fromPercentEncoding(url.toEncoded());
     }
 
@@ -267,14 +268,16 @@ LocationBar::LoadAction LocationBar::loadAction(const QString &text)
     // Otherwise load as url
     const QUrl &guessedUrl = QUrl::fromUserInput(t);
     if (guessedUrl.isValid()) {
+        // Always allow javascript: to be loaded
+        const bool forceLoad = guessedUrl.scheme() == QL1S("javascript");
         // Only allow spaces in query
-        if (!QzTools::containsSpace(guessedUrl.toString(QUrl::RemoveQuery))) {
+        if (forceLoad || !QzTools::containsSpace(guessedUrl.toString(QUrl::RemoveQuery))) {
             // Only allow whitelisted schemes
-            const QSet<QString> whitelistedSchemes = {
+            static const QSet<QString> whitelistedSchemes = {
                 QSL("http"), QSL("https"), QSL("ftp"), QSL("file"),
                 QSL("data"), QSL("about"), QSL("falkon")
             };
-            if (whitelistedSchemes.contains(guessedUrl.scheme())) {
+            if (forceLoad || whitelistedSchemes.contains(guessedUrl.scheme())) {
                 action.type = LoadAction::Url;
                 action.loadRequest = guessedUrl;
                 return action;