mirror of
https://invent.kde.org/network/falkon.git
synced 2024-12-20 10:46:35 +01:00
LocationBar: Don't suggest to search for javascript: scheme
This commit is contained in:
parent
a89fcf9002
commit
0d71069122
@ -172,6 +172,14 @@ void LocationBarTest::loadActionSpecialSchemesTest()
|
|||||||
action = LocationBar::loadAction("about:blank");
|
action = LocationBar::loadAction("about:blank");
|
||||||
QCOMPARE(action.type, LocationBar::LoadAction::Url);
|
QCOMPARE(action.type, LocationBar::LoadAction::Url);
|
||||||
QCOMPARE(action.loadRequest.url(), QUrl("about:blank"));
|
QCOMPARE(action.loadRequest.url(), QUrl("about:blank"));
|
||||||
|
|
||||||
|
action = LocationBar::loadAction("javascript:test");
|
||||||
|
QCOMPARE(action.type, LocationBar::LoadAction::Url);
|
||||||
|
QCOMPARE(action.loadRequest.url(), QUrl("javascript:test"));
|
||||||
|
|
||||||
|
action = LocationBar::loadAction("javascript:alert(' test ');");
|
||||||
|
QCOMPARE(action.type, LocationBar::LoadAction::Url);
|
||||||
|
QCOMPARE(action.loadRequest.url(), QUrl("javascript:alert('%20test%20');"));
|
||||||
}
|
}
|
||||||
|
|
||||||
void LocationBarTest::loadAction_issue2578()
|
void LocationBarTest::loadAction_issue2578()
|
||||||
|
@ -183,7 +183,8 @@ void LocationBar::showDomainCompletion(const QString &completion)
|
|||||||
QString LocationBar::convertUrlToText(const QUrl &url)
|
QString LocationBar::convertUrlToText(const QUrl &url)
|
||||||
{
|
{
|
||||||
// It was most probably entered by user, so don't urlencode it
|
// It was most probably entered by user, so don't urlencode it
|
||||||
if (url.scheme().isEmpty()) {
|
// Also don't urlencode JavaScript code
|
||||||
|
if (url.scheme().isEmpty() || url.scheme() == QL1S("javascript")) {
|
||||||
return QUrl::fromPercentEncoding(url.toEncoded());
|
return QUrl::fromPercentEncoding(url.toEncoded());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -267,14 +268,16 @@ LocationBar::LoadAction LocationBar::loadAction(const QString &text)
|
|||||||
// Otherwise load as url
|
// Otherwise load as url
|
||||||
const QUrl &guessedUrl = QUrl::fromUserInput(t);
|
const QUrl &guessedUrl = QUrl::fromUserInput(t);
|
||||||
if (guessedUrl.isValid()) {
|
if (guessedUrl.isValid()) {
|
||||||
|
// Always allow javascript: to be loaded
|
||||||
|
const bool forceLoad = guessedUrl.scheme() == QL1S("javascript");
|
||||||
// Only allow spaces in query
|
// Only allow spaces in query
|
||||||
if (!QzTools::containsSpace(guessedUrl.toString(QUrl::RemoveQuery))) {
|
if (forceLoad || !QzTools::containsSpace(guessedUrl.toString(QUrl::RemoveQuery))) {
|
||||||
// Only allow whitelisted schemes
|
// Only allow whitelisted schemes
|
||||||
const QSet<QString> whitelistedSchemes = {
|
static const QSet<QString> whitelistedSchemes = {
|
||||||
QSL("http"), QSL("https"), QSL("ftp"), QSL("file"),
|
QSL("http"), QSL("https"), QSL("ftp"), QSL("file"),
|
||||||
QSL("data"), QSL("about"), QSL("falkon")
|
QSL("data"), QSL("about"), QSL("falkon")
|
||||||
};
|
};
|
||||||
if (whitelistedSchemes.contains(guessedUrl.scheme())) {
|
if (forceLoad || whitelistedSchemes.contains(guessedUrl.scheme())) {
|
||||||
action.type = LoadAction::Url;
|
action.type = LoadAction::Url;
|
||||||
action.loadRequest = guessedUrl;
|
action.loadRequest = guessedUrl;
|
||||||
return action;
|
return action;
|
||||||
|
Loading…
Reference in New Issue
Block a user