Falkon/falkonOfficial
Falkon/falkonOfficial
1
Fork 0
mirror of https://invent.kde.org/network/falkon.git synced 2024-09-21 09:42:10 +02:00
Code Releases Activity

LocationBar: Only allow whitelisted schemes to be loaded as url

Browse Source
This commit is contained in:
David Rosca 2018-01-27 12:31:39 +01:00
parent c163629f8e
commit eae11b9a9a
No known key found for this signature in database
GPG Key ID: EBC3FC294452C6D8
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
autotests/locationbartest.cpp
View File

@ -128,7 +128,7 @@ void LocationBarTest::loadActionSearchTest()
void LocationBarTest::loadAction_kdebug389491()
{
// "site:website.com searchterm" is loaded instead of searched
// "site:website.com searchterm" and "link:website.com" are loaded instead of searched
SearchEngine engine;
engine.name = "Test Engine";
@ -143,9 +143,13 @@ void LocationBarTest::loadAction_kdebug389491()
QCOMPARE(action.type, LocationBar::LoadAction::Search);
QCOMPARE(action.loadRequest.url(), QUrl("http://test/site%3Awebsite.com%20searchterm"));
action = LocationBar::loadAction("site:website.com?search=searchterm and another");
action = LocationBar::loadAction("link:website.com");
QCOMPARE(action.type, LocationBar::LoadAction::Search);
QCOMPARE(action.loadRequest.url(), QUrl("http://test/link%3Awebsite.com"));
action = LocationBar::loadAction("http://website.com?search=searchterm and another");
QCOMPARE(action.type, LocationBar::LoadAction::Url);
QCOMPARE(action.loadRequest.url(), QUrl("site:website.com?search=searchterm and another"));
QCOMPARE(action.loadRequest.url(), QUrl("http://website.com?search=searchterm and another"));
}
FALKONTEST_MAIN(LocationBarTest)

15
src/lib/navigation/locationbar.cpp
View File

@ -263,11 +263,18 @@ LocationBar::LoadAction LocationBar::loadAction(const QString &text)
// Otherwise load as url
const QUrl &guessedUrl = QUrl::fromUserInput(t);
if (guessedUrl.isValid()) {
// We only allow space in query
// Only allow spaces in query
if (!QzTools::containsSpace(guessedUrl.toString(QUrl::RemoveQuery))) {
action.type = LoadAction::Url;
action.loadRequest = guessedUrl;
return action;
// Only allow whitelisted schemes
const QSet<QString> whitelistedSchemes = {
QSL("http"), QSL("https"), QSL("ftp"), QSL("file"),
QSL("about"), QSL("qupzilla")
};
if (whitelistedSchemes.contains(guessedUrl.scheme())) {
action.type = LoadAction::Url;
action.loadRequest = guessedUrl;
return action;
}
}
}