[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Opera/Konqueror: data: URL scheme address bar spoofing
- To: Robert Swiecki <jagger@xxxxxxxxxxx>
- Subject: Re: Opera/Konqueror: data: URL scheme address bar spoofing
- From: Harri Porten <porten@xxxxxxx>
- Date: Sat, 14 Jul 2007 22:11:37 +0200 (CEST)
Hi!
With a specially crafted web page, an attacker can redirect
a www browser to the page, which URL (in the url bar) resembles
an arbitrary domain choosen by the attacker.
Attached is a patch that just got applied in KDE's repository to fix the
problem in Konqueror.
Thanks for the report,
Harri.
Index: konqueror/konq_combo.cc
===================================================================
--- konqueror/konq_combo.cc (revision 643782)
+++ konqueror/konq_combo.cc (working copy)
@@ -158,6 +158,7 @@
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )