summaryrefslogtreecommitdiff
path: root/source/kde/kdelibs/kdelibs.khtml.CVE-2011-1168.diff
blob: 356f30a61046e4cdff46b533b3df61ccfacd9d4d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
--- a/khtml/khtml_part.cpp
+++ b/khtml/khtml_part.cpp
@@ -1803,7 +1803,10 @@ void KHTMLPart::htmlError( int errorCode
   stream >> errorName >> techName >> description >> causes >> solutions;
 
   QString url, protocol, datetime;
-  url = Qt::escape( reqUrl.prettyUrl() );
+
+  // This is somewhat confusing, but we have to escape the externally-
+  // controlled URL twice: once for i18n, and once for HTML.
+  url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
   protocol = reqUrl.protocol();
   datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
                                                 KLocale::LongDate );