summaryrefslogtreecommitdiff
path: root/patches/source/kdelibs/kdelibs.4.4.x.CVE-2011-1168.diff
blob: 9a81db7005662326be0ab8ad50ff71531b28c71b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
--- a/khtml/khtml_part.cpp
+++ b/khtml/khtml_part.cpp
@@ -1848,7 +1848,10 @@ void KHTMLPart::htmlError( int errorCode
   stream >> errorName >> techName >> description >> causes >> solutions;
 
   QString url, protocol, datetime;
-  url = Qt::escape( reqUrl.prettyUrl() );
+
+  // This is somewhat confusing, but we have to escape the externally-
+  // controlled URL twice: once for i18n, and once for HTML.
+  url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
   protocol = reqUrl.protocol();
   datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
                                                 KLocale::LongDate );