Re: Opera/Konqueror: data: URL scheme address bar spoofing
Hi!
With a specially crafted web page, an attacker can redirect
a www browser to the page, which URL (in the url bar) resembles
an arbitrary domain choosen by the attacker.
Attached is a patch that just got applied in KDE's repository to fix the
problem in Konqueror.
Thanks for the report,
Harri.
Index: konqueror/konq_combo.cc
===================================================================
--- konqueror/konq_combo.cc (revision 643782)
+++ konqueror/konq_combo.cc (working copy)
@@ -158,6 +158,7 @@
kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
"addToCombo(QString,QCString)", data);
}
+ lineEdit()->setCursorPosition( 0 );
}
void KonqCombo::setTemporary( const QString& text )