Re: Opera/Konqueror: data: URL scheme address bar spoofing

[Harri Porten <porten@xxxxxxx>]

Hi!

> With a specially crafted web page, an attacker can redirect
> a www browser to the page, which URL (in the url bar) resembles
> an arbitrary domain choosen by the attacker.

Attached is a patch that just got applied in KDE's repository to fix the 
problem in Konqueror.

Thanks for the report,

Harri.

Index: konqueror/konq_combo.cc
===================================================================
--- konqueror/konq_combo.cc     (revision 643782)
+++ konqueror/konq_combo.cc     (working copy)
@@ -158,6 +158,7 @@
         kapp->dcopClient()->send( "konqueror*", "KonquerorIface",
                                   "addToCombo(QString,QCString)", data);
     }
+    lineEdit()->setCursorPosition( 0 );
 }
 
 void KonqCombo::setTemporary( const QString& text )