[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: KDE/kdelibs/khtml/html
From: Germain Garand <germain () ebooksfrance ! org>
Date: 2010-01-25 9:01:10
Message-ID: 1264410070.028013.23801.nullmailer () svn ! kde ! org
[Download RAW message or body]
SVN commit 1079856 by ggarand:
<script type=" "> should not be executed.
M +7 -2 html_headimpl.cpp
--- trunk/KDE/kdelibs/khtml/html/html_headimpl.cpp #1079855:1079856
@@ -417,8 +417,13 @@
Mozilla 1.5 and WinIE 6 both accept the empty string, but neither accept a \
whitespace-only string.
We want to accept all the values that either of these browsers accept, but \
not other values.
*/
- QString type = getAttribute(ATTR_TYPE).string().trimmed().toLower();
- if (!type.isEmpty())
+ QString type = getAttribute(ATTR_TYPE).string().toLower();
+
+ // Gecko accepts initial/trailing whitespace around the mimetype.
+ // Whitespace only, however, musn't trigger execution.
+ int length = type.length();
+ type = type.trimmed();
+ if (length)
return !(type.compare("text/javascript") != 0 &&
type.compare("text/javascript1.0") != 0 &&
type.compare("text/javascript1.1") != 0 &&
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic