diff options
author | Matthew Vogt <matthew.vogt@nokia.com> | 2012-01-19 16:39:53 +1000 |
---|---|---|
committer | Qt by Nokia <qt-info@nokia.com> | 2012-01-23 07:38:34 +0100 |
commit | 69920f4ddeaa5dbdee555e0a607fd21eb42e2bbc (patch) | |
tree | 7bf29cf79ae1ba33d92ac7b0e2dd27dd48346bfa /examples/declarative | |
parent | e6b224aa2872d7d1030fa98bd30603e16f8f9604 (diff) |
Encode user input before insertion into URLs
Encode user input strings used to formulate URLs, to ensure they do not
cause the structure of the URL to be subverted.
Task-number: QTBUG-19925
Change-Id: I6173f4df67a4bc1676ac32be6072763fc16f9720
Reviewed-by: Martin Jones <martin.jones@nokia.com>
Diffstat (limited to 'examples/declarative')
4 files changed, 12 insertions, 8 deletions
diff --git a/examples/declarative/flickr/content/RssModel.qml b/examples/declarative/flickr/content/RssModel.qml index 9dfcba513d..ba1cf7e62d 100644 --- a/examples/declarative/flickr/content/RssModel.qml +++ b/examples/declarative/flickr/content/RssModel.qml @@ -45,12 +45,9 @@ import QtQuick.XmlListModel 2.0 XmlListModel { property string tags : "" - function commasep(x) - { - return x.replace(' ',','); - } + function encodeTags(x) { return encodeURIComponent(x.replace(' ',',')); } - source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+commasep(tags)+"&" : "")+"format=rss2" + source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+encodeTags(tags)+"&" : "")+"format=rss2" query: "/rss/channel/item" namespaceDeclarations: "declare namespace media=\"http://search.yahoo.com/mrss/\";" diff --git a/examples/declarative/particles/itemparticle/content/RssModel.qml b/examples/declarative/particles/itemparticle/content/RssModel.qml index 33b6da38da..f5abf28e1a 100644 --- a/examples/declarative/particles/itemparticle/content/RssModel.qml +++ b/examples/declarative/particles/itemparticle/content/RssModel.qml @@ -44,7 +44,9 @@ import QtQuick.XmlListModel 2.0 XmlListModel { property string tags : "" - source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+tags+"&" : "") + function encodeTags(x) { return encodeURIComponent(x.replace(' ',',')); } + + source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+encodeTags(tags)+"&" : "") query: "/feed/entry" namespaceDeclarations: "declare default element namespace 'http://www.w3.org/2005/Atom';" diff --git a/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml b/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml index 4126367dff..9438637ebc 100644 --- a/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml +++ b/examples/declarative/photoviewer/PhotoViewerCore/RssModel.qml @@ -45,7 +45,9 @@ import QtQuick.XmlListModel 2.0 XmlListModel { property string tags : "" - source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+tags+"&" : "") + function encodeTags(x) { return encodeURIComponent(x.replace(' ',',')); } + + source: "http://api.flickr.com/services/feeds/photos_public.gne?"+(tags ? "tags="+encodeTags(tags)+"&" : "") query: "/feed/entry" namespaceDeclarations: "declare default element namespace 'http://www.w3.org/2005/Atom';" diff --git a/examples/declarative/twitter/TwitterCore/RssModel.qml b/examples/declarative/twitter/TwitterCore/RssModel.qml index 61145f7efc..4e381f5e0f 100644 --- a/examples/declarative/twitter/TwitterCore/RssModel.qml +++ b/examples/declarative/twitter/TwitterCore/RssModel.qml @@ -51,11 +51,14 @@ Item { id: wrapper property string mode : "everyone" property int status: xmlModel.status function reload() { xmlModel.reload(); } + XmlListModel { id: xmlModel + function encodePhrase(x) { return encodeURIComponent(x); } + source: (from=="" && to=="" && phrase=="") ? "" : - 'http://search.twitter.com/search.atom?from='+from+"&to="+to+"&phrase="+phrase + 'http://search.twitter.com/search.atom?from='+from+"&to="+to+"&phrase="+encodePhrase(phrase) namespaceDeclarations: "declare default element namespace 'http://www.w3.org/2005/Atom'; " + "declare namespace twitter=\"http://api.twitter.com/\";"; |