diff options
author | Peter Varga <pvarga@inf.u-szeged.hu> | 2018-03-07 11:48:14 +0100 |
---|---|---|
committer | Peter Varga <pvarga@inf.u-szeged.hu> | 2018-03-14 14:38:41 +0000 |
commit | 789f375411b542db3ac3be79cbe0a6153720abf1 (patch) | |
tree | 3aa2c15914a341b1bc0e05fff08f842451f3282f /src | |
parent | 3b0b2e040f596105a56f83bfc0adc9f1df1bd009 (diff) |
Remove credentials from view-source URLs
Task-number: QTBUG-65997
Change-Id: Icb55326c51f1dfff77e8e862e9ced619be17ead1
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'src')
-rw-r--r-- | src/core/web_contents_delegate_qt.cpp | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/src/core/web_contents_delegate_qt.cpp b/src/core/web_contents_delegate_qt.cpp index 1c856e5b2..316ee9b94 100644 --- a/src/core/web_contents_delegate_qt.cpp +++ b/src/core/web_contents_delegate_qt.cpp @@ -77,6 +77,7 @@ #include "content/public/common/url_constants.h" #include "content/public/common/web_preferences.h" #include "net/base/data_url.h" +#include "net/base/url_util.h" #include <QDesktopServices> #include <QTimer> @@ -153,17 +154,12 @@ content::WebContents *WebContentsDelegateQt::OpenURLFromTab(content::WebContents static bool shouldUseActualURL(const content::NavigationEntry *entry) { - if (!entry) - return false; + Q_ASSERT(entry); // Show actual URL for data URLs only if (!entry->GetURL().SchemeIs(url::kDataScheme)) return false; - // Keep view-source: prefix - if (entry->IsViewSourceMode()) - return false; - // Do not show data URL of interstitial and error pages if (entry->GetPageType() != content::PAGE_TYPE_NORMAL) return false; @@ -180,9 +176,24 @@ static bool shouldUseActualURL(const content::NavigationEntry *entry) void WebContentsDelegateQt::NavigationStateChanged(content::WebContents* source, content::InvalidateTypes changed_flags) { if (changed_flags & content::INVALIDATE_TYPE_URL) { - // If there is a visible entry there are special cases when we dont wan't to use the actual URL content::NavigationEntry *entry = source->GetController().GetVisibleEntry(); - QUrl newUrl = shouldUseActualURL(entry) ? toQt(entry->GetURL()) : toQt(source->GetVisibleURL()); + + QUrl newUrl; + if (source->GetVisibleURL().SchemeIs(content::kViewSourceScheme)) { + Q_ASSERT(entry); + GURL url = entry->GetURL(); + + // Strip user name, password and reference section from view-source URLs + if (url.has_password() || url.has_username() || url.has_ref()) { + GURL strippedUrl = net::SimplifyUrlForRequest(entry->GetURL()); + newUrl = QUrl(QString("%1:%2").arg(content::kViewSourceScheme, QString::fromStdString(strippedUrl.spec()))); + } + } + + // If there is a visible entry there are special cases when we dont wan't to use the actual URL + if (entry && newUrl.isEmpty()) + newUrl = shouldUseActualURL(entry) ? toQt(entry->GetURL()) : toQt(source->GetVisibleURL()); + if (m_url != newUrl) { m_url = newUrl; m_viewClient->urlChanged(m_url); |