[Backport] Fix for CVE-2020-6443

Escape HTTP method for "Copy as cURL" This patch will escape the http method in the generated copy as curl command in the network panel. Fixed: chromium:1040080 Change-Id: I31f07b84efdf2fe377e6a9e228453812ea06152e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Jan Scheffler <janscheffler@chromium.org> 2020-01-09 09:51:29 +0100
committer: Michal Klocek <michal.klocek@qt.io> 2020-06-09 08:51:01 +0000
commit: 130150732b6dfdd7663763d333ade2ef4d305b8a (patch)
tree: 1bd3c8b4907930f50b5fec6853dd5f0d9df539ac
parent: bfc495cdeae19e057241ca17e82f095e5f788cfd (diff)
download: qtwebengine-chromium-130150732b6dfdd7663763d333ade2ef4d305b8a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js b/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js
index db9e0ff5077..4b3feabd419 100644
--- a/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js
+++ b/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js
@@ -1675,7 +1675,7 @@ Network.NetworkLogView = class extends UI.VBox {
 
     if (request.requestMethod !== inferredMethod) {
       command.push('-X');
-      command.push(request.requestMethod);
+      command.push(escapeString(request.requestMethod));
     }
 
     const requestHeaders = request.requestHeaders();
author	Jan Scheffler <janscheffler@chromium.org>	2020-01-09 09:51:29 +0100
committer	Michal Klocek <michal.klocek@qt.io>	2020-06-09 08:51:01 +0000
commit	130150732b6dfdd7663763d333ade2ef4d305b8a (patch)
tree	1bd3c8b4907930f50b5fec6853dd5f0d9df539ac
parent	bfc495cdeae19e057241ca17e82f095e5f788cfd (diff)
download	qtwebengine-chromium-130150732b6dfdd7663763d333ade2ef4d305b8a.tar.gz