diff options
author | Jan Scheffler <janscheffler@chromium.org> | 2020-01-09 09:51:29 +0100 |
---|---|---|
committer | Michal Klocek <michal.klocek@qt.io> | 2020-06-09 08:51:01 +0000 |
commit | 130150732b6dfdd7663763d333ade2ef4d305b8a (patch) | |
tree | 1bd3c8b4907930f50b5fec6853dd5f0d9df539ac | |
parent | bfc495cdeae19e057241ca17e82f095e5f788cfd (diff) | |
download | qtwebengine-chromium-130150732b6dfdd7663763d333ade2ef4d305b8a.tar.gz |
[Backport] Fix for CVE-2020-6443
Escape HTTP method for "Copy as cURL"
This patch will escape the http method in the generated copy as
curl command in the network panel.
Fixed: chromium:1040080
Change-Id: I31f07b84efdf2fe377e6a9e228453812ea06152e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js b/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js index db9e0ff5077..4b3feabd419 100644 --- a/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js +++ b/chromium/third_party/blink/renderer/devtools/front_end/network/NetworkLogView.js @@ -1675,7 +1675,7 @@ Network.NetworkLogView = class extends UI.VBox { if (request.requestMethod !== inferredMethod) { command.push('-X'); - command.push(request.requestMethod); + command.push(escapeString(request.requestMethod)); } const requestHeaders = request.requestHeaders(); |