diff options
author | Jan Scheffler <janscheffler@chromium.org> | 2020-01-09 09:51:29 +0100 |
---|---|---|
committer | Kirill Burtsev <kirill.burtsev@qt.io> | 2020-04-23 11:26:29 +0000 |
commit | e9d336d788957ed4cedf0c1469ea6a448c9b3ba3 (patch) | |
tree | 9ff7d7b46f40c9e1873a70a358c30b42c64e456d | |
parent | d9342640fab4f56755d98802cbb715fe8f4cb02a (diff) | |
download | qtwebengine-chromium-e9d336d788957ed4cedf0c1469ea6a448c9b3ba3.tar.gz |
[Backport] Fix for CVE-2020-6443
Escape HTTP method for "Copy as cURL"
This patch will escape the http method in the generated copy as
curl command in the network panel.
Fixed: chromium:1040080
Change-Id: I31f07b84efdf2fe377e6a9e228453812ea06152e
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
-rw-r--r-- | chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js b/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js index 11a08fe7d18..1e398e698ec 100644 --- a/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js +++ b/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js @@ -1853,7 +1853,7 @@ Network.NetworkLogView = class extends UI.VBox { if (request.requestMethod !== inferredMethod) { command.push('-X'); - command.push(request.requestMethod); + command.push(escapeString(request.requestMethod)); } const requestHeaders = request.requestHeaders(); |