[Backport] Fix for CVE-2020-6443

Escape HTTP method for "Copy as cURL" This patch will escape the http method in the generated copy as curl command in the network panel. Fixed: chromium:1040080 Change-Id: I31f07b84efdf2fe377e6a9e228453812ea06152e Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
author: Jan Scheffler <janscheffler@chromium.org> 2020-01-09 09:51:29 +0100
committer: Kirill Burtsev <kirill.burtsev@qt.io> 2020-04-23 11:26:29 +0000
commit: e9d336d788957ed4cedf0c1469ea6a448c9b3ba3 (patch)
tree: 9ff7d7b46f40c9e1873a70a358c30b42c64e456d
parent: d9342640fab4f56755d98802cbb715fe8f4cb02a (diff)
download: qtwebengine-chromium-e9d336d788957ed4cedf0c1469ea6a448c9b3ba3.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js b/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js
index 11a08fe7d18..1e398e698ec 100644
--- a/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js
+++ b/chromium/third_party/devtools-frontend/src/front_end/network/NetworkLogView.js
@@ -1853,7 +1853,7 @@ Network.NetworkLogView = class extends UI.VBox {
 
     if (request.requestMethod !== inferredMethod) {
       command.push('-X');
-      command.push(request.requestMethod);
+      command.push(escapeString(request.requestMethod));
     }
 
     const requestHeaders = request.requestHeaders();
author	Jan Scheffler <janscheffler@chromium.org>	2020-01-09 09:51:29 +0100
committer	Kirill Burtsev <kirill.burtsev@qt.io>	2020-04-23 11:26:29 +0000
commit	e9d336d788957ed4cedf0c1469ea6a448c9b3ba3 (patch)
tree	9ff7d7b46f40c9e1873a70a358c30b42c64e456d
parent	d9342640fab4f56755d98802cbb715fe8f4cb02a (diff)
download	qtwebengine-chromium-e9d336d788957ed4cedf0c1469ea6a448c9b3ba3.tar.gz