File 77dc792c-khtml-xss.diff of Package kdelibs4

--- a/khtml/khtml_part.cpp
+++ b/khtml/khtml_part.cpp
@@ -1848,7 +1848,10 @@ void KHTMLPart::htmlError( int errorCode
   stream >> errorName >> techName >> description >> causes >> solutions;
 
   QString url, protocol, datetime;
-  url = Qt::escape( reqUrl.prettyUrl() );
+
+  // This is somewhat confusing, but we have to escape the externally-
+  // controlled URL twice: once for i18n, and once for HTML.
+  url = Qt::escape( Qt::escape( reqUrl.prettyUrl() ) );
   protocol = reqUrl.protocol();
   datetime = KGlobal::locale()->formatDateTime( QDateTime::currentDateTime(),
                                                 KLocale::LongDate );
openSUSE Build Service is sponsored by