From 11a2e482b5c38a892efe9e5d7846048dd1966e58 Mon Sep 17 00:00:00 2001
From: Michael Nottebrock <lofi@FreeBSD.org>
Date: Tue, 6 Feb 2007 17:49:02 +0000
Subject: Fix khtml/konqueror title XSS vulnerability.

Security: CVE-2007-0537
---
 x11/kdelibs3/files/patch-post-3.5.6-kdelibs.diff | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 x11/kdelibs3/files/patch-post-3.5.6-kdelibs.diff

(limited to 'x11/kdelibs3/files/patch-post-3.5.6-kdelibs.diff')

diff --git a/x11/kdelibs3/files/patch-post-3.5.6-kdelibs.diff b/x11/kdelibs3/files/patch-post-3.5.6-kdelibs.diff
new file mode 100644
index 000000000000..5b44a47ef7a5
--- /dev/null
+++ b/x11/kdelibs3/files/patch-post-3.5.6-kdelibs.diff
@@ -0,0 +1,20 @@
+--- khtml/html/htmltokenizer.cpp
++++ khtml/html/htmltokenizer.cpp
+@@ -316,7 +316,7 @@ void HTMLTokenizer::parseSpecial(Tokeniz
+     while ( !src.isEmpty() ) {
+         checkScriptBuffer();
+         unsigned char ch = src->latin1();
+-        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && !title && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
++        if ( !scriptCodeResync && !brokenComments && !textarea && !xmp && ch == '-' && scriptCodeSize >= 3 && !src.escaped() && QConstString( scriptCode+scriptCodeSize-3, 3 ).string() == "<!-" ) {
+             comment = true;
+             scriptCode[ scriptCodeSize++ ] = ch;
+             ++src;
+@@ -495,7 +495,7 @@ void HTMLTokenizer::parseComment(Tokeniz
+ 
+             if (canClose || handleBrokenComments || scriptEnd ){
+                 ++src;
+-                if ( !( script || xmp || textarea || style) ) {
++                if ( !( title || script || xmp || textarea || style) ) {
+ #ifdef COMMENTS_IN_DOM
+                     checkScriptBuffer();
+                     scriptCode[ scriptCodeSize ] = 0;
-- 
cgit v1.2.3