mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 08:41:15 +00:00
LibWeb: Do not discard String returned from url_encode() to avoid UAF
This caused UAF since the string returned from url_encode() was immediately discarded. Co-authored-by: Luke Wilde <lukew@serenityos.org>
This commit is contained in:
parent
736f9f38ae
commit
b78ee64415
Notes:
sideshowbarker
2024-07-17 03:51:15 +09:00
Author: https://github.com/kennethmyhra Commit: https://github.com/SerenityOS/serenity/commit/b78ee64415 Pull-request: https://github.com/SerenityOS/serenity/pull/17764
|
@ -139,8 +139,8 @@ ErrorOr<void> HTMLFormElement::submit_form(JS::GCPtr<HTMLElement> submitter, boo
|
|||
LoadRequest request = LoadRequest::create_for_url_on_page(url, document().page());
|
||||
|
||||
if (effective_method == "post") {
|
||||
auto url_encoded_parameters_as_bytes = TRY(url_encode(parameters, AK::URL::PercentEncodeSet::ApplicationXWWWFormUrlencoded)).bytes();
|
||||
auto body = TRY(ByteBuffer::copy(url_encoded_parameters_as_bytes));
|
||||
auto url_encoded_parameters = TRY(url_encode(parameters, AK::URL::PercentEncodeSet::ApplicationXWWWFormUrlencoded));
|
||||
auto body = TRY(ByteBuffer::copy(url_encoded_parameters.bytes()));
|
||||
request.set_method("POST");
|
||||
request.set_header("Content-Type", "application/x-www-form-urlencoded");
|
||||
request.set_body(move(body));
|
||||
|
|
Loading…
Reference in a new issue