Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

make sure the username and password in the url are encoded Fixes #4787

  • Loading branch information...
commit 3c38504f0d69fa1fd79892351dc4d8bafd8d36af 1 parent 141d8d1
@johnbender johnbender authored committed
Showing with 19 additions and 4 deletions.
  1. +19 −4 js/jquery.mobile.navigation.js
View
23 js/jquery.mobile.navigation.js
@@ -49,11 +49,26 @@ define( [
//
urlParseRE: /^(((([^:\/#\?]+:)?(?:(\/\/)((?:(([^:@\/#\?]+)(?:\:([^:@\/#\?]+))?)@)?(([^:\/#\?\]\[]+|\[[^\/\]@#?]+\])(?:\:([0-9]+))?))?)?)?((\/?(?:[^\/\?#]+\/+)*)([^\?#]*)))?(\?[^#]+)?)(#.*)?/,
- // Abstraction to address xss (Issue #4787) in browsers that auto decode location.href
- // All references to location.href should be replaced with a call to this method so
- // that it can be dealt with properly here
+ // Abstraction to address xss (Issue #4787) in browsers that auto decode the username:pass
+ // portion of location.href. All references to location.href should be replaced with a call
+ // to this method so that it can be dealt with properly here
getLocation: function() {
- return window.location.toString();
+ var uri = this.parseUrl( location.href ),
+ encodedUserPass = "";
+
+ if( uri.username ){
+ encodedUserPass = encodeURI( uri.username );
+ }
+
+ if( uri.password ){
+ encodedUserPass = encodedUserPass + ":" + encodeURI( uri.password );
+ }
+
+ if( encodedUserPass ){
+ encodedUserPass = encodedUserPass + "@";
+ }
+
+ return uri.protocol + "//" + encodedUserPass + uri.host + uri.pathname + uri.search + uri.hash;
},
parseLocation: function() {
Please sign in to comment.
Something went wrong with that request. Please try again.