Skip to content
This repository
Browse code

make sure the username and password in the url are encoded Fixes #4787

  • Loading branch information...
commit 75ba273483074d56b4b930414ea5660f4a227989 1 parent 38ae834
John Bender authored August 07, 2012

Showing 1 changed file with 19 additions and 4 deletions. Show diff stats Hide diff stats

  1. 23  js/jquery.mobile.navigation.js
23  js/jquery.mobile.navigation.js
@@ -49,11 +49,26 @@ define( [
49 49
 			//
50 50
 			urlParseRE: /^(((([^:\/#\?]+:)?(?:(\/\/)((?:(([^:@\/#\?]+)(?:\:([^:@\/#\?]+))?)@)?(([^:\/#\?\]\[]+|\[[^\/\]@#?]+\])(?:\:([0-9]+))?))?)?)?((\/?(?:[^\/\?#]+\/+)*)([^\?#]*)))?(\?[^#]+)?)(#.*)?/,
51 51
 
52  
-			// Abstraction to address xss (Issue #4787) in browsers that auto decode location.href
53  
-			// All references to location.href should be replaced with a call to this method so
54  
-			// that it can be dealt with properly here
  52
+			// Abstraction to address xss (Issue #4787) in browsers that auto decode the username:pass
  53
+			// portion of location.href. All references to location.href should be replaced with a call
  54
+			// to this method so that it can be dealt with properly here
55 55
 			getLocation: function() {
56  
-				return window.location.toString();
  56
+				var uri = this.parseUrl( location.href ),
  57
+					encodedUserPass = "";
  58
+
  59
+				if( uri.username ){
  60
+					encodedUserPass = encodeURI( uri.username );
  61
+				}
  62
+
  63
+				if( uri.password  ){
  64
+					encodedUserPass = encodedUserPass + ":" + encodeURI( uri.password );
  65
+				}
  66
+
  67
+				if( encodedUserPass ){
  68
+					encodedUserPass = encodedUserPass + "@";
  69
+				}
  70
+
  71
+				return uri.protocol + "//" + encodedUserPass + uri.host + uri.pathname + uri.search + uri.hash;
57 72
 			},
58 73
 
59 74
 			parseLocation: function() {

0 notes on commit 75ba273

Please sign in to comment.
Something went wrong with that request. Please try again.