Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

make sure the username and password in the url are encoded Fixes #4787

  • Loading branch information...
commit 75ba273483074d56b4b930414ea5660f4a227989 1 parent 38ae834
John Bender johnbender authored
Showing with 19 additions and 4 deletions.
  1. +19 −4 js/jquery.mobile.navigation.js
23 js/jquery.mobile.navigation.js
View
@@ -49,11 +49,26 @@ define( [
//
urlParseRE: /^(((([^:\/#\?]+:)?(?:(\/\/)((?:(([^:@\/#\?]+)(?:\:([^:@\/#\?]+))?)@)?(([^:\/#\?\]\[]+|\[[^\/\]@#?]+\])(?:\:([0-9]+))?))?)?)?((\/?(?:[^\/\?#]+\/+)*)([^\?#]*)))?(\?[^#]+)?)(#.*)?/,
- // Abstraction to address xss (Issue #4787) in browsers that auto decode location.href
- // All references to location.href should be replaced with a call to this method so
- // that it can be dealt with properly here
+ // Abstraction to address xss (Issue #4787) in browsers that auto decode the username:pass
+ // portion of location.href. All references to location.href should be replaced with a call
+ // to this method so that it can be dealt with properly here
getLocation: function() {
- return window.location.toString();
+ var uri = this.parseUrl( location.href ),
+ encodedUserPass = "";
+
+ if( uri.username ){
+ encodedUserPass = encodeURI( uri.username );
+ }
+
+ if( uri.password ){
+ encodedUserPass = encodedUserPass + ":" + encodeURI( uri.password );
+ }
+
+ if( encodedUserPass ){
+ encodedUserPass = encodedUserPass + "@";
+ }
+
+ return uri.protocol + "//" + encodedUserPass + uri.host + uri.pathname + uri.search + uri.hash;
},
parseLocation: function() {
Please sign in to comment.
Something went wrong with that request. Please try again.