Permalink
Browse files

make sure the username and password in the url are encoded Fixes #4787

  • Loading branch information...
johnbender committed Aug 7, 2012
1 parent 38ae834 commit 75ba273483074d56b4b930414ea5660f4a227989
Showing with 19 additions and 4 deletions.
  1. +19 −4 js/jquery.mobile.navigation.js
@@ -49,11 +49,26 @@ define( [
//
urlParseRE: /^(((([^:\/#\?]+:)?(?:(\/\/)((?:(([^:@\/#\?]+)(?:\:([^:@\/#\?]+))?)@)?(([^:\/#\?\]\[]+|\[[^\/\]@#?]+\])(?:\:([0-9]+))?))?)?)?((\/?(?:[^\/\?#]+\/+)*)([^\?#]*)))?(\?[^#]+)?)(#.*)?/,
// Abstraction to address xss (Issue #4787) in browsers that auto decode location.href
// All references to location.href should be replaced with a call to this method so
// that it can be dealt with properly here
// Abstraction to address xss (Issue #4787) in browsers that auto decode the username:pass
// portion of location.href. All references to location.href should be replaced with a call
// to this method so that it can be dealt with properly here
getLocation: function() {
return window.location.toString();
var uri = this.parseUrl( location.href ),
encodedUserPass = "";
if( uri.username ){
encodedUserPass = encodeURI( uri.username );
}
if( uri.password ){
encodedUserPass = encodedUserPass + ":" + encodeURI( uri.password );
}
if( encodedUserPass ){
encodedUserPass = encodedUserPass + "@";
}
return uri.protocol + "//" + encodedUserPass + uri.host + uri.pathname + uri.search + uri.hash;
},
parseLocation: function() {

0 comments on commit 75ba273

Please sign in to comment.