Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content
This repository has been archived by the owner on Oct 8, 2021. It is now read-only.

Commit

Permalink
make sure the username and password in the url are encoded Fixes #4787
Browse files Browse the repository at this point in the history
  • Loading branch information
johnbender committed Aug 7, 2012
1 parent 38ae834 commit 75ba273
Showing 1 changed file with 19 additions and 4 deletions.
23 changes: 19 additions & 4 deletions js/jquery.mobile.navigation.js
Original file line number Diff line number Diff line change
Expand Up @@ -49,11 +49,26 @@ define( [
//
urlParseRE: /^(((([^:\/#\?]+:)?(?:(\/\/)((?:(([^:@\/#\?]+)(?:\:([^:@\/#\?]+))?)@)?(([^:\/#\?\]\[]+|\[[^\/\]@#?]+\])(?:\:([0-9]+))?))?)?)?((\/?(?:[^\/\?#]+\/+)*)([^\?#]*)))?(\?[^#]+)?)(#.*)?/,

// Abstraction to address xss (Issue #4787) in browsers that auto decode location.href
// All references to location.href should be replaced with a call to this method so
// that it can be dealt with properly here
// Abstraction to address xss (Issue #4787) in browsers that auto decode the username:pass
// portion of location.href. All references to location.href should be replaced with a call
// to this method so that it can be dealt with properly here
getLocation: function() {
return window.location.toString();
var uri = this.parseUrl( location.href ),
encodedUserPass = "";

if( uri.username ){
encodedUserPass = encodeURI( uri.username );
}

if( uri.password ){
encodedUserPass = encodedUserPass + ":" + encodeURI( uri.password );
}

if( encodedUserPass ){
encodedUserPass = encodedUserPass + "@";
}

return uri.protocol + "//" + encodedUserPass + uri.host + uri.pathname + uri.search + uri.hash;
},

parseLocation: function() {
Expand Down

0 comments on commit 75ba273

Please sign in to comment.