fergalmoran/ladybird
1
0
Fork 0
mirror of https://github.com/fergalmoran/ladybird.git synced 2025-12-25 10:48:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Do not discard String returned from url_encode() to avoid UAF

Browse Source 
This caused UAF since the string returned from url_encode() was
immediately discarded.

Co-authored-by: Luke Wilde <lukew@serenityos.org>
This commit is contained in:
Kenneth Myhra
2023-03-08 06:53:10 +01:00
committed by Linus Groh
parent 736f9f38ae
commit b78ee64415
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Userland/Libraries/LibWeb/HTML/HTMLFormElement.cpp
View File

@@ -139,8 +139,8 @@ ErrorOr<void> HTMLFormElement::submit_form(JS::GCPtr<HTMLElement> submitter, boo
LoadRequest request = LoadRequest::create_for_url_on_page(url, document().page());
if (effective_method == "post") {
auto url_encoded_parameters_as_bytes = TRY(url_encode(parameters, AK::URL::PercentEncodeSet::ApplicationXWWWFormUrlencoded)).bytes();
auto body = TRY(ByteBuffer::copy(url_encoded_parameters_as_bytes));
auto url_encoded_parameters = TRY(url_encode(parameters, AK::URL::PercentEncodeSet::ApplicationXWWWFormUrlencoded));
auto body = TRY(ByteBuffer::copy(url_encoded_parameters.bytes()));
request.set_method("POST");
request.set_header("Content-Type", "application/x-www-form-urlencoded");
request.set_body(move(body));