-
Notifications
You must be signed in to change notification settings - Fork 400
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URL hyperlinking problems with null byte #372
Comments
Yeah, there is a bigger issue here with handling unicode in the regex. PR is: #302 |
special
added a commit
to special/ricochet
that referenced
this issue
Apr 14, 2016
When formatting links to be displayed in messages, using repeated calls to QString::arg() will interpret '%0' and similar in the URL as a placeholder, resulting in the link not being properly formatted. Depending on the value, this can either result in a broken URL when copied to the clipboard (ricochet-im#403), or the URL being displayed with a label of just '%2' (ricochet-im#372). This cannot be used to mislabel links, and there is no printf-style format vulnerability with QString::arg. There is no security impact.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
if you send the following message, it will break string parsing:
http://www.test.com/?a=%00
resulting in a message with just '%2' being delivered, but ultimately linking to test.com
The text was updated successfully, but these errors were encountered: