Closed
Bug 1163553
Opened 10 years ago
Closed 10 years ago
[Stingray][Smart-System] Remove escapeHTML function to prevent double sanitizing
Categories
(Firefox OS Graveyard :: Gaia::TV::System, defect)
Firefox OS Graveyard
Gaia::TV::System
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: suchiu, Assigned: suchiu)
References
Details
(Keywords: sec-high, wsec-xss, Whiteboard: stingray-picked(2015/5/19) [b2g-adv-main2.2-])
Attachments
(1 file)
Since we have changed innerHTML to textContent, escapeHTML function can be removed to prevent sanitizing message twice.
See https://github.com/mozilla-b2g/gaia/blob/master/tv_apps/smart-system/js/app_modal_dialog.js#L302.
Comment 1•10 years ago
|
||
Assignee | ||
Comment 2•10 years ago
|
||
Comment on attachment 8604041 [details] [review]
[gaia] sean2449:Bug-1163553-remove-escapeHTML > mozilla-b2g:master
Remove escapeHTML function.
Attachment #8604041 -
Flags: review?(im)
Comment 3•10 years ago
|
||
Comment on attachment 8604041 [details] [review]
[gaia] sean2449:Bug-1163553-remove-escapeHTML > mozilla-b2g:master
looks good to me.
Attachment #8604041 -
Flags: review?(im) → review+
Assignee | ||
Updated•10 years ago
|
Keywords: checkin-needed
Updated•10 years ago
|
Keywords: checkin-needed
Comment 4•10 years ago
|
||
Pull request has landed in master: https://github.com/mozilla-b2g/gaia/commit/9fcc7028707f28aeffeafc62afa3827983ec671f
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•10 years ago
|
Whiteboard: stingray-picked(2015/5/19) → stingray-picked(2015/5/19) [b2g-adv-main2.2-]
You need to log in
before you can comment on or make changes to this bug.
Description
•