Closed Bug 1163553 Opened 10 years ago Closed 10 years ago

[Stingray][Smart-System] Remove escapeHTML function to prevent double sanitizing

Categories

(Firefox OS Graveyard :: Gaia::TV::System, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: suchiu, Assigned: suchiu)

References

Details

(Keywords: sec-high, wsec-xss, Whiteboard: stingray-picked(2015/5/19) [b2g-adv-main2.2-])

Attachments

(1 file)

Since we have changed innerHTML to textContent, escapeHTML function can be removed to prevent sanitizing message twice. See https://github.com/mozilla-b2g/gaia/blob/master/tv_apps/smart-system/js/app_modal_dialog.js#L302.
Comment on attachment 8604041 [details] [review] [gaia] sean2449:Bug-1163553-remove-escapeHTML > mozilla-b2g:master Remove escapeHTML function.
Attachment #8604041 - Flags: review?(im)
Comment on attachment 8604041 [details] [review] [gaia] sean2449:Bug-1163553-remove-escapeHTML > mozilla-b2g:master looks good to me.
Attachment #8604041 - Flags: review?(im) → review+
Keywords: checkin-needed
Keywords: checkin-needed
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Whiteboard: stingray-picked(2015/5/19)
Whiteboard: stingray-picked(2015/5/19) → stingray-picked(2015/5/19) [b2g-adv-main2.2-]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: