Closed
Bug 1214631
Opened 9 years ago
Closed 7 years ago
Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::shared
Categories
(Firefox OS Graveyard :: Gaia::Shared, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: freddy, Unassigned)
References
Details
(Keywords: sec-want, wsec-xss)
Please see the hints in bug 1211384 about fixing these kinds of problems. The Firefox OS Security team is there to help you with any kind of question that you may have. You can reach out by setting the needinfo or sec-review flag to fxos@security.bugs Unsafe assignment to innerHTML: In shared/elements/gaia-header/dist/gaia-header.js, line 168, column 5: > props.template.innerHTML = output.template; In shared/elements/gaia-header/dist/gaia-header.js, line 424, column 3: > style.innerHTML = css.trim(); In shared/elements/gaia-header/dist/gaia-header.js, line 465, column 3: > el.lightStyle.innerHTML = el.lightCss; In shared/elements/gaia-theme/lib/gaia-theme-selector.js, line 12, column 3: > this.createShadowRoot().innerHTML = template; In shared/elements/gaia_grid/script.js, line 248, column 3: > template.innerHTML = `<style scoped> In shared/elements/gaia_sim_picker/script.js, line 23, column 5: > shadow.innerHTML = template; In shared/elements/gaia_textinput/script.js, line 63, column 3: > template.innerHTML = `<style scoped> In shared/js/component_utils.js, line 21, column 7: > style.innerHTML = '@import url(' + url + ');'; In shared/js/contacts/search.js, line 196, column 7: > textNode.innerHTML = doHighlight(Normalizer.unescapeHTML(text)); In shared/js/contacts/search.js, line 202, column 7: > textNode.innerHTML = result.join(''); In shared/js/contacts/utilities/templates.js, line 219, column 7: > newElem.innerHTML = ninner; In shared/js/homescreens/confirm_dialog_helper.js, line 32, column 7: > wrapper.innerHTML = In shared/js/html_imports.js, line 27, column 9: > elementRoot.innerHTML = content; In shared/js/html_imports.js, line 39, column 13: > el.innerHTML = elementTemplates[el.getAttribute('is')]; In shared/js/l10n.js, line 1969, column 9: > translation.innerHTML = value; In shared/js/l20n.js, line 122, column 11: > tmpl.innerHTML = value; In shared/js/lazy_loader.js, line 55, column 11: > domNode.innerHTML = domNode.childNodes[i].nodeValue; In shared/js/smart-screen/shared_utils.js, line 29, column 7: > style.innerHTML = '@import url(' + url + ');'; In shared/js/template.js, line 160, column 9: > template.innerHTML = this.toString(); In shared/js/utilities.js, line 145, column 5: > span.innerHTML = span.innerHTML.replace(/\s/g, ' '); In shared/test/unit/load_body_html_helper.js, line 38, column 3: > document.body.innerHTML = bodyHTML[filename];
Reporter | ||
Updated•9 years ago
|
Summary: Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::tv → Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::shared
Comment 1•9 years ago
|
||
If I'm not mistaken, l20n.js and l10n.js cases are both sanitized internally by our library. NI'ing :stas to verify if we need to do anything here.
Flags: needinfo?(stas)
Reporter | ||
Comment 2•7 years ago
|
||
I will stop tracking the bugs and this bug is unassigned. Closing WONTFIX.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(stas)
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•