Closed Bug 1214635 Opened 10 years ago Closed 9 years ago

Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::keyboard

Categories

(Firefox OS Graveyard :: Gaia::Keyboard, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Keyboard
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: freddy, Unassigned)

References

Details

(Keywords: sec-want, wsec-xss)

Please see the hints in bug 1211384 about fixing these kinds of problems. The Firefox OS Security team is there to help you with any kind of question that you may have. You can reach out by setting the needinfo or sec-review flag to fxos@security.bugs Unsafe assignment to innerHTML: In apps/keyboard/build/settings-config.js, line 61, column 5: > domDoc.getElementById('general-container').innerHTML += hwContent; In apps/keyboard/build/settings-config.js, line 72, column 5: > domDoc.querySelector('#general-container #general-settings ul').innerHTML += In apps/keyboard/js/imes/jspinyin/tests/init.js, line 103, column 3: > p.innerHTML = loggerTime + ' : ' + msg; In apps/keyboard/js/views/emoji_key_view.js, line 22, column 3: > contentNode.innerHTML = this.options.outputChar || In apps/keyboard/js/views/key_view.js, line 115, column 3: > labelNode.innerHTML = this.outputChar; In apps/keyboard/js/views/key_view.js, line 124, column 3: > labelNode.innerHTML = this.altOutputChar || this.outputChar; In apps/keyboard/js/views/key_view.js, line 131, column 3: > labelNode.innerHTML = this.outputChar; In apps/keyboard/js/views/key_view.js, line 136, column 3: > labelNode.innerHTML = this.target.lowercaseValue;
Summary: Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::tv → Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::keyboard
Thanks for filing, want to ask you if these are something really need to be fixed: (In reply to Frederik Braun [:freddyb] from comment #0) > Please see the hints in bug 1211384 about fixing these kinds of problems. > The Firefox OS Security team is there to help you with any kind of question > that you may have. You can reach out by setting the needinfo or sec-review > flag to fxos@security.bugs > > Unsafe assignment to innerHTML: > In apps/keyboard/build/settings-config.js, line 61, column 5: > > domDoc.getElementById('general-container').innerHTML += hwContent; > In apps/keyboard/build/settings-config.js, line 72, column 5: > > domDoc.querySelector('#general-container #general-settings ul').innerHTML += Do we consider build script that parse and extracts HTML from innerHTML unsafe? If not I will ignore this. > In apps/keyboard/js/imes/jspinyin/tests/init.js, line 103, column 3: > > p.innerHTML = loggerTime + ' : ' + msg; This is test code not being run. Is this consider a security risk?
Flags: needinfo?(fbraun)
The bugs were generated automatically and my filter must have caught some test files. Tests and build scripts do not pose a security risk at all and can be considered optional ;)
Flags: needinfo?(fbraun)
I will stop tracking the bugs and this bug is unassigned. Closing WONTFIX.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.