Closed
Bug 1214643
Opened 9 years ago
Closed 7 years ago
Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::clock
Categories
(Firefox OS Graveyard :: Gaia::Clock, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: freddy, Unassigned)
References
Details
(Keywords: sec-want, wsec-xss)
Please see the hints in bug 1211384 about fixing these kinds of problems. The Firefox OS Security team is there to help you with any kind of question that you may have. You can reach out by setting the needinfo or sec-review flag to fxos@security.bugs Unsafe assignment to innerHTML: In apps/clock/js/banner/main.js, line 62, column 7: > this.notice.innerHTML = this.tmpl.interpolate( In apps/clock/js/panels/alarm/alarm_list.js, line 103, column 5: > li.querySelector('.time').innerHTML = Utils.getLocalizedTimeHtml(d); In apps/clock/js/panels/alarm/clock_view.js, line 143, column 5: > this.dayDate.innerHTML = dateString; In apps/clock/js/panels/alarm/clock_view.js, line 167, column 5: > this.time.innerHTML = Utils.getLocalizedTimeHtml(d); In apps/clock/js/panels/alarm/main.js, line 13, column 3: > this.element.innerHTML = html; In apps/clock/js/panels/alarm_edit/main.js, line 20, column 3: > this.element.innerHTML = html; In apps/clock/js/panels/stopwatch/main.js, line 45, column 5: > this.element.innerHTML = html; In apps/clock/js/panels/stopwatch/main.js, line 256, column 5: > li.innerHTML = this.lapTemplate.interpolate(); In apps/clock/js/panels/timer/main.js, line 44, column 3: > element.innerHTML = html; In apps/clock/js/picker/spinner.js, line 129, column 5: > this.element.innerHTML = html; In apps/clock/js/ring_view.js, line 141, column 5: > this.time.innerHTML = Utils.getLocalizedTimeText(alert.time); In apps/clock/js/tmpl.js, line 9, column 9: > temp.innerHTML = text; In apps/clock/test/unit/form_button_test.js, line 124, column 7: > doc.innerHTML = ['<select id="vibrate-select"/>', In apps/clock/test/unit/form_button_test.js, line 161, column 7: > doc.innerHTML = ['<select id="repeat-select" multiple="true">', In apps/clock/test/unit/utils_test.js, line 26, column 7: > selectDOM.innerHTML = ['<option value="a">A</option>',
Reporter | ||
Updated•9 years ago
|
Summary: Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::tv → Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::clock
Reporter | ||
Comment 1•7 years ago
|
||
I will stop tracking the bugs and this bug is unassigned. Closing WONTFIX.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•