Closed Bug 1214648 Opened 10 years ago Closed 9 years ago

Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::settings

Categories

(Firefox OS Graveyard :: Gaia::Settings, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Settings
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(tracking-b2g:backlog)

Status:
RESOLVED WONTFIX
Project Flags:
tracking-b2g backlog

People

(Reporter: freddy, Unassigned)

References

Details

(Keywords: sec-want, wsec-xss)

Please see the hints in bug 1211384 about fixing these kinds of problems. The Firefox OS Security team is there to help you with any kind of question that you may have. You can reach out by setting the needinfo or sec-review flag to fxos@security.bugs Unsafe assignment to innerHTML: In apps/settings/js/modules/messaging.js, line 196, column 13: > containerNode.innerHTML = html; In apps/settings/js/panels/frame/panel.js, line 67, column 9: > span.innerHTML = span.innerHTML.replace(/\n/g, '<br/>'); In apps/settings/js/panels/languages/languages.js, line 21, column 11: > option.innerHTML = LanguageList.wrapBidi(lang, languages[lang]); In apps/settings/js/panels/simcard_manager/simcard_manager.js, line 296, column 7: > this._elements.simCardContainer.innerHTML = simItemHTMLs.join(''); In apps/settings/js/panels/simpin/simpin.js, line 80, column 7: > this._elements.simPinContainer.innerHTML = simPinHTMLs.join('');
Summary: Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::tv → Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::settings
Is this something being planned? Thanks.
Flags: needinfo?(gasolin)
Thanks freddy & tim, put it in backlog so we can manage time to work on it.
tracking-b2g: --- → backlog
Flags: needinfo?(gasolin)
I will stop tracking the bugs and this bug is unassigned. Closing WONTFIX.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.