Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::p2p sharing

RESOLVED WONTFIX

Status

Firefox OS
Gaia::P2P Sharing
RESOLVED WONTFIX
2 years ago
9 months ago

People

(Reporter: freddyb, Unassigned)

Tracking

({sec-want, wsec-xss})

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 years ago
Please see the hints in bug 1211384 about fixing these kinds of problems.
The Firefox OS Security team is there to help you with any kind of question that you may have. You can reach out by setting the needinfo or sec-review flag to fxos@security.bugs

Unsafe assignment to innerHTML:
In distros/spark/apps/sharing/components/fxos-dev-mode-dialog/fxos-dev-mode-dialog.js, line 108, column 3:
> this.shadow.innerHTML = template;
In distros/spark/apps/sharing/components/fxos-mvc/dist/mvc.js, line 1467, column 7:
> this.el.innerHTML = this.layout(innerHTML);
In distros/spark/apps/sharing/components/fxos-mvc/mvc.js, line 102, column 5:
> this.el.innerHTML = this.layout(innerHTML);
In distros/spark/apps/sharing/components/gaia-header/dist/gaia-header-es5.js, line 205, column 15:
> props.template.innerHTML = output.template;
In distros/spark/apps/sharing/components/gaia-header/dist/gaia-header-es5.js, line 472, column 13:
> style.innerHTML = css.trim();
In distros/spark/apps/sharing/components/gaia-header/dist/gaia-header-es5.js, line 515, column 13:
> el.lightStyle.innerHTML = el.lightCss;
In distros/spark/apps/sharing/components/gaia-header/dist/gaia-header.js, line 168, column 5:
> props.template.innerHTML = output.template;
In distros/spark/apps/sharing/components/gaia-header/dist/gaia-header.js, line 424, column 3:
> style.innerHTML = css.trim();
In distros/spark/apps/sharing/components/gaia-header/dist/gaia-header.js, line 465, column 3:
> el.lightStyle.innerHTML = el.lightCss;
In distros/spark/apps/sharing/components/gaia-theme/lib/gaia-theme-selector.js, line 12, column 3:
> this.createShadowRoot().innerHTML = template;
In distros/spark/apps/sharing/js/views/progress_dialog_view.js, line 39, column 7:
> this.el.innerHTML = "\n      <p>Successfully downloaded " + app.manifest.name + "!</p>\n    ";
In distros/spark/apps/sharing/js/views/progress_dialog_view.js, line 45, column 7:
> (code snippet omitted for brevity)
In distros/spark/apps/sharing/js/views/templates/composite.js, line 30, column 9:
> header.innerHTML = "<h1>" + options.header.title + "</h1>";
(Reporter)

Updated

2 years ago
Summary: Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::tv → Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::p2p sharing
(Reporter)

Comment 1

9 months ago
I will stop tracking the bugs and this bug is unassigned. Closing WONTFIX.
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.