Closed Bug 1214651 Opened 10 years ago Closed 8 years ago

Consider removing innerHTML/outerHTML/insertAdjacentHTML usage in gaia::sms

Categories

(Firefox OS Graveyard :: Gaia::SMS, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::SMS
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: freddy, Unassigned)

References

Details

(Keywords: sec-want, wsec-xss)

Please see the hints in bug 1211384 about fixing these kinds of problems. The Firefox OS Security team is there to help you with any kind of question that you may have. You can reach out by setting the needinfo or sec-review flag to fxos@security.bugs Unsafe assignment to innerHTML: In apps/sms/views/conversation/js/attachment_renderer.js, line 134, column 9: > attachmentContainer.innerHTML = data.markup; In apps/sms/views/conversation/js/conversation.js, line 1343, column 9: > carrierTag.innerHTML = SharedComponents.phoneDetails( In apps/sms/views/conversation/js/conversation.js, line 1425, column 7: > this.headerText.innerHTML = contentL10n.html; In apps/sms/views/conversation/js/conversation.js, line 1480, column 9: > textElement.innerHTML = text; In apps/sms/views/conversation/js/conversation.js, line 1688, column 5: > messageDOM.innerHTML = this.tmpl.message.interpolate({ In apps/sms/views/conversation/js/information.js, line 151, column 3: > reportDiv.innerHTML = TMPL.report.interpolate(data); In apps/sms/views/conversation/js/information.js, line 495, column 11: > li.innerHTML = TMPL.number.interpolate({ In apps/sms/views/conversation/js/recipients.js, line 406, column 5: > clone.innerHTML = template.interpolate(new Recipient()); In apps/sms/views/conversation/js/recipients.js, line 509, column 7: > inner.innerHTML = html; In apps/sms/views/conversation/test/unit/conversation_test.js, line 264, column 7: > container.innerHTML = innerHTML; In apps/sms/views/conversation/test/unit/conversation_test.js, line 4204, column 9: > container.innerHTML = ConversationView.tmpl.message.interpolate({ In apps/sms/views/conversation/test/unit/conversation_test.js, line 6064, column 7: > tree.innerHTML = [ In apps/sms/views/conversation/test/unit/subject_composer_test.js, line 138, column 7: > input.innerHTML = content; In apps/sms/views/inbox/js/inbox.js, line 756, column 5: > li.innerHTML = this.tmpl.thread.interpolate({ In apps/sms/views/inbox/test/unit/inbox_test.js, line 105, column 5: > InboxView.container.innerHTML = markup; In apps/sms/views/shared/js/contact_renderer.js, line 275, column 7: > tempDiv.innerHTML = this.templates.main.interpolate(data, { In apps/sms/views/shared/test/unit/selection_handler_test.js, line 24, column 5: > container.innerHTML = innerHTML; In apps/sms/views/shared/test/unit/time_headers_test.js, line 60, column 7: > document.body.innerHTML = mockThreadListMarkup;
Summary: Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::tv → Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::sms
Sorry Freddy, this is not unsafe. All innerHTML (and the likes) calls that are not in test use the template.js library. This _is_ safe. I can agree that you'd like that we change how we do this, but let's not say wrong things.
Summary: Unsafe innerHTML/outerHTML/insertAdjacentHTML usage in gaia::sms → Consider removing innerHTML/outerHTML/insertAdjacentHTML usage in gaia::sms
I will stop tracking the bugs and this bug is unassigned. Closing WONTFIX.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.