Closed Bug 1607097 Opened 4 years ago Closed 3 years ago

HTML tags are interpreted in a topic change message

Categories

(Chat Core :: IRC, defect)

Product:
Chat Core
Component:
IRC
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(thunderbird_esr68 fixed)

Status:
RESOLVED FIXED
Milestone:
Instantbird 77
Tracking Flags:
Tracking Status
thunderbird_esr68 --- fixed

People

(Reporter: dpb, Assigned: clokep)

References

Details

Attachments

(1 file, 1 obsolete file)

Patch with author
1017 bytes, patch
clokep
: review+
wsmwk
: approval-comm-esr68+
Details | Diff | Splinter Review

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0

Steps to reproduce:

Enter the command "/topic a <b> c" in an IRC channel where you have ops.

Actual results:

Thunderbird prints the following message:

SpecLad изменил тему на: a c. ("SpecLad changed the topic to: a c.")

The letter "c" is printed in bold.

The same display error happens with the topic message you get when you enter the channel.

Expected results:

The topic should be printed as-is, i.e.:

SpecLad изменил тему на: a <b> c.

Component: Instant Messaging → IRC
Product: Thunderbird → Chat Core

The topic seems to be set correctly, it's only the system message displayed in the conversation that's incorrect.

Yes, this is about the message.

Attached patch Patch v1 (obsolete) — Splinter Review

We have two pieces of code:

  1. ctcpFormatToText: strips out the CTCP formatting of messages (and returns plain text).
  2. ctcpFormatToHTML: converts the CTCP formatting into the appropriate HTML tags.

Both of these should have been FIRST escaping HTML in the input string, but ctcpFormatToText was not doing this.

Assignee: nobody → clokep
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Attachment #9143792 - Flags: review?(nhnt11)
Comment on attachment 9143792 [details] [diff] [review]
Patch v1

Review of attachment 9143792 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM.
Attachment #9143792 - Flags: review?(nhnt11) → review+

I failed to include author info in my first patch. This is the same patch, including the previous review status.

Attachment #9143792 - Attachment is obsolete: true
Attachment #9145059 - Flags: review+
Keywords: checkin-needed-tb

Pushed by thunderbird@calypsoblue.org:
https://hg.mozilla.org/comm-central/rev/afa946f9ac2e
Do not interpret HTML tags in IRC topic messages. r=nhnt11

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED
Target Milestone: --- → Instantbird 77
Comment on attachment 9145059 [details] [diff] [review]
Patch with author

[Approval Request Comment]
Regression caused by (bug #): Not a regression.
User impact if declined: If a declined a malicious actor can add HTML to a topic in an IRC conversation and show odd content. It shouldn't cause any security issues since the HTML should be cleaned, but is likely an abuse vector.
Testing completed (on c-c, etc.): This has been out since 77 betas without any issues.
Risk to taking this patch (and alternatives if risky): Topic messages might be broken for IRC.
Attachment #9145059 - Flags: approval-comm-esr68?
Comment on attachment 9145059 [details] [diff] [review]
Patch with author

[Triage Comment]
Thanks for the assessment.  Approved for esr
Attachment #9145059 - Flags: approval-comm-esr68? → approval-comm-esr68+
Regressions: 1644024
You need to log in before you can comment on or make changes to this bug.