Closed
Bug 162584
Opened 23 years ago
Closed 23 years ago
verify proper HTML escaping in about:cache
Categories
(Core :: Networking: Cache, defect)
Core
Networking: Cache
Tracking
()
RESOLVED
FIXED
People
(Reporter: darin.moz, Assigned: security-bugs)
References
()
Details
Attachments
(1 file)
|
993 bytes,
patch
|
gordon
:
review+
darin.moz
:
superreview+
|
Details | Diff | Splinter Review |
verify proper HTML escaping in about:cache.
from the cache security review notes:
"We URL escape the URLs we show in about:cache so <script> as part of URL is
not a problem. What about other fields in about:cache? We should also check
all fields if they are printable, and not try to show fields that aren't."
Key: http://adserver.theonering.net/images/orclegion_468x60.gif
Data size: 16820 Bytes
Fetch count: 1
Last Modified: Tue 15 Oct 2002 10:44:29 AM EDT
Expires: Thu 14 Nov 2002 09:44:29 AM EST
You say that Key is already escaped. The other fields don't need to be escaped.
Am I missing something or can this bug be closed?
Whiteboard: [sg:invalid?]
|
Reporter | |
Comment 2•23 years ago
|
||
about:cache-entry is the more interesting case, because it shows HTTP headers.
anyways, i think this is probably invalid because about:cache* does not have
chrome privileges.
|
Assignee | |
Comment 3•23 years ago
|
||
Even if it doesn't have chrome privileges, we should still double-check that all
the right escaping is happening. I'll do it.
Assignee: darin → mstoltz
Whiteboard: [sg:invalid?]
|
|
Assignee | |
Comment 4•23 years ago
|
||
We seem to be escaping in all the right places, except that we might want to not
linkify keys if they are javascript: or data: URLs. Gordon tells me that
javascript: and data: URLs are not currently used as cache keys, but for
safety's sake I think we should check for them so that this problem never
arises. Darin, what do you think? Is it worth checking for data: and javascript:
URLs in about:cache-entry?
|
|
Reporter | |
Comment 5•23 years ago
|
||
i can't think of a path that would cause javascript: and data: URLs to end up as
cache keys, although cache keys are not necessarily URLs. they are raw binary
data completely defined by the cache clients, so it is completely possible that
someone could (one day) use such strings as cache keys.
|
|
Assignee | |
Comment 6•23 years ago
|
||
Darin, Gordon, how do you feel about checking for javascript: and data: URLs,
just in case they're ever used as cache keys?
|
|
Assignee | |
Updated•23 years ago
|
Attachment #108561 -
Flags: superreview?(darin)
Attachment #108561 -
Flags: review?(gordon)
|
|
Reporter | |
Comment 7•23 years ago
|
||
Comment on attachment 108561 [details] [diff] [review]
Patch - don't linkify javascript: and data: cache keys
seems good, but can you through in a comment about why this is being done.
maybe reference this bug. thx!
Attachment #108561 -
Flags: superreview?(darin) → superreview+
Comment on attachment 108561 [details] [diff] [review]
Patch - don't linkify javascript: and data: cache keys
Great, thanks. r=gordon
Attachment #108561 -
Flags: review?(gordon) → review+
|
|
Assignee | |
Comment 9•23 years ago
|
||
Fix checked in.
Status: NEW → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 10•22 years ago
|
||
adding benc@netscape.com to CC list
|
||
Updated•22 years ago
|
Group: security
You need to log in
before you can comment on or make changes to this bug.
Description
•