Closed
Bug 506855
Opened 15 years ago
Closed 15 years ago
Data is not escaped before being printed in validator
Categories
(addons.mozilla.org Graveyard :: Admin/Editor Tools, defect)
addons.mozilla.org Graveyard
Admin/Editor Tools
Tracking
(Not tracked)
VERIFIED
FIXED
5.0.8
People
(Reporter: clouserw, Assigned: rjwalsh)
References
()
Details
Attachments
(2 files)
50.78 KB,
image/png
|
Details | |
6.97 KB,
patch
|
clouserw
:
review+
|
Details | Diff | Splinter Review |
This is a blocker/security bug. You can reproduce at https://preview.addons.mozilla.org/en-US/developers/versions/validate/38996 but I'm attaching a screenshot anyway. There are two issues. The first is that the pattern it's matching is empty (perhaps it's not escaped either?) and the second is that it's printing out the code from the file but not escaping it. In this case, an iframe. The source of that area of the page is:
<li class="warning">
<a href="https://preview.addons.mozilla.org/files/browse/22340/0/?start=chrome/content/aefirstpopup.xul">
chrome/content/aefirstpopup.xul (72)</a> :
Matched Pattern: "//i"
<div class="code">
<div class="line"> <separator class="thin"></separator> </div>
<div class="line target"> <iframe id="logbox" src="chrome://attachmentextractor/content/changelogloading.xul" height="300px" width="600px"></iframe> </div>
<div class="line"> </div>
</div>
</li>
Reporter | ||
Comment 1•15 years ago
|
||
We should have a unit test for this and double check the output of all the other functions too. This is a 5.0.8 blocker.
Assignee | ||
Comment 2•15 years ago
|
||
Attachment #391183 -
Flags: review?(clouserw)
Reporter | ||
Comment 3•15 years ago
|
||
Comment on attachment 391183 [details] [diff] [review]
Patch with fixes and tests
This fixes the bug for me, thanks.
Attachment #391183 -
Flags: review?(clouserw) → review+
Assignee | ||
Comment 4•15 years ago
|
||
Committed r30602
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•15 years ago
|
Group: client-services-security
Comment 5•15 years ago
|
||
Verified FIXED on https://preview.addons.mozilla.org/en-US/developers/versions/validate/38996 (by comparing to the screenshot).
Status: RESOLVED → VERIFIED
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•