Closed
Bug 938111
Opened 11 years ago
Closed 11 years ago
Purge the developer tools of innerHTML: Editor - openDialog codemirror extension
Categories
(DevTools :: General, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
Firefox 28
People
(Reporter: mgoodwin, Assigned: anton)
References
Details
(Keywords: sec-want)
Attachments
(1 file, 1 obsolete file)
|
3.18 KB,
patch
|
anton
:
review+
|
Details | Diff | Splinter Review |
CodeMirror manages to completely avoid use of innerHTML (yay!) but our openDialog extension doesn't. This is unfortunate as, whilst this is not exploitable at present, the use of innerHTML now is a common cause of vulnerability later.
See: https://mxr.mozilla.org/mozilla-central/source/browser/devtools/sourceeditor/codemirror/dialog/dialog.js#13
|
Reporter | |
Updated•11 years ago
|
Assignee: nobody → anton
|
Assignee | |
Updated•11 years ago
|
Priority: -- → P2
|
|
Assignee | |
Comment 1•11 years ago
|
||
Opened a pull request for the proposed change: https://github.com/marijnh/CodeMirror/pull/1963. Depending on the response, I'll either pull the latest version of CM3 into the tree or modify dialog addon and update READMEs. After that, it's super easy to update extensions that rely on this addon (only search and jump to line AFAIK).
|
|
Assignee | |
Comment 2•11 years ago
|
||
This patch imports my patch to CodeMirror [1] and changes jumpToLine and search functionality to use DOM nodes instead of innerHTML. It doesn't touch replace dialogs because we don't use them.
[1] https://github.com/marijnh/CodeMirror/pull/1963
Attachment #8335581 -
Flags: review?(fayearthur)
|
||
Comment 3•11 years ago
|
||
Comment on attachment 8335581 [details] [diff] [review]
WIP 1
Review of attachment 8335581 [details] [diff] [review]:
-----------------------------------------------------------------
::: browser/devtools/sourceeditor/codemirror/search/search.js
@@ +53,5 @@
> + let txt = doc.createTextNode(cm.l10n("findCmd.promptMessage"));
> +
> + inp.type = "text";
> + inp.style.width = "10em";
> + inp.style.marginLeft = "1em";
marginLeft -> mozMarginStart
::: browser/devtools/sourceeditor/editor.js
@@ +627,5 @@
> + let txt = doc.createTextNode(L10N.GetStringFromName("gotoLineCmd.promptTitle"));
> +
> + inp.type = "text";
> + inp.style.width = "10em";
> + inp.style.marginLeft = "1em";
mozMarginStart
Attachment #8335581 -
Flags: review?(fayearthur) → review+
|
|
Assignee | |
Comment 4•11 years ago
|
||
Attachment #8335581 -
Attachment is obsolete: true
Attachment #8335604 -
Flags: review+
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: [fixed-in-fx-team]
|
|
Assignee | |
Updated•11 years ago
|
Status: NEW → ASSIGNED
|
||
Comment 5•11 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: [fixed-in-fx-team]
Target Milestone: --- → Firefox 28
|
||
Updated•7 years ago
|
Product: Firefox → DevTools
You need to log in
before you can comment on or make changes to this bug.
Description
•