Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Merge pull request #7240 from vingtetun/822232-v2

Bug 822232 - XSS in System App Error page
  • Loading branch information...
commit 85b6f11cda451d5d5e66aef344a40592d970a4b6 2 parents cec87e8 + c768c43
vingtetun authored December 28, 2012
4  apps/homescreen/js/bookmark.js
@@ -59,6 +59,10 @@ var BookmarkEditor = {
59 59
   },
60 60
 
61 61
   save: function bookmarkEditor_save() {
  62
+    // Only allow http(s): urls to be bookmarked.
  63
+    if (/^https?:/.test(this.bookmarkUrl.value) == false)
  64
+      return;
  65
+
62 66
     this.data.name = this.bookmarkTitle.value;
63 67
     this.data.bookmarkURL = this.bookmarkUrl.value;
64 68
 
3  apps/homescreen/manifest.webapp
@@ -37,7 +37,8 @@
37 37
   "activities": {
38 38
     "save-bookmark": {
39 39
       "filters": {
40  
-        "type": "url"
  40
+        "type": "url",
  41
+        "url": { "required":true, "regexp":"/^https?:/" }
41 42
       },
42 43
       "disposition": "inline",
43 44
       "href": "/save-bookmark.html",
5  apps/system/js/error.js
... ...
@@ -1,4 +1,9 @@
  1
+
1 2
 function reloadWindow(url) {
  3
+  // This can be a malicious script. See bug 822232.
  4
+  if (/^https?:/.test(url) == false) {
  5
+    return;
  6
+
2 7
   document.location.replace(url);
3 8
 }
4 9
 

0 notes on commit 85b6f11

Please sign in to comment.
Something went wrong with that request. Please try again.