Permalink
Browse files

Bug 822232 - XSS in System App Error page

  • Loading branch information...
1 parent afbf700 commit c768c43b0c3fc752f073a56e51878e314c1d89c0 @vingtetun vingtetun committed Dec 28, 2012
Showing with 11 additions and 1 deletion.
  1. +4 −0 apps/homescreen/js/bookmark.js
  2. +2 −1 apps/homescreen/manifest.webapp
  3. +5 −0 apps/system/js/error.js
@@ -59,6 +59,10 @@ var BookmarkEditor = {
},
save: function bookmarkEditor_save() {
+ // Only allow http(s): urls to be bookmarked.
+ if (/^https?:/.test(this.bookmarkUrl.value) == false)
+ return;
+
this.data.name = this.bookmarkTitle.value;
this.data.bookmarkURL = this.bookmarkUrl.value;
@@ -37,7 +37,8 @@
"activities": {
"save-bookmark": {
"filters": {
- "type": "url"
+ "type": "url",
+ "url": { "required":true, "regexp":"/^https?:/" }
},
"disposition": "inline",
"href": "/save-bookmark.html",
@@ -1,4 +1,9 @@
+
function reloadWindow(url) {
+ // This can be a malicious script. See bug 822232.
+ if (/^https?:/.test(url) == false) {
+ return;
+
document.location.replace(url);
}

0 comments on commit c768c43

Please sign in to comment.