Skip to content
Permalink
Browse files Browse the repository at this point in the history
security: support for clean & safe error handling on IE 11
Added pad_utils sanitization for clean and safe error handling on browsers that
do not encode the path of the URL.

Edited by muxator based on #3647,
to be able to apply the patch on develop (the PR was for master), and perform
minor cleanups (mainly spurious statements).

Closes #3647.
  • Loading branch information
aaron-costello committed Oct 18, 2019
1 parent c65c5f1 commit 5879037
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion src/templates/pad.html
Expand Up @@ -361,6 +361,8 @@ <h2 data-l10n-id="pad.share.emebdcode"></h2>

<% e.begin_block("scripts"); %>
<script type="text/javascript">
var padutils = require('../static/js/pad_utils').padutils;

This comment has been minimized.

Copy link
@muxator

muxator Nov 24, 2019

Contributor

This code calls require() when it's still not defined. It will be loaded in the next <script> block, via:

<script type="text/javascript" src="../static/js/require-kernel.js"></script>

This ended up in 1.8.0-beta.1. If confirmed, this should be fixed (or reverted).

@aaron-costello, could you confirm & review?

This comment has been minimized.

Copy link
@aaron-costello

aaron-costello Nov 25, 2019

Author Contributor

@muxator I can confirm this, thanks for pointing this out.

PR made here: #3670


// @license magnet:?xt=urn:btih:8e4f440f4c65981c5bf93c76d35135ba5064d8b7&dn=apache-2.0.txt
(function() {
// Display errors on page load to the user
Expand All @@ -370,7 +372,7 @@ <h2 data-l10n-id="pad.share.emebdcode"></h2>
var box = document.getElementById('editorloadingbox');
box.innerHTML = '<p><b>An error occurred while loading the pad</b></p>'
+ '<p><b>'+msg+'</b> '
+ '<small>in '+ url +' (line '+ line +')</small></p>';
+ '<small>in '+ padutils.escapeHTML(url) +' (line '+ line +')</small></p>';
// call original error handler
if(typeof(originalHandler) == 'function') originalHandler.call(null, arguments);
};
Expand Down

0 comments on commit 5879037

Please sign in to comment.