[epiphany/mcatanzaro/regressions: 2/3] about-handler: don't encode app ID (or install date)
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/mcatanzaro/regressions: 2/3] about-handler: don't encode app ID (or install date)
- Date: Mon, 20 Dec 2021 17:03:33 +0000 (UTC)
commit 6ef089593539cab996a80bc856c34dc09231b545
Author: Michael Catanzaro <mcatanzaro redhat com>
Date: Mon Dec 20 10:53:09 2021 -0600
about-handler: don't encode app ID (or install date)
We are overencoding here. Epiphany is not prepared to handle the encoded
app ID, and it is not necessary to encode in the first place because the
app ID is trusted to be a valid GApplication ID, which cannot contain
nasty characters.
However, encoding the URLs here really is necessary, because they really
could contain nasty content.
Fixes #1665
embed/ephy-about-handler.c | 21 +++++++++------------
1 file changed, 9 insertions(+), 12 deletions(-)
---
diff --git a/embed/ephy-about-handler.c b/embed/ephy-about-handler.c
index 4e570d473..1e4ecec39 100644
--- a/embed/ephy-about-handler.c
+++ b/embed/ephy-about-handler.c
@@ -264,28 +264,25 @@ handle_applications_finished_cb (EphyAboutHandler *handler,
for (p = applications; p; p = p->next) {
EphyWebApplication *app = (EphyWebApplication *)p->data;
- g_autofree char *html_encoded_id = NULL;
g_autofree char *encoded_icon_url = NULL;
g_autofree char *encoded_name = NULL;
g_autofree char *encoded_url = NULL;
g_autofree char *js_encoded_id = NULL;
- g_autofree char *encoded_install_date = NULL;
if (ephy_web_application_is_system (app))
continue;
- /* Most of these fields are untrusted. The web app suggests its own title,
- * which gets used in the app ID and icon URL. The main URL could contain
- * anything. Install date is the only trusted field here in that it's
- * constructed by Epiphany, but it's a freeform string and we're encoding
- * everything else here anyway, so might as well encode this too.
+ /* Most of these fields are at least semi-trusted. The web app suggests
+ * its own title, which gets used in the app ID and icon URL, but it ought
+ * to be safe because we validate that it is a valid component of a
+ * GApplication ID, which should not permit anything nasty. Then the main
+ * URL could contain contain anything at all, so that needs to be encoded
+ * for sure. Install date should be fine because it's constructed b
+ * Epiphany.
*/
- html_encoded_id = ephy_encode_for_html_attribute (app->id);
encoded_icon_url = ephy_encode_for_html_attribute (app->icon_url);
encoded_name = ephy_encode_for_html_entity (app->name);
encoded_url = ephy_encode_for_html_entity (app->url);
- js_encoded_id = ephy_encode_for_javascript (app->id);
- encoded_install_date = ephy_encode_for_html_entity (app->install_date);
g_string_append_printf (data_str,
"<tbody><tr id =\"%s\">"
"<td class=\"icon\"><img width=64 height=64 src=\"file://%s\"></img></td>"
@@ -293,9 +290,9 @@ handle_applications_finished_cb (EphyAboutHandler *handler,
"<td class=\"input\"><input type=\"button\" value=\"%s\"
onclick=\"deleteWebApp('%s');\" "
"class=\"destructive-action\"></td>"
"<td class=\"date\">%s <br /> %s</td></tr></tbody>",
- html_encoded_id, encoded_icon_url, encoded_name, encoded_url, _("Delete"),
js_encoded_id,
+ app->id, encoded_icon_url, encoded_name, encoded_url, _("Delete"), app->id,
/* Note for translators: this refers to the installation date. */
- _("Installed on:"), encoded_install_date);
+ _("Installed on:"), app->install_date);
}
g_string_append (data_str, "</table></div></body></html>");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
