[epiphany/mcatanzaro/regressions: 2/3] about-handler: don't encode app ID (or install date)
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/mcatanzaro/regressions: 2/3] about-handler: don't encode app ID (or install date)
- Date: Mon, 20 Dec 2021 17:25:22 +0000 (UTC)
commit d5b823d3506c2567f5a7daf51690550bfc584068
Author: Michael Catanzaro <mcatanzaro redhat com>
Date: Mon Dec 20 10:53:09 2021 -0600
about-handler: don't encode app ID (or install date)
We are overencoding here. Epiphany is not prepared to handle the encoded
app ID, and it is not necessary to encode in the first place because the
app ID is trusted to be a valid GApplication ID, which cannot contain
nasty characters.
However, encoding the URLs here really is necessary, because they really
could contain nasty content.
Fixes #1665
embed/ephy-about-handler.c | 23 +++++++++++------------
1 file changed, 11 insertions(+), 12 deletions(-)
---
diff --git a/embed/ephy-about-handler.c b/embed/ephy-about-handler.c
index 4e570d473..9abfe65fc 100644
--- a/embed/ephy-about-handler.c
+++ b/embed/ephy-about-handler.c
@@ -264,28 +264,27 @@ handle_applications_finished_cb (EphyAboutHandler *handler,
for (p = applications; p; p = p->next) {
EphyWebApplication *app = (EphyWebApplication *)p->data;
- g_autofree char *html_encoded_id = NULL;
g_autofree char *encoded_icon_url = NULL;
g_autofree char *encoded_name = NULL;
g_autofree char *encoded_url = NULL;
g_autofree char *js_encoded_id = NULL;
- g_autofree char *encoded_install_date = NULL;
if (ephy_web_application_is_system (app))
continue;
- /* Most of these fields are untrusted. The web app suggests its own title,
- * which gets used in the app ID and icon URL. The main URL could contain
- * anything. Install date is the only trusted field here in that it's
- * constructed by Epiphany, but it's a freeform string and we're encoding
- * everything else here anyway, so might as well encode this too.
+ /* Most of these fields are at least semi-trusted. The web app suggests
+ * its own title, which gets used in the app ID and icon URL, but it ought
+ * to be safe because we validate that it is a valid component of a
+ * GApplication ID, which should not permit anything nasty. The icon URL
+ * could be changed by the user to something else after web app creation,
+ * though, so better not fully trust it. Then the app name and the main
+ * URL could contain contain anything at all, so those need to be encoded
+ * for sure. Install date should be fine because it's constructed by
+ * Epiphany.
*/
- html_encoded_id = ephy_encode_for_html_attribute (app->id);
encoded_icon_url = ephy_encode_for_html_attribute (app->icon_url);
encoded_name = ephy_encode_for_html_entity (app->name);
encoded_url = ephy_encode_for_html_entity (app->url);
- js_encoded_id = ephy_encode_for_javascript (app->id);
- encoded_install_date = ephy_encode_for_html_entity (app->install_date);
g_string_append_printf (data_str,
"<tbody><tr id =\"%s\">"
"<td class=\"icon\"><img width=64 height=64 src=\"file://%s\"></img></td>"
@@ -293,9 +292,9 @@ handle_applications_finished_cb (EphyAboutHandler *handler,
"<td class=\"input\"><input type=\"button\" value=\"%s\"
onclick=\"deleteWebApp('%s');\" "
"class=\"destructive-action\"></td>"
"<td class=\"date\">%s <br /> %s</td></tr></tbody>",
- html_encoded_id, encoded_icon_url, encoded_name, encoded_url, _("Delete"),
js_encoded_id,
+ app->id, encoded_icon_url, encoded_name, encoded_url, _("Delete"), app->id,
/* Note for translators: this refers to the installation date. */
- _("Installed on:"), encoded_install_date);
+ _("Installed on:"), app->install_date);
}
g_string_append (data_str, "</table></div></body></html>");
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]