[epiphany/gnome-40] output-encoding: remove JS encoding function
- From: Michael Catanzaro <mcatanzaro src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [epiphany/gnome-40] output-encoding: remove JS encoding function
- Date: Tue, 21 Dec 2021 00:25:52 +0000 (UTC)
commit 2095b9e5131c4d4a36f8907a204a47e6a5e885f1
Author: Michael Catanzaro <mcatanzaro redhat com>
Date: Mon Dec 20 10:55:37 2021 -0600
output-encoding: remove JS encoding function
This is no longer required after #1665.
Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1050>
lib/ephy-output-encoding.c | 19 +++----------------
lib/ephy-output-encoding.h | 5 ++++-
2 files changed, 7 insertions(+), 17 deletions(-)
---
diff --git a/lib/ephy-output-encoding.c b/lib/ephy-output-encoding.c
index 7256059ed..2a7c1d0a8 100644
--- a/lib/ephy-output-encoding.c
+++ b/lib/ephy-output-encoding.c
@@ -38,9 +38,8 @@ ephy_encode_for_html_entity (const char *input)
return g_string_free (str, FALSE);
}
-static char *
-encode_all_except_alnum (const char *input,
- const char *format)
+char *
+ephy_encode_for_html_attribute (const char *input)
{
GString *str;
const char *c = input;
@@ -54,21 +53,9 @@ encode_all_except_alnum (const char *input,
if (g_unichar_isalnum (u))
g_string_append_unichar (str, u);
else
- g_string_append_printf (str, format, u);
+ g_string_append_printf (str, "&#x%02x;", u);
c = g_utf8_next_char (c);
} while (*c);
return g_string_free (str, FALSE);
}
-
-char *
-ephy_encode_for_html_attribute (const char *input)
-{
- return encode_all_except_alnum (input, "&#x%02x;");
-}
-
-char *
-ephy_encode_for_javascript (const char *input)
-{
- return encode_all_except_alnum (input, "\\u%04u;");
-}
diff --git a/lib/ephy-output-encoding.h b/lib/ephy-output-encoding.h
index 7ff6a33bd..7817e7a32 100644
--- a/lib/ephy-output-encoding.h
+++ b/lib/ephy-output-encoding.h
@@ -29,10 +29,13 @@ G_BEGIN_DECLS
*
* You must *carefully* read that document to safely inject untrusted data into
* web content. Here be dragons.
+ *
+ * If tempted to inject untrusted content into JavaScript, then also review:
+ * https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html
+ * and consider not doing that.
*/
char *ephy_encode_for_html_entity (const char *input);
char *ephy_encode_for_html_attribute (const char *input);
-char *ephy_encode_for_javascript (const char *input);
G_END_DECLS
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]