[epiphany/gnome-3-36] about-handler: don't encode app ID (or install date)

commit fd4fd23ce3f553b82f0b1b2339f8786eb1be7901
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Mon Dec 20 10:53:09 2021 -0600

    about-handler: don't encode app ID (or install date)
    We are overencoding here. Epiphany is not prepared to handle the encoded
    app ID, and it is not necessary to encode in the first place because the
    app ID is trusted to be a valid GApplication ID, which cannot contain
    nasty characters.
    However, encoding the URLs here really is necessary, because they really
    could contain nasty content.
    Fixes #1665
    Part-of: <https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1050>

 embed/ephy-about-handler.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)
diff --git a/embed/ephy-about-handler.c b/embed/ephy-about-handler.c
index 855e2ed53..bed26149a 100644
--- a/embed/ephy-about-handler.c
+++ b/embed/ephy-about-handler.c
@@ -264,34 +264,33 @@ handle_applications_finished_cb (EphyAboutHandler       *handler,
     for (p = applications; p; p = p->next) {
       EphyWebApplication *app = (EphyWebApplication *)p->data;
-      g_autofree char *html_encoded_id = NULL;
       g_autofree char *encoded_icon_url = NULL;
       g_autofree char *encoded_name = NULL;
       g_autofree char *encoded_url = NULL;
       g_autofree char *js_encoded_id = NULL;
-      g_autofree char *encoded_install_date = NULL;
-      /* Most of these fields are untrusted. The web app suggests its own title,
-       * which gets used in the app ID and icon URL. The main URL could contain
-       * anything. Install date is the only trusted field here in that it's
-       * constructed by Epiphany, but it's a freeform string and we're encoding
-       * everything else here anyway, so might as well encode this too.
+      /* Most of these fields are at least semi-trusted. The web app suggests
+       * its own title, which gets used in the app ID and icon URL, but it ought
+       * to be safe because we validate that it is a valid component of a
+       * GApplication ID, which should not permit anything nasty. The icon URL
+       * could be changed by the user to something else after web app creation,
+       * though, so better not fully trust it. Then the app name and the main
+       * URL could contain contain anything at all, so those need to be encoded
+       * for sure. Install date should be fine because it's constructed by
+       * Epiphany.
-      html_encoded_id = ephy_encode_for_html_attribute (app->id);
       encoded_icon_url = ephy_encode_for_html_attribute (app->icon_url);
       encoded_name = ephy_encode_for_html_entity (app->name);
       encoded_url = ephy_encode_for_html_entity (app->url);
-      js_encoded_id = ephy_encode_for_javascript (app->id);
-      encoded_install_date = ephy_encode_for_html_entity (app->install_date);
       g_string_append_printf (data_str,
                               "<tbody><tr id =\"%s\">"
                               "<td class=\"icon\"><img width=64 height=64 src=\"file://%s\"></img></td>"
                               "<td class=\"data\"><div class=\"appname\">%s</div><div 
                               "<td class=\"input\"><input type=\"button\" value=\"%s\" 
                               "<td class=\"date\">%s <br /> %s</td></tr></tbody>",
-                              html_encoded_id, encoded_icon_url, encoded_name, encoded_url, _("Delete"), 
+                              app->id, encoded_icon_url, encoded_name, encoded_url, _("Delete"), app->id,
                               /* Note for translators: this refers to the installation date. */
-                              _("Installed on:"), encoded_install_date);
+                              _("Installed on:"), app->install_date);
     g_string_append (data_str, "</table></div></body></html>");

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]