commit | 24bbdc5f95f80a7700e232a272a6ea1811c0dcaf | [log] [tgz] |
---|---|---|
author | Rob Wu <rob@robwu.nl> | Wed Jan 03 23:42:19 2018 |
committer | Commit Bot <commit-bot@chromium.org> | Fri Jan 05 10:17:38 2018 |
tree | 866f135bdcc5a9d324725267317c63f89d133d40 | |
parent | f1a95e3cea56b7025baf0981fc831707b361f6af [diff] |
Improve sanitization of remoteFrontendUrl in DevTools This change ensures that the decoded remoteFrontendUrl parameter cannot contain any single quote in its value. As of this commit, none of the permitted query params in SanitizeFrontendQueryParam can contain single quotes. Note that the existing SanitizeEndpoint function does not explicitly check for single quotes. This is fine since single quotes in the query string are already URL-encoded and the values validated by SanitizeEndpoint are not url-decoded elsewhere. BUG=798163 TEST=Manually, see https://crbug.com/798163#c1 TEST=./unit_tests --gtest_filter=DevToolsUIBindingsTest.SanitizeFrontendURL Change-Id: I5a08e8ce6f1abc2c8d2a0983fef63e1e194cd242 Reviewed-on: https://chromium-review.googlesource.com/846979 Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Rob Wu <rob@robwu.nl> Cr-Commit-Position: refs/heads/master@{#527250}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .