Merge 43398 - Patch the XSS in Netinternal viewcache by html encoding "key"

BUG=40137 Test=None Review URL: http://codereview.chromium.org/1543009 TBR=inferno@chromium.org Review URL: http://codereview.chromium.org/1568010 git-svn-id: svn://svn.chromium.org/chrome/branches/249/src@43402 0039d316-1c4b-4281-b951-d872f2087c98
author: inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-04-01 22:58:36 +0000
committer: inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-04-01 22:58:36 +0000
commit: 31d43d02f345b2cae215f481af3539af6ef7c684 (patch)
tree: b0c2591163aa253fef6301d89f9c5797799269fa
parent: 80defe5d9cf28f62de02abae353570e1f89053e4 (diff)
download: chromium_src-31d43d02f345b2cae215f481af3539af6ef7c684.zip
chromium_src-31d43d02f345b2cae215f481af3539af6ef7c684.tar.gz
chromium_src-31d43d02f345b2cae215f481af3539af6ef7c684.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/url_request/view_cache_helper.cc b/net/url_request/view_cache_helper.cc
index b818ba5..2f19529 100644
--- a/net/url_request/view_cache_helper.cc
+++ b/net/url_request/view_cache_helper.cc
@@ -163,7 +163,7 @@ void ViewCacheHelper::GetEntryInfoHTML(const std::string& key,
       data->assign(FormatEntryDetails(entry));
       entry->Close();
     } else {
-      data->assign("no matching cache entry for: " + key);
+      data->assign("no matching cache entry for: " + EscapeForHTML(key));
     }
   }
 }
author	inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-04-01 22:58:36 +0000
committer	inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-04-01 22:58:36 +0000
commit	31d43d02f345b2cae215f481af3539af6ef7c684 (patch)
tree	b0c2591163aa253fef6301d89f9c5797799269fa
parent	80defe5d9cf28f62de02abae353570e1f89053e4 (diff)
download	chromium_src-31d43d02f345b2cae215f481af3539af6ef7c684.zip chromium_src-31d43d02f345b2cae215f481af3539af6ef7c684.tar.gz chromium_src-31d43d02f345b2cae215f481af3539af6ef7c684.tar.bz2