diff options
author | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-06 03:26:14 +0000 |
---|---|---|
committer | inferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-06 03:26:14 +0000 |
commit | 5e81ea70d1c32614b5cb438b05bd2bc8c057fb72 (patch) | |
tree | 73f3ac61375490b9be358f43c0ca70242e217690 | |
parent | 7f9f9cde120ef8431fdc6271cd17a4be0916203f (diff) | |
download | chromium_src-5e81ea70d1c32614b5cb438b05bd2bc8c057fb72.zip chromium_src-5e81ea70d1c32614b5cb438b05bd2bc8c057fb72.tar.gz chromium_src-5e81ea70d1c32614b5cb438b05bd2bc8c057fb72.tar.bz2 |
Fix xss in onListingParsingError by using encodeuri() on the document.location.
Reviewed in http://codereview.chromium.org/1512013
BUG=40147
Test=None
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43693 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | net/base/dir_header.html | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/base/dir_header.html b/net/base/dir_header.html index 51ebf16..ad4ec0a 100644 --- a/net/base/dir_header.html +++ b/net/base/dir_header.html @@ -60,7 +60,8 @@ function start(location) { function onListingParsingError() { var box = document.getElementById("listingParsingErrorBox"); - box.innerHTML = box.innerHTML.replace("LOCATION", document.location + "?raw"); + box.innerHTML = box.innerHTML.replace("LOCATION", encodeURI(document.location) + + "?raw"); box.style.display = ""; } </script> |