summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorinferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-04-06 03:26:14 +0000
committerinferno@chromium.org <inferno@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-04-06 03:26:14 +0000
commit5e81ea70d1c32614b5cb438b05bd2bc8c057fb72 (patch)
tree73f3ac61375490b9be358f43c0ca70242e217690
parent7f9f9cde120ef8431fdc6271cd17a4be0916203f (diff)
downloadchromium_src-5e81ea70d1c32614b5cb438b05bd2bc8c057fb72.zip
chromium_src-5e81ea70d1c32614b5cb438b05bd2bc8c057fb72.tar.gz
chromium_src-5e81ea70d1c32614b5cb438b05bd2bc8c057fb72.tar.bz2
Fix xss in onListingParsingError by using encodeuri() on the document.location.
Reviewed in http://codereview.chromium.org/1512013 BUG=40147 Test=None git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43693 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--net/base/dir_header.html3
1 files changed, 2 insertions, 1 deletions
diff --git a/net/base/dir_header.html b/net/base/dir_header.html
index 51ebf16..ad4ec0a 100644
--- a/net/base/dir_header.html
+++ b/net/base/dir_header.html
@@ -60,7 +60,8 @@ function start(location) {
function onListingParsingError() {
var box = document.getElementById("listingParsingErrorBox");
- box.innerHTML = box.innerHTML.replace("LOCATION", document.location + "?raw");
+ box.innerHTML = box.innerHTML.replace("LOCATION", encodeURI(document.location)
+ + "?raw");
box.style.display = "";
}
</script>