diff options
| author | johnnyg@chromium.org <johnnyg@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-09 21:47:24 +0000 |
|---|---|---|
| committer | johnnyg@chromium.org <johnnyg@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-09 21:47:24 +0000 |
| commit | e9fdd159ffd94e3e097bd6905d84e6b564b04c2c (patch) | |
| tree | e4255dec2671b7dad55213615758f6f487a919f5 /chrome/browser/notifications/desktop_notification_service.cc | |
| parent | 1ec4e04d215b1952a9ae634a26aa068844cc7c5f (diff) | |
| download | chromium_src-e9fdd159ffd94e3e097bd6905d84e6b564b04c2c.zip chromium_src-e9fdd159ffd94e3e097bd6905d84e6b564b04c2c.tar.gz chromium_src-e9fdd159ffd94e3e097bd6905d84e6b564b04c2c.tar.bz2 | |
Properly escape user input for notifications, since URL-encoded characters are leaking through as HTML in non-HTML notifications.
BUG=45859
TEST=see bug
Review URL: http://codereview.chromium.org/2743007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49328 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/notifications/desktop_notification_service.cc')
| -rw-r--r-- | chrome/browser/notifications/desktop_notification_service.cc | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/chrome/browser/notifications/desktop_notification_service.cc b/chrome/browser/notifications/desktop_notification_service.cc index df61f2f..683af4e 100644 --- a/chrome/browser/notifications/desktop_notification_service.cc +++ b/chrome/browser/notifications/desktop_notification_service.cc @@ -43,24 +43,24 @@ string16 DesktopNotificationService::CreateDataUrl( int resource; string16 line_name; string16 line; - std::vector<string16> subst; + std::vector<std::string> subst; if (icon_url.is_valid()) { resource = IDR_NOTIFICATION_ICON_HTML; - subst.push_back(UTF8ToUTF16(icon_url.spec())); - subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(title)))); - subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(body)))); + subst.push_back(icon_url.spec()); + subst.push_back(EscapeForHTML(UTF16ToUTF8(title))); + subst.push_back(EscapeForHTML(UTF16ToUTF8(body))); } else if (title.empty() || body.empty()) { resource = IDR_NOTIFICATION_1LINE_HTML; line = title.empty() ? body : title; // Strings are div names in the template file. line_name = title.empty() ? ASCIIToUTF16("description") : ASCIIToUTF16("title"); - subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(line_name)))); - subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(line)))); + subst.push_back(EscapeForHTML(UTF16ToUTF8(line_name))); + subst.push_back(EscapeForHTML(UTF16ToUTF8(line))); } else { resource = IDR_NOTIFICATION_2LINE_HTML; - subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(title)))); - subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(body)))); + subst.push_back(EscapeForHTML(UTF16ToUTF8(title))); + subst.push_back(EscapeForHTML(UTF16ToUTF8(body))); } const base::StringPiece template_html( @@ -72,9 +72,9 @@ string16 DesktopNotificationService::CreateDataUrl( return string16(); } - string16 format_string = ASCIIToUTF16("data:text/html;charset=utf-8," - + template_html.as_string()); - return ReplaceStringPlaceholders(format_string, subst, NULL); + std::string data = ReplaceStringPlaceholders(template_html, subst, NULL); + return UTF8ToUTF16("data:text/html;charset=utf-8," + + EscapeQueryParamValue(data, false)); } // A task object which calls the renderer to inform the web page that the |