Fix XSS in chrome://webrtc-internals

BUG=459564 Review URL: https://codereview.chromium.org/940633002 Cr-Commit-Position: refs/heads/master@{#317834}
author: jiayl <jiayl@chromium.org> 2015-02-24 10:27:39 -0800
committer: Commit bot <commit-bot@chromium.org> 2015-02-24 18:33:20 +0000
commit: 857722c837cd2047bcd7b04e37deaebbd523cd83 (patch)
tree: 31df81824ba0b2b52831e6c6f6bc0668b6bb4fa9 /content/browser/resources
parent: 15a10b61c1b5e031e627803bd0580e85069da2d4 (diff)
download: chromium_src-857722c837cd2047bcd7b04e37deaebbd523cd83.zip
chromium_src-857722c837cd2047bcd7b04e37deaebbd523cd83.tar.gz
chromium_src-857722c837cd2047bcd7b04e37deaebbd523cd83.tar.bz2
1 files changed, 5 insertions, 3 deletions
diff --git a/content/browser/resources/media/webrtc_internals.js b/content/browser/resources/media/webrtc_internals.js
index 164ef296..3becab1 100644
--- a/content/browser/resources/media/webrtc_internals.js
+++ b/content/browser/resources/media/webrtc_internals.js
@@ -205,9 +205,11 @@ function addPeerConnection(data) {
   if (!peerConnectionElement) {
     peerConnectionElement = tabView.addTab(id, data.url + ' [' + id + ']');
   }
-  peerConnectionElement.innerHTML =
-      '<p>' + data.url + ' ' + data.rtcConfiguration + ' ' + data.constraints +
-      '</p>';
+
+  var p = document.createElement('p');
+  p.textContent = data.url + ', ' + data.rtcConfiguration + ', ' +
+      data.constraints;
+  peerConnectionElement.appendChild(p);
 
   return peerConnectionElement;
 }
author	jiayl <jiayl@chromium.org>	2015-02-24 10:27:39 -0800
committer	Commit bot <commit-bot@chromium.org>	2015-02-24 18:33:20 +0000
commit	857722c837cd2047bcd7b04e37deaebbd523cd83 (patch)
tree	31df81824ba0b2b52831e6c6f6bc0668b6bb4fa9 /content/browser/resources
parent	15a10b61c1b5e031e627803bd0580e85069da2d4 (diff)
download	chromium_src-857722c837cd2047bcd7b04e37deaebbd523cd83.zip chromium_src-857722c837cd2047bcd7b04e37deaebbd523cd83.tar.gz chromium_src-857722c837cd2047bcd7b04e37deaebbd523cd83.tar.bz2