summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--chrome/browser/notifications/desktop_notification_service.cc5
-rw-r--r--chrome/browser/notifications/desktop_notifications_unittest.cc19
2 files changed, 22 insertions, 2 deletions
diff --git a/chrome/browser/notifications/desktop_notification_service.cc b/chrome/browser/notifications/desktop_notification_service.cc
index 6410511..9ece534 100644
--- a/chrome/browser/notifications/desktop_notification_service.cc
+++ b/chrome/browser/notifications/desktop_notification_service.cc
@@ -32,6 +32,7 @@
#include "grit/chromium_strings.h"
#include "grit/generated_resources.h"
#include "grit/theme_resources.h"
+#include "net/base/escape.h"
#include "third_party/WebKit/WebKit/chromium/public/WebNotificationPresenter.h"
using WebKit::WebNotificationPresenter;
@@ -56,8 +57,8 @@ static string16 CreateDataUrl(const GURL& icon_url, const string16& title,
else
subst.push_back(EmptyString16());
- subst.push_back(title);
- subst.push_back(body);
+ subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(title))));
+ subst.push_back(UTF8ToUTF16(EscapeForHTML(UTF16ToUTF8(body))));
if (icon_url.is_valid()) {
subst.push_back(ASCIIToUTF16("block"));
diff --git a/chrome/browser/notifications/desktop_notifications_unittest.cc b/chrome/browser/notifications/desktop_notifications_unittest.cc
index 868cb33..8d0bcf6 100644
--- a/chrome/browser/notifications/desktop_notifications_unittest.cc
+++ b/chrome/browser/notifications/desktop_notifications_unittest.cc
@@ -250,3 +250,22 @@ TEST_F(DesktopNotificationsTest, TestEarlyDestruction) {
}
service_.reset(NULL);
}
+
+TEST_F(DesktopNotificationsTest, TestUserInputEscaping) {
+ // Create a test script with some HTML; assert that it doesn't get into the
+ // data:// URL that's produced for the balloon.
+ EXPECT_TRUE(service_->ShowDesktopNotificationText(
+ GURL("http://www.google.com"),
+ GURL("/icon.png"),
+ ASCIIToUTF16("<script>window.alert('uh oh');</script>"),
+ ASCIIToUTF16("<i>this text is in italics</i>"),
+ 0, 0, DesktopNotificationService::PageNotification, 1));
+
+ MessageLoopForUI::current()->RunAllPending();
+ EXPECT_EQ(1, balloon_collection_->count());
+ Balloon* balloon = (*balloon_collection_->balloons().begin());
+ GURL data_url = balloon->notification().content_url();
+ EXPECT_EQ(std::string::npos, data_url.spec().find("<script>"));
+ EXPECT_EQ(std::string::npos, data_url.spec().find("<i>"));
+}
+
generated by cgit v1.1 at 2025-01-11 12:30:31 +0000