Reviewers: keishi,
Message:
Keishi, please review this.
Description:
Can't open <select> popup with an <option> text including "</script>".
We should escape "</script>" when we generate an internal HTML document.
BUG=490607
Please review this at
https://codereview.chromium.org/1151153004/
Base URL:
https://chromium.googlesource.com/chromium/blink.git@master
Affected files (+26, -0 lines):
M Source/core/core.gypi
M Source/core/page/PagePopupClient.cpp
A Source/core/page/PagePopupClientTest.cpp
Index: Source/core/core.gypi
diff --git a/Source/core/core.gypi b/Source/core/core.gypi
index
836bddffbb7c940664b8ad6d96ca74555b9cf2da..90a50112a6500f57ae61343e8a4399a8e6938251
100644
--- a/Source/core/core.gypi
+++ b/Source/core/core.gypi
@@ -3890,6 +3890,7 @@
'loader/MixedContentCheckerTest.cpp',
'page/ContextMenuControllerTest.cpp',
'page/NetworkStateNotifierTest.cpp',
+ 'page/PagePopupClientTest.cpp',
'page/PrintContextTest.cpp',
'page/scrolling/ScrollStateTest.cpp',
'paint/DisplayItemListPaintTest.cpp',
Index: Source/core/page/PagePopupClient.cpp
diff --git a/Source/core/page/PagePopupClient.cpp
b/Source/core/page/PagePopupClient.cpp
index
68ba3e91cd07df2edd39cfb857051de8a6025381..ddd4e8401bc4f3491a96d1588a2ac1d5d1b1c383
100644
--- a/Source/core/page/PagePopupClient.cpp
+++ b/Source/core/page/PagePopupClient.cpp
@@ -50,6 +50,10 @@ void PagePopupClient::addJavaScriptString(const String&
str, SharedBuffer* data)
} else if (str[i] == '\\' || str[i] == '"') {
builder.append('\\');
builder.append(str[i]);
+ } else if (str[i] == '<') {
+ // Need to avoid to add "</script>" because the resultant
string is
+ // typically embedded in <script>.
+ builder.append("\\x3C");
} else {
builder.append(str[i]);
}
Index: Source/core/page/PagePopupClientTest.cpp
diff --git a/Source/core/page/PagePopupClientTest.cpp
b/Source/core/page/PagePopupClientTest.cpp
new file mode 100644
index
0000000000000000000000000000000000000000..90ff07ba5c2c8247d37e74e24288236e6ce19a67
--- /dev/null
+++ b/Source/core/page/PagePopupClientTest.cpp
@@ -0,0 +1,21 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "config.h"
+#include "core/page/PagePopupClient.h"
+
+#include <gtest/gtest.h>
+#include <string>
+
+namespace blink {
+
+TEST(PagePopupClientTest, AddJavaScriptString)
+{
+ RefPtr<SharedBuffer> buffer = SharedBuffer::create();
+ PagePopupClient::addJavaScriptString("abc\r\n'\"</script>",
buffer.get());
+ EXPECT_EQ("\"abc\\r\\n'\\\"\\x3C/script>\"",
std::string(buffer->data(), buffer->size()));
+}
+
+} // namespace blink
+