Can't open <select> popup with an <option> text including "</script>". (issue 1151153004 by tkent@chromium.org)

[tk...@chromium.org]

Reviewers: keishi,

Message:
Keishi, please review this.


Description:
Can't open <select> popup with an <option> text including "</script>".

We should escape "</script>" when we generate an internal HTML document.

BUG=490607

Please review this at https://codereview.chromium.org/1151153004/

Base URL: https://chromium.googlesource.com/chromium/blink.git@master

Affected files (+26, -0 lines):
M Source/core/core.gypi
M Source/core/page/PagePopupClient.cpp
A Source/core/page/PagePopupClientTest.cpp


Index: Source/core/core.gypi
diff --git a/Source/core/core.gypi b/Source/core/core.gypi
index
836bddffbb7c940664b8ad6d96ca74555b9cf2da..90a50112a6500f57ae61343e8a4399a8e6938251
100644
--- a/Source/core/core.gypi
+++ b/Source/core/core.gypi
@@ -3890,6 +3890,7 @@
'loader/MixedContentCheckerTest.cpp',
'page/ContextMenuControllerTest.cpp',
'page/NetworkStateNotifierTest.cpp',
+ 'page/PagePopupClientTest.cpp',
'page/PrintContextTest.cpp',
'page/scrolling/ScrollStateTest.cpp',
'paint/DisplayItemListPaintTest.cpp',
Index: Source/core/page/PagePopupClient.cpp
diff --git a/Source/core/page/PagePopupClient.cpp
b/Source/core/page/PagePopupClient.cpp
index
68ba3e91cd07df2edd39cfb857051de8a6025381..ddd4e8401bc4f3491a96d1588a2ac1d5d1b1c383
100644
--- a/Source/core/page/PagePopupClient.cpp
+++ b/Source/core/page/PagePopupClient.cpp
@@ -50,6 +50,10 @@ void PagePopupClient::addJavaScriptString(const String&
str, SharedBuffer* data)
} else if (str[i] == '\\' || str[i] == '"') {
builder.append('\\');
builder.append(str[i]);
+ } else if (str[i] == '<') {
+ // Need to avoid to add "</script>" because the resultant
string is
+ // typically embedded in <script>.
+ builder.append("\\x3C");
} else {
builder.append(str[i]);
}
Index: Source/core/page/PagePopupClientTest.cpp
diff --git a/Source/core/page/PagePopupClientTest.cpp
b/Source/core/page/PagePopupClientTest.cpp
new file mode 100644
index
0000000000000000000000000000000000000000..90ff07ba5c2c8247d37e74e24288236e6ce19a67
--- /dev/null
+++ b/Source/core/page/PagePopupClientTest.cpp
@@ -0,0 +1,21 @@
+// Copyright 2015 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "config.h"
+#include "core/page/PagePopupClient.h"
+
+#include <gtest/gtest.h>
+#include <string>
+
+namespace blink {
+
+TEST(PagePopupClientTest, AddJavaScriptString)
+{
+ RefPtr<SharedBuffer> buffer = SharedBuffer::create();
+ PagePopupClient::addJavaScriptString("abc\r\n'\"</script>",
buffer.get());
+ EXPECT_EQ("\"abc\\r\\n'\\\"\\x3C/script>\"",
std::string(buffer->data(), buffer->size()));
+}
+
+} // namespace blink
+

[kei...@chromium.org]

lgtm



https://codereview.chromium.org/1151153004/

[commi...@chromium.org]

CQ is trying da patch. Follow status at
https://chromium-cq-status.appspot.com/patch-status/1151153004/1


https://codereview.chromium.org/1151153004/

[commi...@chromium.org]

Committed patchset #1 (id:1) as
https://src.chromium.org/viewvc/blink?view=rev&revision=195781

https://codereview.chromium.org/1151153004/