RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-28 10:25:10 +00:00
Code Issues Activity Actions

LibWeb: URL-encode/escape variables used in OOPWV's crash error page

Browse source 
This fixes arbitrary HTML injections via the URL on OOPWV's crash error
page - probably not a security issue, but annoying nonetheless.
This commit is contained in:
Linus Groh 2021-01-30 21:57:16 +01:00 committed by Andreas Kling
parent ec57c6c836
commit e8aae033f1
1 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Userland/Libraries/LibWeb/OutOfProcessWebView.cpp
View file

@ -26,6 +26,8 @@
#include "OutOfProcessWebView.h"
#include "WebContentClient.h"
#include <AK/String.h>
#include <AK/URLParser.h>
#include <LibGUI/MessageBox.h>
#include <LibGUI/Painter.h>
#include <LibGUI/ScrollBar.h>
@ -60,14 +62,14 @@ void OutOfProcessWebView::create_client()
handle_resize();
StringBuilder builder;
builder.append("<html><head><title>Crashed: ");
builder.append(m_url.to_string());
builder.append(escape_html_entities(m_url.to_string()));
builder.append("</title></head><body>");
builder.append("<h1>Web page crashed");
if (!m_url.host().is_empty()) {
builder.appendff(" on {}", m_url.host());
builder.appendff(" on {}", escape_html_entities(m_url.host()));
}
builder.append("</h1>");
builder.appendff("The web page <a href='{}'>{}</a> has crashed.<br><br>You can reload the page to try again.", m_url, m_url);
builder.appendff("The web page <a href='{}'>{}</a> has crashed.<br><br>You can reload the page to try again.", AK::urlencode(m_url.to_string()), escape_html_entities(m_url.to_string()));
builder.append("</body></html>");
load_html(builder.to_string(), m_url);
};