Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-04 05:53:39 +01:00
Code Issues Projects Releases Packages Wiki Activity
servo/components/script
History
bors-servo 144b980df2 Auto merge of #12679 - johannhof:image-inject, r=Manishearth 
Prevent injection vulnerability in image page

This is taking up nox' suggestion from #12542 and creates an img element using Rust code instead of escaping the URL. I will look at the neterror.html URL strings separately, we might do those in a similar way.

To reproduce, visit e.g. the following URL with your vulnerable Servo:
```
https://servo.org/screenshot.png?'onload='document.body.innerHTML=`hacked`'
```

---
- [x] `./mach build -d` does not report any errors
- [x] `./mach test-tidy` does not report any errors
- [x] These changes fix #12542

- [x] These changes do not require tests because this is just fixing up existing behavior and I'm not sure how to test it

r?@jdm

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/12679)
<!-- Reviewable:end -->
2016-08-01 13:27:46 -05:00
..
docs
dom Auto merge of #12679 - johannhof:image-inject, r=Manishearth 2016-08-01 13:27:46 -05:00
parse script: Obtain referrer policy from header 2016-07-15 08:12:24 -07:00
task_source Implement file reading task source 2016-07-14 13:27:42 -04:00
bluetooth_blacklist.rs Add WebBluetooth Blacklist support 2016-05-31 17:05:45 +02:00
build.rs Generate multiple DOM bindings in parallel. 2016-07-22 12:18:14 -04:00
Cargo.toml Auto merge of #12186 - GuillaumeGomez:video-metadata, r=larsbergstrom,jdm,KiChjang 2016-07-29 17:46:42 -05:00
clipboard_provider.rs Remove ConstellationChan. 2016-05-19 17:13:44 +02:00
devtools.rs Removed some sources of panic from script thread and devtools, using Option values instead to indicate when a pipeline context is missing where appropriate. Additionally, removed erroneous method get_browsing_context. 2016-07-25 22:28:04 -04:00
document_loader.rs Integrate service worker manager thread 2016-07-16 23:29:44 +05:30
layout_wrapper.rs style: Remove a few more unuseful traversals now we can. 2016-07-27 11:14:45 -07:00
lib.rs Auto merge of #12186 - GuillaumeGomez:video-metadata, r=larsbergstrom,jdm,KiChjang 2016-07-29 17:46:42 -05:00
makefile.cargo Generate a list of supported DOM APIs from parsed WebIDLs. 2016-07-15 18:13:09 -04:00
mem.rs
network_listener.rs Move boxing to runnable initialization 2016-07-13 11:10:23 -06:00
origin.rs Make script origins sendable and immutable. 2016-05-27 17:16:13 +02:00
script_runtime.rs Correct the call to JS_SetGCZeal. 2016-07-29 10:24:42 +02:00
script_thread.rs Auto merge of #12563 - emilio:stylo, r=bholley,jdm,pcwalton 2016-07-27 17:56:26 -05:00
serviceworker_manager.rs Make the service worker send custom response 2016-07-26 23:16:49 +05:30
textinput.rs Take selection direction into account when setting selection 2016-07-06 16:14:32 -06:00
timers.rs Auto merge of #11872 - eddyb:back-to-roots, r=Ms2ger 2016-07-04 11:03:35 -07:00
unpremultiplytable.rs
webdriver_handlers.rs Removed some sources of panic from script thread and devtools, using Option values instead to indicate when a pipeline context is missing where appropriate. Additionally, removed erroneous method get_browsing_context. 2016-07-25 22:28:04 -04:00